[datatracker-rqmts] Publicly-readable and private/anonymous lists

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 08 December 2010 02:37 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: datatracker-rqmts@core3.amsl.com
Delivered-To: datatracker-rqmts@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F2C03A6848 for <datatracker-rqmts@core3.amsl.com>; Tue, 7 Dec 2010 18:37:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.427
X-Spam-Level:
X-Spam-Status: No, score=-101.427 tagged_above=-999 required=5 tests=[AWL=0.619, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XOvi5XgB4JRs for <datatracker-rqmts@core3.amsl.com>; Tue, 7 Dec 2010 18:37:30 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 3B84E3A6825 for <datatracker-rqmts@ietf.org>; Tue, 7 Dec 2010 18:37:30 -0800 (PST)
Received: from [10.20.30.150] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id oB82ctET039589 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <datatracker-rqmts@ietf.org>; Tue, 7 Dec 2010 19:38:56 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p0624081bc9249d506bb8@[10.20.30.150]>
Date: Tue, 7 Dec 2010 18:36:12 -0800
To: datatracker-rqmts@ietf.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: [datatracker-rqmts] Publicly-readable and private/anonymous lists
X-BeenThere: datatracker-rqmts@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <datatracker-rqmts.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/datatracker-rqmts>, <mailto:datatracker-rqmts-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/datatracker-rqmts>
List-Post: <mailto:datatracker-rqmts@ietf.org>
List-Help: <mailto:datatracker-rqmts-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/datatracker-rqmts>, <mailto:datatracker-rqmts-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2010 02:37:32 -0000

Greetings again. It's time to spin up this list again, and a few people have told me that specifying how public lists are publicly-readable and how private/anonymous lists are created and managed will unblock a bunch of other open issues. There was a lot of interest in these topics at the mic in Beijing.

The current text is below. This is just starting text, and it doesn't cover the idea that some private/anonymous lists might have publicly-readable counterparts if the list owner wants.

So, please say what you think should be done here. Do you have a preference between private and anonymous? Do you have ideas for public lists?

To facilitate the discussion, there will be a WebEx-based telechat on Friday, December 17. Information on that comes in the next message. If we have great consensus before the telechat, we can use that time to move on other open issues.

--Paul Hoffman

======================================

2.1.3.  Requirement: Some lists must be able to be private or anonymous

   Seeing a list of drafts that covers multiple areas of interest can
   tell you something about the person who created the list.  For
   example, you might be able to guess that they might be looking for a
   job in a different field by looking at their list of drafts of
   interest.  Of course, anyone can follow individual drafts today
   without having that be exposed; however, following a particular group
   of drafts can reveal information about a person.

   There is a open issue about whether lists should be default be
   private/anonymous or public, and how that default should be manifest
   in the eventual UI for creating lists.

   The first proposed methods that might keep lists private/anonymous
   are:

   o  Private lists might only be available using passwords or some
      other common authentication mechanism.  This would require that
      the Datatracker have a subscription process for users that could
      assign passwords, and a per-user process for adding lists to a
      user account.  (If the current Datatracker username and login
      scheme is used, the interface needs to be improved so that getting
      a new login, and changing one's password, are significantly
      easier.)
   o  Anonymous lists might be assigned random URLs from a very large
      (2^128) namespace, and the user who creates a list does not tell
      others the assigned URL.  This method makes it impossible for
      someone to search the entire set of assigned lists.  Given that
      the URLs for lists are most likely going to be copy-and-pasted
      anyway, having long random strings in the list's URL is not an
      impediment.

2.1.4.  Requirement: It must be easy for IETF leadership and individuals
        to make lists they create publicly-readable

   Private or anonymous lists are fine for individuals, but publicly-
   readable lists can magnify the value to the whole community.  In
   fact, some early commenters on this document emphasized that
   publicly-readable lists will be more valuable to the IETF than
   helping individuals track documents that are only of interest to
   them.

   Probably the easiest method to implement publicly-readable lists is
   to make them read-only aliases for private or anonymous lists.  This
   would allow the list originators to control the contents of the list
   as normal, but also allow anyone to view the results in the
   Datatracker and/or subscribe to notifications.  There may be other
   methods that would also make sense, and this section might change in
   the future.

   Publicly-readable lists should have short URLs that can be
   transcribed without relying on copy-and-paste.  The names in the URLs
   for lists that are associated with IETF activities (initially, the
   lists created by WG chairs and ADs) can be mnemonic, but other public
   lists should have names that are not mnemonic in order to prevent
   name-squatting.

   It is important to note that publicly-readable lists can only be
   changed by the owners.  Allowing many people to change the contents
   of a list would probably lead to lists that are not very useful to
   typical users.

   Proposed later requirements include having the Datatracker list all
   of the publicly-readable lists (or certainly at least the ones
   associated with IETF activities), and having links from WG pages in
   Datatracker to the publicly-readable lists maintained by the WG
   chairs.