Subject:
|
Re: Elections and Membership in ldraw.org
|
Newsgroups:
|
lugnet.cad.dev.org.ldraw
|
Date:
|
Tue, 29 Apr 2003 23:47:01 GMT
|
Viewed:
|
7985 times
|
| |
| |
In lugnet.cad.dev.org.ldraw, Kevin L. Clague writes:
> > Alternatively, we could require a LUGNET membership number unless anyone
> > disagrees with that idea, so far I've heard no objections - if there are,
> > we can certainly rethink the idea.
>
> But that membership number would have to be validated with a password to know
> that it is any good. The numbers are easy to find. Validating the number
> against the password would require support from lugnet. Do you think we can
> get it?
I can think of two ways... I'm sure there are probably more.
-=-=-=-=-=-=-=-=-=-=-
One way is for a member at LDraw.org to declare their LUGNET member id in
their LDraw member record and to validate it by declaring their LDraw id in
their LUGNET member record. Thus, if we observe
LUGNET(x,LDraw) == y and LDraw(y,LUGNET) = x ,
then we can trust that the declared id's are correct. Dan Boger proposed
this idea a couple weeks ago as a way for people with Peeron accounts to
declare their LUGNET member id in a way that the LUGNET server could trust
the user and provide more private data such as a private set listing. The
final step to make this work (and it's on my to-do list for soon) is to allow
LUGNET members to declare any number of external id's (for example Peeron,
BrickShelf, BrickLink, AuctionBrick, etc.) and then give checkboxes so that
a person can optionally permit their subsets of their data to be sent to
other sites on a case-by-case basis (the default being to keep everything
private, naturally). Having a per-person checkbox that allows ldraw.org to
query lugnet.com for a user's LDraw id may or may not be necessary. It's
easier to add it at the beginning, though, than to add it later.
-=-=-=-=-=-=-=-=-=-=-
A second way is to create a LUGNET authentication page that other sites can
use to verify a LUGNET member's id. It would go something like this:
On ldraw.org, the user clicks a button that takes them to a special page on
lugnet.com. The button-click is a form-submit that defines three form
fields: the hostname (e.g., ldraw.org), the URL to return to when completed,
and a unique id string. (These would be filled in automatically by the
ldraw.org server and be sent as "hidden" variables in the HTML form.) The
unique id can be any string chosen by ldraw.org -- it can be randomly
constructed, or it can be the person's LDraw id, or whatever. It's just used
as a key string in a key/value pair, and the LUGNET server doesn't have to
know or care anything about it.
OK, so the user is on ldraw.org, and has just clicked a button. A new page,
sent by the lugnet.com server, loads over the current page. On that page,
it explains to the user that he'll/she'll be authenticating himself/herself
for another site, and names that site. The user then signs in to LUGNET (if
they're not already). If successful, a new page appears with a 'Continue'
button which, when clicked, takes them right back to where they were on
ldraw.org. (It does an HTML form post back to the URL specified earlier,
passing the ldraw.org server the key supplied earlier, along with the LUGNET
member id.) Thus, the ldraw.org webserver now knows the person's validated
LUGNET member id, and can store it in their member record on ldraw.org for
future use; a person only needs to do this once.
The two paragraphs above may sound complex, but in terms of user interface,
it's extremely simple and boils down to two cases: either (a) two simple
button clicks, or (b) two simple button clicks and filling in two text fields.
-=-=-=-=-=-=-=-=-=-=-
Either of these methods would be a reliable way for LDraw.org to know someone
based on their LUGNET member id. For people like Anders who aren't a LUGNET
member, I could probably make something similar to the second example above
whereby it validates their email address...a function which will be needed
anyway for upcoming changes on LUGNET in May.
--Todd
|
|
Message has 1 Reply: | | Re: Elections and Membership in ldraw.org
|
| Hi Todd - In lugnet.cad.dev.org.ldraw, Todd Lehman writes: [...] (...) The systems you outlined above sound cool. It would be great if this could help with verifying people based on LUGNET member ID's. -Tim PS - are you by chance switching over to (...) (22 years ago, 30-Apr-03, to lugnet.cad.dev.org.ldraw)
|
Message is in Reply To:
| | Re: Elections and Membership in ldraw.org
|
| (...) myself. (...) can (...) But that membership number would have to be validated with a password to know that it is any good. The numbers are easy to find. Validating the number against the password would require support from lugnet. Do you think (...) (22 years ago, 29-Apr-03, to lugnet.cad.dev.org.ldraw)
|
74 Messages in This Thread:
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|