Re: [111attendees] Why do we allow people to edit CodiMD meeting notes who are not logged in?

Carsten Bormann <cabo@tzi.org> Sun, 01 August 2021 15:47 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: 111attendees@ietfa.amsl.com
Delivered-To: 111attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D13703A4012; Sun, 1 Aug 2021 08:47:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzYHESdXzmQz; Sun, 1 Aug 2021 08:47:22 -0700 (PDT)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [134.102.50.15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE67A3A400A; Sun, 1 Aug 2021 08:47:21 -0700 (PDT)
Received: from [192.168.217.118] (p548dcc89.dip0.t-ipconnect.de [84.141.204.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4Gd59b3Zdrz31Ml; Sun, 1 Aug 2021 17:47:14 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <7A01A718-246F-4DFD-B522-EC4D7C945199@akamai.com>
Date: Sun, 1 Aug 2021 17:47:08 +0200
Cc: "111attendees@ietf.org" <111attendees@ietf.org>
X-Mao-Original-Outgoing-Id: 649525628.790176-9ed54a48aa6675089aa655fd59178deb
Content-Transfer-Encoding: quoted-printable
Message-Id: <72755DA5-56E8-4DF9-A2B6-2BBDD315094A@tzi.org>
References: <8a1018d3-62da-a740-72d6-bb370af71a9e@joelhalpern.com> <20210731193455.C04E625657CF@ary.qy> <7A01A718-246F-4DFD-B522-EC4D7C945199@akamai.com>
To: Tools Discussion <tools-discuss@ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/111attendees/dR-dDfTmTjPSp8PLvkT_H9_bij0>
Subject: Re: [111attendees] Why do we allow people to edit CodiMD meeting notes who are not logged in?
X-BeenThere: 111attendees@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for IETF 111 attendees <111attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/111attendees>, <mailto:111attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/111attendees/>
List-Post: <mailto:111attendees@ietf.org>
List-Help: <mailto:111attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/111attendees>, <mailto:111attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Aug 2021 15:47:25 -0000

OK, so the summary of the 111attendees discussion is that we don’t want unauthenticated write access to meeting notes.  Less well-discussed is that the authorization rule is that anyone with a datatracker account has write access, but I think that implementing anything more granular (e.g., attendee status for the meeting that generated the minutes) would be actual work.

The authorization rule seems to correspond to CodiMD’s “editable”, which is therefore the setting we should choose for meeting notes.  Whether we can do that automatically from the place where the meetings are assigned codimd names or have to do this manually is then a procedural thing to be discussed on tools-discuss.

Grüße, Carsten