X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/f1f3d4c6e724c2f4c1056dd43460766f7c483965..c00119319be10ac42737118880c167e4eb722abf:/doc/todo/emailauth.mdwn diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn index 88096bee1..ec7b4b96d 100644 --- a/doc/todo/emailauth.mdwn +++ b/doc/todo/emailauth.mdwn @@ -112,3 +112,25 @@ Thoughts anyone? --[[Joey]] >> >> Of course, spammers can troll git repos for emails anyway, so maybe >> this is fine. --[[Joey]] + +>>> I'm not so sure this is OK: user expectations for "a random wiki/blog" +>>> are not the same as for direct git contributions. Common practice for +>>> websites is for email addresses to be only available to the site owner +>>> and/or outsourced services - if ikiwiki doesn't work like this, +>>> I think wiki contributors/blog commenters are going to blame ikiwiki, +>>> not themselves. +>>> +>>> One way to avoid this would be to +>>> [[separate authentication from authorization]], so our account names +>>> would be smcv and joey even on a purely emailauth wiki, with the +>>> fact that we authenticate via email being an implementation detail. +>>> +>>> Another way to do it would be to hash the email address, +>>> so the commit appears to come from +>>> `smcv ` instead of +>>> from `smcv ` - if the hash is of `mailto:whatever` +>>> (like my example one) then it's compatible with +>>> [FOAF](http://xmlns.com/foaf/spec/#term_mbox_sha1sum). +>>> --[[smcv]]a + +>>> Email addresses are now cloaked in commits, using foaf:mbox_sha1sum. --[[Joey]]