 |
 |
On Mon, 7 Jan 2008, Eric Lease Morgan wrote: > On Jan 7, 2008, at 6:16 AM, David Pattern wrote: > >> What I want to do is put together a small application that will give >> the >> user info from their library account, e.g. >> >> You have 5 books on loan, and 2 >> of them need returning tomorrow. >> Click here to go to your library >> account if you'd like to renew >> them. >> >> Obviously I'd need to figure out a secure and safe way of >> associating a >> Facebook user ID with a specific library account. > > Yes, I've been thinking about the same thing. I think such a thing is > a challenge but not insurmountable. I'm no expert on facebook (I think I've logged into my account all of twice), but I was the archtiect and wrote most of the framework for the first incarnation of the portal for The George Washington University, so I've done some similar linkages before. If you have the ability to add an extra field to your user table, or add a secondary table, I would suggest adding a special 'facebook-only' password in your system. (it could be user supplied, or system generated). The idea of this extra password is that it would _only_ allow read-only access through certain methods, and not the user's typical access. You can provide them a link to log into their account and get other information, but then they'd have to supply their normal password. With the extra password, it's something that could be changed without having to completely remove the user's account and recreating it -- so if something should get shared accidentally, you can remove access. You would also require the user to do something to add this field (it could generate a value, then give them the code they need to insert into Facebook), so they would have to explicitly opt-in. You also have the advantage that it'd require a little bit of extra effort if someone were to take a brute-force approach to get account information. (not that they would, but you never know). I'd be interested to know if anyone sees any flaws with my logic and/or has an alternate solution. ----- Joe Hourcle