Re: [datatracker-rqmts] Publicly-readable and private/anonymous lists
Russ Housley <housley@vigilsec.com> Thu, 09 December 2010 14:33 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: datatracker-rqmts@core3.amsl.com
Delivered-To: datatracker-rqmts@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 60BB828C113 for <datatracker-rqmts@core3.amsl.com>; Thu, 9 Dec 2010 06:33:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.456
X-Spam-Level:
X-Spam-Status: No, score=-102.456 tagged_above=-999 required=5 tests=[AWL=-0.084, BAYES_00=-2.599, SARE_SUB_OBFU_Q1=0.227, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ks5iNKfSDAd3 for <datatracker-rqmts@core3.amsl.com>; Thu, 9 Dec 2010 06:32:59 -0800 (PST)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by core3.amsl.com (Postfix) with ESMTP id EB2AB28C0DC for <datatracker-rqmts@ietf.org>; Thu, 9 Dec 2010 06:32:58 -0800 (PST)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id D78989A47BC; Thu, 9 Dec 2010 09:34:27 -0500 (EST)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id Oom3+sN48Dm9; Thu, 9 Dec 2010 09:34:06 -0500 (EST)
Received: from [128.31.34.232] (31-34-232.wireless.csail.mit.edu [128.31.34.232]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 921309A4743; Thu, 9 Dec 2010 09:34:26 -0500 (EST)
Message-ID: <4D00E8EF.2060100@vigilsec.com>
Date: Thu, 09 Dec 2010 09:34:23 -0500
From: Russ Housley <housley@vigilsec.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6
MIME-Version: 1.0
To: Jim Schaad <ietf@augustcellars.com>
References: <p0624081bc9249d506bb8@[10.20.30.150]> <4CFF5D2E.1080507@levkowetz.com> <4CFFD7E2.7060307@vigilsec.com> <015d01cb9725$7fba21c0$7f2e6540$@augustcellars.com> <4D000815.5090707@vigilsec.com> <017b01cb9779$51052600$f30f7200$@augustcellars.com>
In-Reply-To: <017b01cb9779$51052600$f30f7200$@augustcellars.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: datatracker-rqmts@ietf.org
Subject: Re: [datatracker-rqmts] Publicly-readable and private/anonymous lists
X-BeenThere: datatracker-rqmts@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <datatracker-rqmts.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/datatracker-rqmts>, <mailto:datatracker-rqmts-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/datatracker-rqmts>
List-Post: <mailto:datatracker-rqmts@ietf.org>
List-Help: <mailto:datatracker-rqmts-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/datatracker-rqmts>, <mailto:datatracker-rqmts-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 14:33:00 -0000
Jim: The 'default view' seems like a very different thing, and composing that from a list of lists seems even more ugly than the current datatracker. My comment was about the notifications list. I accept that there is a need for two different things here. Russ On 12/9/2010 3:15 AM, Jim Schaad wrote: > Russ, > > This is not only a list of documents I want notifications for, but a list of > documents that I want to be able to view status using an HTML view a la the > current data tracker. Trying to dig through a large number of documents > here would be troublesome, even if a single list was all that provided > notifications to me. > > Jim > > >> -----Original Message----- >> From: Russ Housley [mailto:housley@vigilsec.com] >> Sent: Wednesday, December 08, 2010 2:35 PM >> To: Jim Schaad >> Cc: datatracker-rqmts@ietf.org >> Subject: Re: [datatracker-rqmts] Publicly-readable and private/anonymous > lists >> >> For what gain? It is the list of documents you want to receive > notifications of >> changes. >> >> Russ >> >> On 12/8/2010 5:15 PM, Jim Schaad wrote: >>> Russ, >>> >>> I don't think you really want to restrict me to a single list. This >>> would just require that I create multiple logins in order to get > multiple lists. >>> >>> Jim >>> >>> >>>> -----Original Message----- >>>> From: datatracker-rqmts-bounces@ietf.org [mailto:datatracker-rqmts- >>>> bounces@ietf.org] On Behalf Of Russ Housley >>>> Sent: Wednesday, December 08, 2010 11:09 AM >>>> To: Henrik Levkowetz >>>> Cc: datatracker-rqmts@ietf.org >>>> Subject: Re: [datatracker-rqmts] Publicly-readable and >>>> private/anonymous >>> lists >>>> >>>> Henrik: >>>> >>>> I agree that lists of lists is causing more complexity than expected. >>>> I >>> think that >>>> putting it aside for now is a good choice. >>>> >>>> I wonder if it would be easier to start with two kinds of lists: >>>> -- public-and-published >>>> -- private-and-unpublished >>>> >>>> The public-and-published are used to follow the documents associated >>>> with >>> a >>>> particular topic. They have a public owner that has agreed to add >>>> and >>> remove >>>> documents as appropriate. This is like the web page that shows the >>> possible >>>> WG and non-WG mail lists that are available to IETF participants. >>>> >>>> The private-and-unpublished are part of a single user's preferences. >>>> They are not shared, and they are owned by that user. Each user gets >>>> one >>> and >>>> only one of them. >>>> >>>> Russ >>>> >>>> On 12/8/2010 5:25 AM, Henrik Levkowetz wrote: >>>>> Hi Paul, >>>>> >>>>> Looking this over, both specification and implementation of these >>>>> notification specifications ('lists') seems to becoming more and >>>>> more complex, and I'm not convinced that the complexity buys us a >>>>> lot. The whole issue comes about because of the decision that >>>>> people should be able to include another list in their notification > list. >>>>> >>>>> I would like to do away with the whole complexity of this by saying >>>>> (at least for this round -- we can always re-open this again when we >>>>> have some practical experience with the first implementation) -- by >>>>> saying that lists can't include other lists, and all lists are >>>>> anonymous and unpublished. >>>>> >>>>> >>>>> Regards, >>>>> >>>>> Henrik >>>>> >>>>> On 2010-12-08 03:36 Paul Hoffman said: >>>>>> Greetings again. It's time to spin up this list again, and a few >>>>>> people >>> have >>>> told me that specifying how public lists are publicly-readable and >>>> how private/anonymous lists are created and managed will unblock a >>>> bunch of other open issues. There was a lot of interest in these >>>> topics at the mic >>> in >>>> Beijing. >>>>>> >>>>>> The current text is below. This is just starting text, and it >>>>>> doesn't >>> cover the >>>> idea that some private/anonymous lists might have publicly-readable >>>> counterparts if the list owner wants. >>>>>> >>>>>> So, please say what you think should be done here. Do you have a >>>> preference between private and anonymous? Do you have ideas for >>>> public >>> lists? >>>>>> >>>>>> To facilitate the discussion, there will be a WebEx-based telechat >>>>>> on >>> Friday, >>>> December 17. Information on that comes in the next message. If we >>>> have >>> great >>>> consensus before the telechat, we can use that time to move on other >>>> open issues. >>>>>> >>>>>> --Paul Hoffman >>>>>> >>>>>> ====================================== >>>>>> >>>>>> 2.1.3. Requirement: Some lists must be able to be private or >>>>>> anonymous >>>>>> >>>>>> Seeing a list of drafts that covers multiple areas of interest can >>>>>> tell you something about the person who created the list. For >>>>>> example, you might be able to guess that they might be looking for > a >>>>>> job in a different field by looking at their list of drafts of >>>>>> interest. Of course, anyone can follow individual drafts today >>>>>> without having that be exposed; however, following a particular >>> group >>>>>> of drafts can reveal information about a person. >>>>>> >>>>>> There is a open issue about whether lists should be default be >>>>>> private/anonymous or public, and how that default should be > manifest >>>>>> in the eventual UI for creating lists. >>>>>> >>>>>> The first proposed methods that might keep lists private/anonymous >>>>>> are: >>>>>> >>>>>> o Private lists might only be available using passwords or some >>>>>> other common authentication mechanism. This would require that >>>>>> the Datatracker have a subscription process for users that > could >>>>>> assign passwords, and a per-user process for adding lists to a >>>>>> user account. (If the current Datatracker username and login >>>>>> scheme is used, the interface needs to be improved so that >>> getting >>>>>> a new login, and changing one's password, are significantly >>>>>> easier.) >>>>>> o Anonymous lists might be assigned random URLs from a very large >>>>>> (2^128) namespace, and the user who creates a list does not > tell >>>>>> others the assigned URL. This method makes it impossible for >>>>>> someone to search the entire set of assigned lists. Given that >>>>>> the URLs for lists are most likely going to be copy-and-pasted >>>>>> anyway, having long random strings in the list's URL is not an >>>>>> impediment. >>>>>> >>>>>> 2.1.4. Requirement: It must be easy for IETF leadership and >>> individuals >>>>>> to make lists they create publicly-readable >>>>>> >>>>>> Private or anonymous lists are fine for individuals, but publicly- >>>>>> readable lists can magnify the value to the whole community. In >>>>>> fact, some early commenters on this document emphasized that >>>>>> publicly-readable lists will be more valuable to the IETF than >>>>>> helping individuals track documents that are only of interest to >>>>>> them. >>>>>> >>>>>> Probably the easiest method to implement publicly-readable lists > is >>>>>> to make them read-only aliases for private or anonymous lists. > This >>>>>> would allow the list originators to control the contents of the > list >>>>>> as normal, but also allow anyone to view the results in the >>>>>> Datatracker and/or subscribe to notifications. There may be other >>>>>> methods that would also make sense, and this section might change > in >>>>>> the future. >>>>>> >>>>>> Publicly-readable lists should have short URLs that can be >>>>>> transcribed without relying on copy-and-paste. The names in the >>> URLs >>>>>> for lists that are associated with IETF activities (initially, the >>>>>> lists created by WG chairs and ADs) can be mnemonic, but other >>> public >>>>>> lists should have names that are not mnemonic in order to prevent >>>>>> name-squatting. >>>>>> >>>>>> It is important to note that publicly-readable lists can only be >>>>>> changed by the owners. Allowing many people to change the > contents >>>>>> of a list would probably lead to lists that are not very useful to >>>>>> typical users. >>>>>> >>>>>> Proposed later requirements include having the Datatracker list > all >>>>>> of the publicly-readable lists (or certainly at least the ones >>>>>> associated with IETF activities), and having links from WG pages > in >>>>>> Datatracker to the publicly-readable lists maintained by the WG >>>>>> chairs. >>>>>> _______________________________________________ >>>>>> datatracker-rqmts mailing list >>>>>> datatracker-rqmts@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/datatracker-rqmts >>>>>> >>>>> _______________________________________________ >>>>> datatracker-rqmts mailing list >>>>> datatracker-rqmts@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/datatracker-rqmts >>>>> >>>> _______________________________________________ >>>> datatracker-rqmts mailing list >>>> datatracker-rqmts@ietf.org >>>> https://www.ietf.org/mailman/listinfo/datatracker-rqmts >>> >>> > >
- [datatracker-rqmts] Publicly-readable and private… Paul Hoffman
- Re: [datatracker-rqmts] Publicly-readable and pri… Henrik Levkowetz
- Re: [datatracker-rqmts] Publicly-readable and pri… Russ Housley
- Re: [datatracker-rqmts] Publicly-readable and pri… Jim Schaad
- Re: [datatracker-rqmts] Publicly-readable and pri… Paul Hoffman
- Re: [datatracker-rqmts] Publicly-readable and pri… Russ Housley
- Re: [datatracker-rqmts] Publicly-readable and pri… Jim Schaad
- Re: [datatracker-rqmts] Publicly-readable and pri… Jim Schaad
- Re: [datatracker-rqmts] Publicly-readable and pri… Tero Kivinen
- Re: [datatracker-rqmts] Publicly-readable and pri… Henrik Levkowetz
- Re: [datatracker-rqmts] Publicly-readable and pri… Henrik Levkowetz
- Re: [datatracker-rqmts] Publicly-readable and pri… Russ Housley
- Re: [datatracker-rqmts] Publicly-readable and pri… Paul Hoffman