dotgnu-auth
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]technical details

From: Albert Scherbinsky
Subject: Re: [Auth]technical details
Date: Fri, 27 Jul 2001 16:46:24 -0400 
Ron Burk wrote:
> 
> >I have also updated my examples to take into account the
> >feedback on the list.
> 
> * Possibly useful to allow the web site to supply the value of a
>     data field in its "request". Idea is that sophisticated web sites
>     could make initial sign-up highly transparent by handing the
>     client his new account name (and/or other information that
>     is generated by the web site -- some sites will assign you a
>     password, and that option becomes more appealing when
>     there's a framework in which the customer never has to see
>     or type the password). This is for web sites that can dynamically
>     generate the appropriate .gnu file.

This is a great idea. It's an undocumented feature.:) You
can just put text between the <INPUT> tags. You can also mix
text and <GET> tags. It's a substitution template.

> * There's a semantic difficulty in the fact that you've started
>     describing a database, besides an interface for requesting
>     information. The former is both more difficult, and may unnecessarily
>     constrain vendors, who already have their database designed.
>     For example, the typical web site just wants to ask for "Credit Card".
>     But the personal information database will want to allow for
>     multiple credit cards, each of which the user can assign a mnemonic
>     name (a name not at all visible in the information request space).
>     Same story with addresses, and even names.

Good. Done.

> * I think(!) I understand the motivation for making a hierarchical
>     namespace of field names. However, I would feel better if the
>     web site could still just use a flat namespace. Most web sites
>     just want "Password", for example. Most web sites don't
>     necessarily want to specify what kind of "address" you should
>     give them. The major exception being when they want to specify
>     that the address should be identical to the billing address for
>     a given credit card.

Ok. Done.

> * Speaking of having the web server supply data to the client,
>     perhaps its useful to allow inclusion of a comment field,
>     for the client software to optionally use to describe why the
>     web server is asking for this.

Good Idea. I think I need to document more.
 
Regards,
Albert

-- 
Albert Scherbinsky
Drop by at: http://members.home.net/alberts/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]