Re: [Auth]simplest logon design proposal

[Charles Iliya Krempeaux]

Hello,

I have some comments.  (Some of this may have come up already...
I've spent most my time on the address@hidden list.)

In the document http://members.home.net/alberts/single.htm ....

> First, we need a standard schema for describing the most common types
> of personal information requested by existing web sites. In other
> words, all parties to the software must agree that "Password" is the
> correct label for the customer's password, "Email" is the string used
> to refer to the customers email address,

Shouldn't that be "e-mail", instead of "email"?  I know "email"
is becoming common, but it shouldn't be encouraged!  Can you
imagine kids in grade school trying to figure out how pronounce
words like "email", "etrade", "ebusiness", etc.  These
versions -- without the dash -- do NOT follow English
spelling rules.

It should be e-mail... or maybe e'mail.  But NOT email.


> To keep the example very simply, suppose that our database schema
> consists of merely two fields: "UserName" and "Password". The meaning
> of "UserName" is "a string that uniquely identifies a single customer
> for this web site". At some web sites, this would take the form of an
> email address. At others, it might be a social security number,

Did you know that using social security numbers in that manner
is illegal in some countries.  In Canada it is illegal.  I'm
not sure about the USA though.



In the document http://members.home.net/alberts/siml.htm ....

> Subscribe/Login example:

[...]
  - refer to the document to see the example SIML file.

Has any work been done on making the address standards
work with all countries.

For example, very few countries have "states".  Most countries
have "provinces"... others have different names for them.  Also,
not everywhere calls it a "Postal Code", some places call it a
"Zip Code".

Has anyone considered how this would work in a country-independent
fashion?  (I'm pretty sure that making it work in all countries
is not as simple as changing the names either!!!)



In the document http://members.home.net/alberts/PIB.htm ....

>    <Address name="Home">
>      <FirstName></FirstName>
>      <LastName></LastName>
>      <Email></Email>
>      <StreetAddress></StreetAddress>
>      <ApartmentNumber></ApartmentNumber>
>      <City></City>
>      <State></State>
>      <Country></Country>
>      <PostalCode></PostalCode>
>      <PhoneAreaCode></PhoneAreaCode>
>      <PhoneNumber></PhoneNumber>
>      <FaxAreaCode></FaxAreaCode>
>      <FaxNumber></FaxNumber>
>    </Address>

Again, has thought been put in to make this work with
all countries in the world... and not just the USA.

-----

I have some other comments.

I don't know if this is really part of these specs, or should
be part of the software that implements and uses them,
or what.  But.... Is there a mechanism to give a warning (to the
user) about what type of info is being automagically given?  For
example, one site may have permission to get what a user name,
password, and address info ONLY... but another site may have
permission to get credit card info too. 

It is likely that the user is not going to pay attention to
what is automagically being given... so is the `user interface'
mechanisms in place to warn the user.  For example:

     "This site want yout credit card info.  Should
      I give it to them?"

     "This site wants your address info.  Should I
      give it to them?"



On 31 Jul 2001 17:52:50 -0400, Albert Scherbinsky wrote:
> 
> With Ron's Blessing I have edited his Single Login proposal
> document to have consistent terminology with my SIML/PIB
> proposals. So, now they form a 3 part document set.(See
> links at the bottom of this post)
> 
> Before submitting these documents, there is one final
> technical issue which I am aware of which I would like to
> clarify first. A SIML file is a definition of an interface
> which may contain more than one action. For instance in the
> case of the 'Single Login' application it contains actions
> called 'Login' and 'Subscribe'. So, it is not enough to load
> the interface, we need a way to invoke a particular action.
> In Ron's proposal he describes two methods for loading a
> SIML file; by specifying an embed tag within an HTML file or
> by directly loading it with an URL. I suggest the following
> conventions for invoking an Action in these two cases.
> 
> <EMBED hidden="true" autostart="true"
> SRC="http://www.webservice.com/SingleLogin.siml";>
>      <PARAM NAME="ACTION" VALUE="Login">
> </EMBED>
> 
> and
> 
> http://www.webservice.com/SingleLogin.siml?ACTION=Login
> 
> Please post your feedback to this list.
> 
> Regards,
> -- 
> Albert Scherbinsky
> Drop by at: http://members.home.net/alberts/
> 
> Conveniently taking back control of our personal
> information:
> Single Login:
> http://members.home.net/alberts/single.htm
> Simple Interface Markup Language:
> http://members.home.net/alberts/siml.htm
> Personal Information Base XML
> http://members.home.net/alberts/PIB.htm
> _______________________________________________
> Auth mailing list
> address@hidden
> http://dotgnu.org/mailman/listinfo/auth