[Zope] small RFC : how to enhance zopistas' web experience

Jerome Alet alet@librelogiciel.com
Thu, 25 Jul 2002 14:59:49 +0200 

On Thu, Jul 25, 2002 at 08:39:32AM -0400, Jens Vagelpohl wrote:
> 
> >Considering that most Zope users are interested in most of these sites,
> >except when the language is not english, and that some want to
> >really participate, I think this registration process quickly
> >becomes very boring, and remembering all the different passwords
> >is difficult, unless you always use the same which is insecure.
> 
> i'm not sure about that assertion. i think a typical usage pattern is more 
> like "everyone has their own small set of sites they visit regularly". 

probably because registering is boring...

> i think what you *really* want (and the only thing that make bring any 
> kind of difference to users at all) is single sign-on. i log into zope.org 
> and when i jump to zopezen it will recognize and use the credentials i 
> just entered when i visited zope.org.

yes that was it.

> having all users in the same repository will not make much of a difference 
> to users. 

to webmasters it will ;-)

> you still have to "log in" every time you visit a different site.
>  that would not bring any discernible advantage, other than the fact that 
> you would have the same username and password on all those sites. same 
> username and password is kind of bad in itself because if some script 
> kiddie finds out about one login he knows them all.
> 
> problem with centralized user repository: who would be administering such 
> a server? who would be available if one site's webmaster or user has 
> problems and needs assistance?

hey we are not speaking about vital data here.

needs assistance : asks a dedicated ML
all participating webmasters would be user repository admins anyway
(co-opted by the others)

no answer => try IRC or retry later.

the more sites which participate, the better support service we have.

> well, ok, now you have all users in a single directory. i don't see how 
> that would bring the community together more. it makes zero difference to 
> the user, apart from having the same username/password all over.

yes I meant single sign-on to any participating site allows one
to access any other one with the same authentication information.

bye,

Jerome Alet