pseudomonas: Dragon from BL manuscript of C14 French Ḥumash (Default)
pseudomonas ([personal profile] pseudomonas) wrote in [site community profile] dw_suggestions2014-04-20 05:04 pm

In Case of Emergency write-only access

Title:
In Case of Emergency write-only access

Area:
Posting

Summary:
Give limited access to a small number of other DW users to make posts on your behalf, with restrictions. [New feature suggestion]

Description:
What I want is a write-only function where (say) I nominate (say) you as an In-Case-of-Emergency poster for if I'm (say) ill in hospital; you can then post to my DW, but without any ability to see locked entries, modify settings, modify circle, or anything else; furthermore there'd be a prominent heading applied to any posts you made saying "posted by [YOURUSERNAMEHERE]", so impersonation wouldn't be possible. I can always delete or modify the posts that you have made on my behalf. Crossposting would work as normal.

Other methods:
a) implement this as an external website, using OpenID to verify you and store my password. Requires competently-run, secure, trustworthy third-party site. Need to remember to log in to that site every time I change my DW password.

b) give you my password. Trusts you to keep it safe, not lose it, and I have to tell you every time I change it. Allows impersonation and account-modification.

c) Give you my post-by-mail credentials. As above, but doesn't allow impersonation, eats an address slot per person, and only works for paid/permanent users.

d) The one that usually gets done these days - you making unlocked posts and hoping that enough of my circle see the post and that I don't have anyone I'd rather didn't know. This has the advantage of being simple, but is really not an effective solution to the problem.

Considerations:
I would favour the poster having the ability to post using any publicly-visible security setting that would let the poster see the post (at least "access-list-only" or "public") and possibly edit posts that they have themselves made (but not remove the header saying that the post was made by them). I don't see much need for anything beyond that; they can comment on posts as themselves.

I would envision small number of people given these posting privileges, though I don't have a particular limit in mind, and I don't see a really good reason to put a hard-limit on things.

There's always a risk that someone will post a malicious or spurious report, but really they can do that *anyway* via method d), it's called lying, and it's a social problem that is solved by only authorizing people that you trust not to do that kind of thing.

Poll #15788 In Case of Emergency write-only access
Open to: Registered Users, detailed results viewable to: All, participants: 53


This suggestion:

View Answers

Should be implemented as-is.
28 (52.8%)

Should be implemented with changes. (please comment)
12 (22.6%)

Shouldn't be implemented.
2 (3.8%)

(I have no opinion)
11 (20.8%)

(Other: please comment)
0 (0.0%)

andrewducker: (Default)

[personal profile] andrewducker 2014-08-09 04:01 pm (UTC)(link)
If we're implementing this kind of additional complex security, then it should probably done with oAuth in mind - because this is exactly the kind of thing oAuth is designed to deal with.

I, the owner of the account, give you, a third party, a token given you access to a limited set of the abilities that I have. I can then invalidate that token at any future point.

Making it generalisable, and applicable to non-DW users, and you've got something which would allow third-party sites to make posts without them having to know your password.
jecook: (+1)

[personal profile] jecook 2014-08-09 05:19 pm (UTC)(link)
*points to icon*
azurelunatic: Azz and best friend grabbing each other's noses.  (Default)

[personal profile] azurelunatic 2014-08-09 06:35 pm (UTC)(link)
Ooo, I like the third-party sites ability too.
andrewducker: (Default)

[personal profile] andrewducker 2014-08-10 08:00 am (UTC)(link)
As someone who runs a third-party site that does this, I'd really appreciate this.

I currently have the passwords (or, md5 hashes thereof) of various DW users, and I don't want them!
trixieleitz: sepia-toned drawing of a woman in Jazz Age costume, relaxing with a glass of wine. Text: Trixie (Default)

[personal profile] trixieleitz 2014-08-10 12:13 am (UTC)(link)
This is my "with changes"
kaberett: Overlaid Mars & Venus symbols, with Swiss Army knife tools at other positions around the central circle. (Default)

[personal profile] kaberett 2014-08-10 02:57 pm (UTC)(link)
+1
montuos: cartoon portrait of myself (Default)

[personal profile] montuos 2014-08-11 04:38 pm (UTC)(link)
+1
azurelunatic: Azz and best friend grabbing each other's noses.  (Default)

[personal profile] azurelunatic 2014-08-09 06:34 pm (UTC)(link)
The specific way I'd like this:

* Allow me to grant moderator/administrator access to my account, as if I were a community
* Make that access a la carte, so I could pick which specific permissions to grant
kaberett: Overlaid Mars & Venus symbols, with Swiss Army knife tools at other positions around the central circle. (Default)

[personal profile] kaberett 2014-08-10 02:57 pm (UTC)(link)
Nice.
numisma: (I will make you don't live!)

[personal profile] numisma 2014-08-11 03:20 am (UTC)(link)
+1
montuos: cartoon portrait of myself (Default)

[personal profile] montuos 2014-08-11 04:40 pm (UTC)(link)
+1

Generally if I had some sort of emergency notification, I'd want it on tighter access than just "access list".

[personal profile] swaldman 2014-08-12 08:59 am (UTC)(link)
I wonder how this would work with / relate to the feature that I think is being worked on where people can have multiple accounts and relate them to one another with certain permissions.