Currently, anyone with the URL for the merchant's application can edit and submit. Since emails are notoriously insecure, it would be nice to have a way to better authenticate a merchant when they start editing their application. Since the Reseller has already filled out some portion of the application, we can always verify against some application field that has been filled out.
The difficulty will be in finding a field that doesn't have an ambiguous value. Fields such as social security numbers or tax ids or last names would be good candidates. It would also mean making this field required in the App Assistant
Beau Bennett
