-
Coming from the basecamp Q&A I was redirected to the AscentList information.
I really liked the idea, but I think there should be more detail information about the login process and how the information provided will be used.Currently the site has very little information on the process, and it’s a bit of a ‘faith’ step to provide you with username/password combo, without knowing what will be done with it.
Obviously basecamp hasn’t implemented any OAuth, so the login is a crucial part of the AscentList integration, but the user should be made well aware of how his credentials will be used to pull the information from basecamp.
-
-
Hi TeckniX,
Thanks for stopping by and for sharing your concerns.
Could you give me an example of the kind of info you’d like to see?
I agree that there is an element of good faith involved. Foliovision is five years old (officially and another five years before that as a small web design agency). We are specialists in the real estate and insurance areas (i.e. finance) so we handle private data every day for clients even those who are in direct competition with one another. We take great care to protect their data and we take great care to protect your data.
Only the two programmers specifically working on AscentList have access to the server where we maintain AscentList. One of them has been with Foliovision for over four years and the other has been with Foliovision for more than two years. Peter is completing a Master’s degree in Higher Mathematics and previously did database work for the European Union. Zdenka has a PhD in video processing and also has impeccable references.
Here are what our clients say about us: http://foliovision.com/about/testimonials
We have a large office in the building next to the British Embassy in Bratislava.
Here’s what we look like: http://foliovision.com/about/bios
We do not look at the client accounts ever. If we have to test on an account, we have our own Basecamp account inside the same server.
Does any of the above help?
Making the web work for you, Alec
Hello TeckniX,
I’ll add some technical information to the conversation.
37 Signals suite (BaseCamp including) has OAuth verification. It is done through a token that you can generate inside every product they’re having. The problem is that every product has different token (HighRise has different token than BaseCamp). This creates a bit of unfriendly setup on your part. Also tokens are very inhuman like, whereas to usename and password everybody is used to.
In the end we decided that we want to have a username and password.
Furthermore, 37 Signals still have some problems with OAuth, as you can see in their developer forum if you search a bit. Also they’ve said that they will block usage of username and password for API, but it’s still on (In my opinion it’s because of this). And with token you can get the same information from BaseCamp as with UserName and Password (through API of course). You only make sure that we don’t login directly with your credentials.
On our server credentials are stored only for the duration of your login in Ascent list. They are ciphered with high security cipher (BlowFish) and the pass-phrase is generated for every user uniquely every visit.
We wouldn’t have to store it, but Ascent list offers to remember you on each visit and therefore we need it.
I hope these technical information helps as well.
Best regards,
PeterIt would be great if your service added the ability to:
– Review & Create Milestones
– Add time entry and comments
– Had a desktop widget for Mac OSXThis would allow most users to use AscentList to do most of their daily functions of adding details to projects in a quick and easy fashion.
Am very intrigued by your service, keep up the good work!
Mike
Hi Mike,
Those are very good suggestions. Thank you very much.
I can certainly see how time entry fits in (right now we are using time entry in Freshbooks but we might switch over ourselves as we’ve just moved to an unlimited Freshbooks account which means we can integrate Basecamp and Freshbooks better: our team might work better if they don’t have to go into Freshbooks to manage their time). So we will definitely add the time entry option (probably a global preference so it’s not there for teams who don’t use Basecamp time tracking, with default to on).
Could you elaborate on how you’d like the Milestones features to work?
What would be different about an OS X desktop widget and just using a Fluid browser (what I do now)? What should the Desktop widget do different than the browser version?
Making the web work for you, Alec
Hi Alec,
Thanks for the quick response!
Time entry is one of those things that people hate to do but know they have to. If the time entry could be controlled with Ascent or a Menu-bar app that also displayed their tasks for timers etc, that’d be great.
For the Milestones, I think it would just be good to be able to create a Milestone from Ascent if, for example the client added another element to the campaign so something new needed to be designed – so you could create a milestone and then it’s associated tasks.
As far as a desktop widget, it would just be nice if you could make it a ‘dashboard widget’ to interact with easier by pressing a key and/or the Menu Bar apps. Those work much easier into a busy work stream. (It just seams like to use Basecamp, you have to use all of these different Add-ons to get what you need and each one only does one specific thing so you end up using 4 add-ons just to be able to use it. Sorry, rant. We looked at multiple other systems, but the ease of use for the Project/Calendar/Messages/Files area especially for clients/collaborating teams was the thing that won out.)
Anyway, I’ll give the Fluid App a try too.
Happy New Year!
MikeHi, I’m also considering using the service but didn’t get past the login/signup process because I noticed the signup page isn’t encrypted.
Hi Jason,
As Peter pointed out, we are encrypting the login behind the scenes but you are right, there is still a risk in initial login.
We will make AscentList login https as a priority. Your security is paramount. The signup page will be fixed as well.
Thanks for the suggestion.
Making the web work for you, Alec
Hello Jason,
we installed a verified SSL Certificate, so the signup is encrypted.
Best regards,
PeterHi Mike, Jason, Technix,
Thanks for the suggestions. As of today, our signup is HTTPS with a signed certificate. And all your interaction with your own live ascentlist.com is HTTPS: all your communication is now encrypted and protected with HTTPS.
If anyone runs into any issues, please let us know right away!
Thanks and have a nice weekend!
Peter
