It seems to me that the the "random stuff in a URI" authentication
scheme is already really used today. For example, say I post pictures
to Picasa. I can mark albums as public or private, and only the
public albums show up on my user page when a random stranger views it,
at a URI of the form:
<http://picasaweb.google.com/username>
However, when I as the owner load a picture or album page, it provides
a URI that I can send to anyone that will show them the picture (but
nothing else) or one that shows the album. These URIs have the form:
<http://picasaweb.google.com/username/albumname?authkey=293590D256FBEE1F75E816
>
(Borrowing Henning's random bytes.)
So it seems like the market is refuting your hypothesis about user
preferences.
--Richard
On Apr 2, 2010, at 5:06 PM, Henning Schulzrinne wrote:
>>
>> One thing that I believe where some misunderstanding starts is that
>> users are expected to hand around new URLs all the time (whenever
>> they
>> fetch new onces from their LIS). This is in theory possible but in
>> practice that might be difficult. Instead, it is more likely that one
>> would want to publish location to a server that fulfills already
>> other
>> rules (such as a presence server alike concept; you could even call
>> Yahoo's FireEagle, Ovi Chat, Google's Latitude). Other uses have a
>> long-term contact point to go to for many reasons already.
>
> On a side note: One of the problems with by-possession URLs is that
> the semantics are not always clear to the user. In other words, by
> looking at the URL, users can't tell that they are giving away their
> location, for example. People include URLs in email messages,
> Twitter posts and web pages all the time, without fully
> understanding the semantics and the consequences. I suspect people
> would be upset if
>
> http://www.facebook.com/henning.schulzrinne
>
> just gave public access (as it does today), while
>
> http://www.facebook.com/henning.schulzrinne/293590D256FBEE1F75E816
>
> gave full access to everything, without further authentication.
>
> Henning
> _______________________________________________
> Geopriv mailing list
> Geopriv@ietf.org
> https://www.ietf.org/mailman/listinfo/geopriv
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
