Currently, constituents can use links in BBIS emails to automatically identify themselves to the system for certain purposes (event registration forms, communication preferences forms, etc). However, the existing Profile Display and Profile Update parts require the user to log in.

Versions of these two parts which worked when following a link from a BBIS email without logging in would enable site designers to create "communication hub" interfaces without the requirement for the user to create an account (including the delay introduced by needing to link the user account to a CRM constituent before any data is available). The user could review and update their contact information in the same session as updating their communication preferences.

The reason cited for this functionality not being available to the current Profile Display and Profile Update parts is "security", but the security this provides is merely by obscurity - all contact information for the constituent receiving a BBIS email is trivially available via the UserService endpoint on any BBIS page, and cannot be protected from an attacker with access to an email message sent via CRM/BBIS.

Providing a way for the user to review their contact details without logging in would benefit organisations who wish to avoid an account-based user interaction model, while still allowing for the convenience of adding profile update transactions via BBIS into CRM batches. The existing parts should also remain separately available for those who prefer the additional "security".