||Thursday, October 13, 2005
Reading Russell Beattie's post about anonymous forums
got me thinking about how the requirement to register can stop people
from using some types of web applications. The need to remember a
login and password can be a bit of a pain.
My todo application example written in Factor requires registration and I thought I'd try making it not need one. The result is a work-in-progress Anonymous Todo List application.
The user can just click a button to immediately create a todo list.
They get two URL's available once created. The first is an 'edit' URL.
Access this allows the user to add, remove, edit and complete todo item
entries. The second is a 'view' URL. This only allows viewing the
entries. No modifications can be made. The 'view' URL can then be
published for people to keep track of todo progress.
The 'view' URL also has a 'format' option that allows displaying the
todo list as XML (to allow integrating into a website or exporting the
data), or displaying an RSS2 feed of all changes to the todo list.
View only access to the todo list for changes to the application itself is here for example, with an XML and RSS view available.
I'm thinking that maybe the XML and RSS views need to be seperate
URL's. Perhaps a user would want to not allow people to get the XML
view to integrate the list into a website, but would still want them to
view the todo list. Or maybe a way for the todo list owner to combine
functionality and create URL's that can be passed out or be revoked
This anonymous todo list system is written in Factor
using the continuation based web server I wrote for it. In a way the
URL's here are similar to capabilities in a capability based security
system. Patrick Logan commented in the past about the similarity between web continuations and capabilities.
One downside of this 'anonymous' approach is that instead of having to
remember a username and password you have to remember a few opaque
URL's. These should be bookmarked or kept in some sort of registry. If
that's the case then what's the difference between doing that and
writing passwords down for all the registration based systems you'd
normally use. I'm still not sold on this way of doing things.
An upside of the 'anonymous' approach could be that because there is no
link between the todo list and the person creating it (via a userid)
maybe it would get used more often. People would be less worried about
others reading their list - there's no way of tracking it back to them.
© Copyright 2005 Chris Double.