Soft security means allowing people significant latitude but tracking who did what, and enabling undesirable changes to be reversed. At least, that's my interpretation - for more ideas on this, see MeatBall:SoftSecurity
. Some features to support this include user logins, ApprovingRegistrations
and TWiki's revision tracking features.
Contrast with TWikiAccessControl
, which uses the more traditional HardSecurity
. One option is to start with SoftSecurity
on a TWiki site, and only institute HardSecurity
if it turns out to be necessary.
- 04 Feb 2002
I think this is a great idea. The Wiki heritage is to not to have security and to have everyone manually sign things (hmmm, just like we do). Hey, why doesn't that silly "here is a signature you can cut'n'paste" thingy have a check box next to it that will just do it for you? But I digress...
I'd like to see passwordless logins as an intermediate step. You still have to login to establish your identity, but who needs to keep track of yet another password? With the version control back end its very hard to actually lose anything even in the presence of a malicious user.
Not only are logins useful for easily tracking who has changed what, they are extremely useful in letting people choose their own skins to view things with.
- 09 Feb 2002
I should clarify perhaps that this is a very old idea and not mine! It goes back to the original WikiWikiWeb
, see Wiki:SoftSecurity
I like the idea of passwordless logins - one key obstacle to increased usage in my company is, amazingly enough, ForgettingPasswords
. See that page for some ideas.
- 09 Feb 2002
The Problem of forgetting passwords doesn't exist if you use password tracking systems, like the keychain of MacOSX
When I edit I never really see, that my browser signs a htaccess-demand for user and password except when it is done for the first time.
It doesn't work on other computers, but I have a central encrypted database of all my passwords, which I can access from my account and I could also login from a foreign computer if I enabled that setting and had a flatrate.
Passwordless systems would create the problem, that anyone could disguise himself as you, except if you would make your computer create a password from some data you provide (i.e. biometric, or a psw-card or button or something similar).
- 20 May 2002