[Fedora-infrastructure-list] Account system updates
Dennis Gilmore
dennis at ausil.us
Thu Jul 6 03:38:39 UTC 2006
On Wednesday 05 July 2006 10:20 pm, Elliot Lee wrote:
> Hey Tom! Thanks for keeping us on task here :)
>
> Here are some of the things I have been thinking of for the new
> account system:
>
> For users:
> - Allow listing more than one e-mail address per account
> (linkedin.com is the site I remember doing this right)
> - Clean up the interface
> - Have a top-level menu that is shown on all pages, with quick
> links to different pieces of the account system
> - Allow doing the sign-up process as a wizard-style step-by-step
> interface, instead of a bunch of random links to
> - Make documentation a part of the interface
> - In particular, there is a lot of concern that getting a GPG key
> is too complicated for a lot of people such as translators, who are
> not technical types. We need to make that process as clear and simple
> and documented as possible
can we provide a script for nontechnical types?
> - The user info screen might want to evolve from just an "edit my
> information" screen
All sounds good I read it to mean simpler and more integrated
> For administrators:
> - Clean up the interface
> - With hundreds of users and 10s of groups, we definitely need a
> nicer way to find specific users or groups than paging through them 1
> by 1...
> - The part of the interface where you add users to or remove users
> from a group is clunky. In particular, it's currently possible to add
> a user to a group more than once, and if a user is rejected from a
> group, there is no way to let them come back at a later date and
> reapply...
> - Make the e-mail reminders a bit smarter and nicer to read
> - Allowing administrators to mark membership applications as
> "acknowledged" would be nice for administrators, especially for Extras
> - Allow setting a per-group e-mail message to be sent to people
> when their membership in a group reaches different stages...
> - Allow groups to be members of other groups (i.e. you are a member
> in group B because you are a member in group A, and A is a member of
> B). Can't do this nicely with the current SQL schema. I did it nicely
> with the old Red Hat build system, but it requires using text fields
> instead of numeric IDs to specify the names of the group members...
with the right interface it shouldn't matter if GID's/UID's are numerical or
text
> For everyone:
> - Need more free-form text fields everywhere (e.g. comments that are
> visible only to admins, or whatever). Maybe it should just be
> something that holds XML that is processed by the apps...
> - Privacy issues need to be thought out more clearly and addressed.
> In particular, this relates to what information we store
> - Need to make iron-clad sure that the rewrite does NOT muck with
> the legal issues surrounding the CLA (i.e. we have to continue to
> guarantee that people have submitted the CLA form by a GPG signature
> with a key that is tied to a verified e-mail address)
> - Account System 2.0 should get run by Red Hat's legal department
> to just make them feel comfortable with the change
I would imagine this is a must. We cant freak them out :D
> - On a related note, we need to add proper support for the corporate
> CLA. If we had 'groups being members of other groups' implemented, it
> would be fairly easy to create a group for each corporation that
> signed the CCLA, have each of those groups be a member of the
> cla_done group, and having access to the corporate CLA groups
> administered by a designated contact...
Sounds good. is there many corporate CLA's?
> Behind the scenes:
> - Rewrite the code to be cleaner (maybe use turbogears, or maybe
> that is too heavyweight)
> - Make it easier to embed into other apps, especially the signup
> process (so that Extras can have a custom "sign up as an extras
> contributor" wizard that can easily do the basic account system steps
> as part of its workflow
> - Figure out the whole LDAP vs SQL thing
Why not use both? some thing will be just easier in ldap, some in SQL, use
SQL as a backend to ldap Its a little more work but would provide greatest
flexibility.
> - At the end, port the application interface parts (get_auth,
> have_auth, have_group, etc.) to perl and php so that we can use them
> from all our applications
>
> Hope this helps,
> -- Elliot
--
Dennis Gilmore, RHCE
Proud Australian
More information about the infrastructure
mailing list