[Sigia-l] defining acct. profile
Christopher Fahey [askrom]
askROM at graphpaper.com
Sun Apr 13 13:44:04 EDT 2003
I wrote:
> Why not have both? Have two features (links/buttons) on
> every discussion page:
> 1) "subscribe/unsubscribe to this discussion"
> (button text changes based on whether or not the user
> is subscribed)
> 2) "more discussion settings"
> (jumps to the appropriate account management page
> where the user can then make more detailed changes)
Okay, I didn't see your later post explaining that the discussion groups
don't require authentication. I generally agree with your stance that
you should never allow one user to change the settings for another user,
but even that can be flexible. I look to Amazon as an example: they have
three levels of authentication: Anonymous, Personalized (insecure,
cookie-based), and Transactional (secure, password protected). Amazon
allows other people to jump on your computer and add items to your wish
list, to change your likes and dislikes. But you cannot buy anything.
If the settings in question are cosmetic, then by all means don't
require authentication. If you really feel that discussion group
settings must be secure, for example if the settings determine how many
emails the user is going to receive in their inbox, then you certainly
must stick to your guns. If the settings determine the font size on the
threaded discussions web page, then it might not be so important. What
are the settings in question, anyway? What do you mean by "manage
subscriptions"?
When it comes to working with your obstinate colleague, you might think
of creative ways (using cookies, context-sensitive tools/links) to
support the legitimate goal of "changing settings without leaving the
discussion group."
Example solution: Show the two links I suggested above only if the user
is authenticated. If they are not logged in, then show a prompt to log
in ("Log In to change your discussion group settings"). Having a big
area dedicated to encouraging the user to log in to the discussion group
isn't such a bad idea, since they certainly can't post without logging
in. Anyway, just because they have to log in to make preferences changes
doesn't mean they have to make all changes in the account management
section. You may be seeing your site as having an "authenticated section
and a non-authenticated section. I'm suggesting that the user's
authentication may be something that carries with them and might have an
affect on all pages. Naturally, such a login would also require a
timeout duration. In fact, your technologist might already be assuming
this structure but may not be explaining it properly.
-Cf
[christopher eli fahey]
art: http://www.graphpaper.com
sci: http://www.askrom.com
biz: http://www.behaviordesign.com
More information about the Sigia-l
mailing list