On Wed, Sep 1, 2010 at 6:42 AM, Magnus <alpineblaster@googlemail.com> wrote:
You're on the right track. Consider separating authentication (who are you) from authorization (what can you do). You have a /guest/ role along side a /user/ role.
-- Hi Thomas,
I have thought about this the whole day now and it really sounds
interesting to me to give it a try with external login, but - if I
understood you right - I see a big disatvantage:
Many applications are not or should not be usable at all when the user
is not logged in. But there are also applications that should be
usable (in a limited way) without login.
Consider eBay: You can search and browse as nobody, but if you want to
sell, you have to sign in. Or consider a chess application: You can
watch everything, but if you want to create a new game, you have to
sign in first. Consider a forum: You can read a lot, but not
everything, but after you login, you can read everything and also
write.
So my problem is that with your method I had to lock out all guest
users that just want to come and see what is going on there!
For now, I am not sure if I understood you right. In addition I am
thinking about a "dummy user" to let guests come into my application,
but I am not sure if this is a solution.
What do you think about this?
You're on the right track. Consider separating authentication (who are you) from authorization (what can you do). You have a /guest/ role along side a /user/ role.
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment