*nod* My thinking is that any model we move to is conceptually better than the current model - again, you may know that tyggerdev "is" really tyggerjai, but you don't know I've given the password to 3 other people. But the devil is in the details, for sure, and as the spec points out, we do run the risk of seeming to have closed a hole when we haven't - if we have associated journals - and not even shared - then people are going to think "Oh, tyggerdev is associated with tyggerjai, so only he has access, so it's *basically* the same as giving tyggerjai access", and not even think about the password sharing problem. But there's really no good answer to that if we still want to keep "logins" for associated journals. Which we do. So assuming we keep passwords for every journal, associated or not, and assuming people keep sharing journals by sharing passwords, the hole is still there. Because it's there now :)
I'm way open to ideas. What I'm trying to avoid here is making a user jump through hoops to get at data they have already "authenticated" for. If you're logged in as dw_annabel, and fic_annabel is associated with that, then by definition you can read posts to which fic_annabel has access. Because by definition you had to have full privileges on fic_annabel to associate them. So why does the system make you log out and in, or even switch identities, when it knows "you" have access rights?
Re: Shared access = massive security hole
I'm way open to ideas. What I'm trying to avoid here is making a user jump through hoops to get at data they have already "authenticated" for. If you're logged in as dw_annabel, and fic_annabel is associated with that, then by definition you can read posts to which fic_annabel has access. Because by definition you had to have full privileges on fic_annabel to associate them. So why does the system make you log out and in, or even switch identities, when it knows "you" have access rights?