[Zope] small RFC : how to enhance zopistas' web experience

Jens Vagelpohl jens@zope.com
Thu, 25 Jul 2002 09:45:47 -0400 

>> i'm not sure about that assertion. i think a typical usage pattern is 
>> more
>> like "everyone has their own small set of sites they visit regularly".
>
> probably because registering is boring...

i'm not sure about the registering thing since you only do that once, 
anyway. what might become boring is the "log in every time" scenario. i am 
so averse to doing that that i shun websites who want you to log in to do 
anything useful.


>> i think what you *really* want (and the only thing that make bring any
>> kind of difference to users at all) is single sign-on. i log into 
>> zope.org
>> and when i jump to zopezen it will recognize and use the credentials i
>> just entered when i visited zope.org.
>
> yes that was it.

single sign-on, like i mentioned in the first email, is a *really hard* 
problem because of the sharing of credentials across domains on the 
browser side.


>> having all users in the same repository will not make much of a 
>> difference
>> to users.
>
> to webmasters it will ;-)

that depends on the webmaster. i assume not all want to basically "share" 
their users' data in that fashion. some might want to retain complete 
control themselves.


>> problem with centralized user repository: who would be administering such
>> a server? who would be available if one site's webmaster or user has
>> problems and needs assistance?
>
> needs assistance : asks a dedicated ML
> all participating webmasters would be user repository admins anyway
> (co-opted by the others)
>
> no answer => try IRC or retry later.
>
> the more sites which participate, the better support service we have.

a few beefs i have with this:

- who would be the "ML"? who would volunteer to be available *and* learn 
about all the ins and outs of the membership system (be it a RDBMS or LDAP 
or whatever) and the code that "talks" to the repository and the code that 
accepts and transforms the "shared credentials"?

- more sites == better support is, IMHO, not correct. more sites does not 
automatically mean more people who actually have a clue about this 
particular membership system beyond "i plopped this client code onto my 
server to participate in the membership thingy". who among those 
webmasters really knows about e.g. LDAP? very very few i would think.

don't get me wrong, i am not attacking the idea. the idea is intriguing. i 
just think it would need *much* more fleshing-out than the current "wouldn'
t it be cool if..." stage. :)


jens