Open elima opened 9 years ago
I feel like we should recast this in terms of use cases. So what I hear you saying is:
We solve this with share links. When you have a capability, you can share it with others, and those shares go via links, and you can email the link to yourself, or omafano can send you the link. Optionally we could associate caps with email addresses, and then that would allow omafano to re-send share links in case of loss. It's possible also to see how many times a share link was visited, resulting in caps installation, so it has some degree of tamper-proofness -- you could see if the backup shares you sent yourself were ever used.
Finally you mention that this strategy wouldn't work if a user disables cookies. I'm not sure what the use case is there TBH. But I guess I would frame it as twofold:
Case (1) works. Case (2) would cause the share link that installs the cookie to notice that in fact the cookie wasn't set, so thereby should give the user a message to allow cookies for that site. Anyway due to the eurocookie law we'd have to explain in the share link that we're installing a cookie when the user clicks OK, so that's fine. Does that satisfy you?
From the Security document, I understand that since no user accounts exist, the way a legitimate owner of a set of photos obtain access to his/her capabilities is by storing a client-side cookie persistently.
This has some important implications:
These issues would be mitigated if the photos are considered partially volatile (and the UI is clear about it), meaning there is no guarantee for permanent storage beyond a browsing session, or after a given period of time. But I suppose Omafano's goal is to be a permanent storage for photos, right?