Use Case: should RPs remember identifiers?
Dan Lyke
danlyke at flutterby.com
Tue Nov 28 23:48:22 UTC 2006
On Tue, 28 Nov 2006 14:35:34 -0800, Dick Hardt wrote:
> Scenario "E" is a different use case where there is "soft auth" until
> a critical function is needed.
I always have an internal struggle here when I'm trying to resolve the
notion of late authentication (give them the comment box, ask 'em to
login if they decide to use it) with the idea of not confusing the
user with too many options. I've also recently had some automated spam
systems take advantage of this because by randomly mashing stuff into
input fields they managed to create a page full of links in my wiki,
and then create a user whose name and password were more fields of
links. I'm not sure that doing things user-first would have prevented
that, but it might have disconnected the notion of authentication from
that of the operation enough that the automated approach wouldn't have
swamped my system.
So to the specifics of Johannes's example, if Alice leaves the public
terminal and Bob comes back, then Bob gets the notion that he can
rollback wiki changes, only to be blocked when he goes to do so. I
guess a big "I'm not Alice" button solves this problem, I just think
that the implementors have to be careful to not give away anything
critical when Bob comes in afterwards.
I'd hate, for instance, to have some deeply religious fundamentalist
use a web browser after I've bought something from Amazon.
Dan
More information about the user-experience
mailing list