tag:blogger.com,1999:blog-8840979806248747743.post3082195458487620539..comments2023-04-17T02:09:59.165-07:00Comments on thisDev: One Down, One UpRoy Lebanhttp://www.blogger.com/profile/08749140682886637193noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-8840979806248747743.post-15768992451281897002008-12-15T11:17:00.000-08:002008-12-15T11:17:00.000-08:00@Roy, what about allowing users to link multiple a...@Roy, what about allowing users to link multiple account identifiers into a single account/identity? Allow them to sign in with any associated email address and view/manage the union of sets of objects shared with any of the linked addresses.<BR/><BR/>I'll stop pleading my case from here. I recognize that I might be in the whiny minority of your potential users, and don't want to earn the "whiny" part.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8840979806248747743.post-65690513881703358302008-12-15T00:50:00.000-08:002008-12-15T00:50:00.000-08:00@Scott: There are two issues here. One is transfer...@Scott: There are two issues here. One is transferability of permissions and the other is whether I refer to people by email addresses instead of GAE user key. I can support one without the other, but I'm not sure that I want to, particularly in the company case<BR/><BR/>Transferability of permissions seems like a security problem in general. In the company case, it would mean that users who transfer their permissions (and are not using an @company.com email address) get treated differently.<BR/><BR/>Even if I allow you to transfer permissions from one Google ID to another, you'd still have to sign in at least once with the Google ID that was given permissions. The reason for this is that email notification of permission changes are just that -- notifications. They're not invite links or codes.<BR/><BR/>Basically, it sucks that you can only be signed into one Google ID at a time and it sucks that signing into Groupthink Projects with a new Google ID signs you out of the previous Google ID on every other site that uses Google Auth. Well, sort of. Some sites, like Puzzazz, remember the fact that you're logged in, even if the current Google Auth login changes. If every site did that, the problem would go away.<BR/><BR/>Groupthink does do that, so once you login once, provided you don't sign out, it will remember you. But you can't currently be signed in as more than one email address at a time. I can look into changing that.Roy Lebanhttps://www.blogger.com/profile/08749140682886637193noreply@blogger.comtag:blogger.com,1999:blog-8840979806248747743.post-90219203568841106832008-12-14T23:56:00.000-08:002008-12-14T23:56:00.000-08:00Now that I read more closely, I see that you're de...Now that I read more closely, I see that you're defending doing it the wrong way.<BR/><BR/>The "sharing with exactly who they think it is" part is hooey. If they trust me (the person) enough to share it with me, it shouldn't matter which of my accounts I ultimately sign in to access the resource. I'm fine with you continuing to display the email address that they originally invited, but I do _not_ want to have to sign out of my favorite Google account just because someone used one of my less preferred email addresses for a sharing invitation.<BR/><BR/>Security-wise, your model already trusts the recipient email account to be used as the primary vehicle for re-keying the underlying Google account (think "I forgot my password"), so it's not like a long URL that can be bound to exactly one arbitrary email address is weakening any of your security assumptions.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8840979806248747743.post-65193560906018739922008-12-14T23:50:00.000-08:002008-12-14T23:50:00.000-08:00There might be enough information here for me to p...There might be enough information here for me to prove to myself that you're not doing what I'm about to complain about, but I'll complain anyway.<BR/><BR/>I hate it when I receive a sharing invitation sent to one of my email addresses and then can't migrate the object that I was invited to share to be accessed by my preferred account. Google Docs and Windows Live's freshly shipped social network application both do this.<BR/><BR/>Does your sharing model handle this the right way (for inspiration, see Live Mesh), or the wrong way?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8840979806248747743.post-42901458562920299262008-12-13T23:16:00.000-08:002008-12-13T23:16:00.000-08:00@Mike: I had wanted to talk with you about this on...@Mike: I had wanted to talk with you about this on Friday (because I know go2.me is doing it differently), but then I forgot.<BR/><BR/>I think my needs are different from both go2.me and Puzzazz because of the sharing aspect and the fact that I'm targeting small companies. I want people to trust that when they share with someone, it's exactly the person they think it is, because they have the right email address. I also don't want to show nicknames instead of email address because I think that will look sloppy, security-wise. I could see showing "real names" when I add company-specific features.<BR/><BR/>To describe my new design simply -- when you share with someone, you share with their email address. And the way that the person proves that they own that email address is to sign in with the corresponding Google ID.Roy Lebanhttps://www.blogger.com/profile/08749140682886637193noreply@blogger.comtag:blogger.com,1999:blog-8840979806248747743.post-35971522598871529312008-12-13T15:54:00.000-08:002008-12-13T15:54:00.000-08:00The Go2.me user management system I just finished ...The Go2.me user management system I just finished uses a "nickname/username" as the unique key for a user. While I use nicknames for anonymous users, I create a Profile (I like your model name, Member, better) when the user authenticates (currently, the only authentication method is Google account).<BR/><BR/>But I would NOT tie a user to a unique email address - it can change. I like getting a non-email nickname as the identifier for a user. You can enforce that they can't change and is globally unique.<BR/><BR/>You then have the option to decide if email address are unique to one user, or if they can have several, or even if several accounts can use the same email address.<BR/><BR/>I made the simplification that one GAE account maps to one user - but at first I allowed multiple users to be mapped to one GAE user - e.g., I have multiple twitter accounts for different "personae".Mike Kosshttps://www.blogger.com/profile/16991627140888922439noreply@blogger.comtag:blogger.com,1999:blog-8840979806248747743.post-72864425061728541752008-12-13T15:09:00.000-08:002008-12-13T15:09:00.000-08:00That's a good question. I simplified the situation...That's a good question. I simplified the situation a bit in the blog post. The actual user model objects are owned by GAE, not me (because I'm using Google ID for auth). I can't create them and I can't look up a user by email address (or any other way). The only way to get one is to have a signed-in user. Once I have that, I can save a reference to the user and use it when they're not signed in.<BR/><BR/>Because I can't add anything to the user model, I have a Member table that contains extra information about the user. The Member table maps 1-1 to users and the permissions actually point to Member records, not to users.<BR/><BR/>I could create a Member record the first time that I see an email address, but that would basically mean that I have the same problem -- I've just moved it. Rather than the permissions having either a Member or an email address, permissions would always point to a Member, but now Members would either point to a user or have an email address.<BR/><BR/>With the change, I always have an email address, Member records have an email address, and I can look them up that way. When you give permissions, you are giving them to an email address. If Google ever provides a way to change the email address associated with a Google ID, then I might have some extra work to do, but that may never happen.Roy Lebanhttps://www.blogger.com/profile/08749140682886637193noreply@blogger.comtag:blogger.com,1999:blog-8840979806248747743.post-63371865538579045362008-12-13T05:52:00.000-08:002008-12-13T05:52:00.000-08:00Why not just create a new user when you see a new ...Why not just create a new user when you see a new email address? You can fill in the details later when that person desides to sign in.Anonymousnoreply@blogger.com