hi all, I''m looking at generating and contributing a fairly large number of components over the next (year or so), so I thought it would be a good idea to get a discussion going about a unified ''user model'', since it''s a necessary for sharing apps. I''ve found that an absolute ''lowest common denominator'' approach to a base user model is the best, i.e.: user id created updated email username salt salted_password note that this is intentionally missing a bunch of fields that common sense says to include: first name, last name etc - because people tend to want to implement these things quite differently depending on the application. the field spec above should be used _only_ for apps that need hooks to a common user model - the idea is that you would extend it without having to touch the component code ;) I''d like to use something like this as the basis for a full, real RBAC authentication system: http://csrc.nist.gov/rbac/ We would probably just copy the concepts and structures from binarycloud: https://svn.binarycloud.com/trac/browser/r3/trunk/binarycloud/auth/ Which are a good implementation of the RBAC spec. Obviously the final product for rails would be a lot more simple and 1/5th the LOC, although a lot of the BC LOC are api docs... ;) best, _alex -- alex black, founder the turing studio, inc. 510.666.0074 root-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org http://www.turingstudio.com 2600 10th street, suite 635 berkeley, ca 94710
Personally, I think usernames are overrated and overused, and I haven''t used usernames the last couple of years or so. The email is the username. Your mileage may vary. Regards, Tomas On 5/21/05, alex black <enigma-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org> wrote:> hi all, > > I''m looking at generating and contributing a fairly large number of > components over the next (year or so), so I thought it would be a good > idea to get a discussion going about a unified ''user model'', since it''s > a necessary for sharing apps. > > I''ve found that an absolute ''lowest common denominator'' approach to a > base user model is the best, i.e.: > > user > id > created > updated > email > username > salt > salted_password > > note that this is intentionally missing a bunch of fields that common > sense says to include: first name, last name etc - because people tend > to want to implement these things quite differently depending on the > application. the field spec above should be used _only_ for apps that > need hooks to a common user model - the idea is that you would extend > it without having to touch the component code ;) > > I''d like to use something like this as the basis for a full, real RBAC > authentication system: http://csrc.nist.gov/rbac/ > > We would probably just copy the concepts and structures from > binarycloud: > > https://svn.binarycloud.com/trac/browser/r3/trunk/binarycloud/auth/ > > Which are a good implementation of the RBAC spec. > > Obviously the final product for rails would be a lot more simple and > 1/5th the LOC, although a lot of the BC LOC are api docs... ;) > > best, > > _alex > > > -- > alex black, founder > the turing studio, inc. > > 510.666.0074 > root-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org > http://www.turingstudio.com > > 2600 10th street, suite 635 > berkeley, ca 94710 > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
On 5/21/05, Tomas Jogin <tomasj-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Personally, I think usernames are overrated and overused, and I > haven''t used usernames the last couple of years or so. The email is > the username. Your mileage may vary.So, you *have* usernames, you just happen to use the email address for it then. I''ve been considering doing the same thing, and I''ve seen a lot of sites do this as well; how has it worked out for you? Any negative feedback?
No negative feedback per se, although a few puzzled looks from colleagues and clients, at first. I think a lot of people recognize the problem with forgetting what username they picked at different web sites (especially if they''re "normal" users, not geeks) -- but, not surprisingly, they do tend to remember their own email address. Regards, Tomas On 5/21/05, Michael Campbell <michael.campbell-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On 5/21/05, Tomas Jogin <tomasj-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > Personally, I think usernames are overrated and overused, and I > > haven''t used usernames the last couple of years or so. The email is > > the username. Your mileage may vary. > > So, you *have* usernames, you just happen to use the email address for it then. > > I''ve been considering doing the same thing, and I''ve seen a lot of > sites do this as well; how has it worked out for you? Any negative > feedback? >
On May 21, 2005, at 3:08 PM, Tomas Jogin wrote:> No negative feedback per se, although a few puzzled looks from > colleagues and clients, at first. I think a lot of people recognize > the problem with forgetting what username they picked at different web > sites (especially if they''re "normal" users, not geeks) -- but, not > surprisingly, they do tend to remember their own email address.I use a common username but throwaway email addresses.. jeremy
On Sat, 2005-05-21 at 16:52 -0700, Jeremy Kemper wrote:> On May 21, 2005, at 3:08 PM, Tomas Jogin wrote: > > not > > surprisingly, they do tend to remember their own email address. > > I use a common username but throwaway email addresses.. > jeremyIf it is, as it appears, driven by choice, I''m sure your marketing dept. would rather you capture those emails :)
On May 21, 2005, at 5:03 PM, Lord Khaos wrote:> On Sat, 2005-05-21 at 16:52 -0700, Jeremy Kemper wrote: >> On May 21, 2005, at 3:08 PM, Tomas Jogin wrote: >>> not >>> surprisingly, they do tend to remember their own email address. >> I use a common username but throwaway email addresses.. > If it is, as it appears, driven by choice, I''m sure your marketing > dept. > would rather you capture those emails :)I meant me-as-user ;) random-crap-hRtevi7K+EU+Va1GwOuvDg@public.gmane.org for web forms.. jeremy
We do that for most stuff we do. Hit the occasional problem with hotmail accounts ( and similar ) where we have out of a ton of users... had someones hotmail address lapse and be cancelled due to lack of use and have it show up as a different person... as long as you have a way to deal with that rare circumstance... everything should be fine. Michael Campbell wrote:>On 5/21/05, Tomas Jogin <tomasj-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > >>Personally, I think usernames are overrated and overused, and I >>haven''t used usernames the last couple of years or so. The email is >>the username. Your mileage may vary. >> >> > >So, you *have* usernames, you just happen to use the email address for it then. > >I''ve been considering doing the same thing, and I''ve seen a lot of >sites do this as well; how has it worked out for you? Any negative >feedback? >_______________________________________________ >Rails mailing list >Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org >http://lists.rubyonrails.org/mailman/listinfo/rails > > > >_______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
> Personally, I think usernames are overrated and overused, and I > haven''t used usernames the last couple of years or so. The email is > the username. Your mileage may vary.I provided both because I know many sites either use username/pass or email/pass I stopped using ''usernames'' a long time ago, email address makes sense. If a user wants to change their address, just let them confirm it - other than that as long as you always keep refs to the user as integer FKs you don''t run into any trouble. It seems most people here (cool!) would like to use email only - is it reasonable to say the fields below could be the basis for a lowest common denominator? user id created updated email salt salted_password _a
On May 22, 2005, at 1:28 PM, alex black wrote:>> Personally, I think usernames are overrated and overused, and I >> haven''t used usernames the last couple of years or so. The email is >> the username. Your mileage may vary. >> > > I provided both because I know many sites either use username/pass or > email/pass > > I stopped using ''usernames'' a long time ago, email address makes > sense. > > If a user wants to change their address, just let them confirm it - > other > than that as long as you always keep refs to the user as integer > FKs you > don''t run into any trouble. > > It seems most people here (cool!) would like to use email only - is it > reasonable to say the fields below could be the basis for a lowest > common > denominator? > > user > id > created > updated > email > salt > salted_password > > > _a > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >I was implementing an RBAC system for Mojavi 3 (written in Php) but ended up halting the operation due to the fact Mojavi seemed to be phasing out and the developer left the community in the dark about most of its development. Here is the schema we were working on: http://encytemedia.com/ projects/mauth/attachment/wiki/DatabaseSchema/mauth_schema.2.png It was never finalized, but it might give you some ideas. The binarycloud implementation is a pretty straight forward one but I didn''t see it allowing for fine grain permissions when compared to an ACL style system like phpgacl. You might also find some other notes on http://encytemedia.com/ projects/mauth to be helpful considering both Rails and Mojavi were written with an MVC approach. Both also make use of filters. Also you might be interested in looking at phpgacl''s manual: http://phpgacl.sourceforge.net/manual.pdf The Rails wiki has a few pages about ACL, but what''s posted is not an ACL system, it is indeed an RBAC system...it''s important that we distinguish the difference between the two. Rails might be better suited for an ACL implementation. Regards, Justin Palmer Encytemedia.com Professional User Interface Design for Rails Applications