I’ve got an interest in self-serve, web-based registration processes. It just comes with the IDAM territory.
I’m just signing up for another web-based service right now. Self-serve, web-based, and had to submit an email address, self-selected username, and password. I tried a phrase with spaces, but that was out of scope for their password policy, so I backed off the spaces. Up to 64 chars MAX. They’re sending me an activation email, so they can be sure that I am me. Oh yah, I also had to pass a CAPTCHA.
Got the email in near real-time. I could click on the embedded Confirm Registration button, or enter the Activation Code on the site. I clicked on the Confirm Registration link, and it kicked an HTTP request back with GET params, including username, and unique activation code.
They also created me a personalized email address that is connected to the account. If I wish, I can email stuff to that address, and it will gateway the content into the back-end storage connected to my account.
See, boot-strapping the identity takes a number of shapes. In this case, they don’t have to request too many attributes from me, and don’t have a high burden of verification. They’ll issue the activation email, and if I get it, I’ll do something about it. If I don’t I imagine the account would get stale, and they would flush it.
Welcome to Evernote.