Re: [yaco-liaison-tool] From Field in Liaison Tool

Glen <glen@amsl.com> Mon, 31 January 2011 20:13 UTC

Return-Path: <glen@amsl.com>
X-Original-To: yaco-liaison-tool@core3.amsl.com
Delivered-To: yaco-liaison-tool@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3D9583A6C67 for <yaco-liaison-tool@core3.amsl.com>; Mon, 31 Jan 2011 12:13:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.3
X-Spam-Level:
X-Spam-Status: No, score=-102.3 tagged_above=-999 required=5 tests=[AWL=0.299, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SoDHwlyFjNf9 for <yaco-liaison-tool@core3.amsl.com>; Mon, 31 Jan 2011 12:13:26 -0800 (PST)
Received: from mail.amsl.com (mail.amsl.com [64.170.98.20]) by core3.amsl.com (Postfix) with ESMTP id 82ADB3A6C4D for <yaco-liaison-tool@ietf.org>; Mon, 31 Jan 2011 12:13:26 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by c1a.amsl.com (Postfix) with ESMTP id D9102E0897; Mon, 31 Jan 2011 12:16:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c1a.amsl.com ([127.0.0.1]) by localhost (c1a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I1q5nVixerdu; Mon, 31 Jan 2011 12:16:41 -0800 (PST)
Received: from [192.168.1.111] (173-8-133-91-SFBA.hfc.comcastbusiness.net [173.8.133.91]) by c1a.amsl.com (Postfix) with ESMTPSA id 6F94EE0760; Mon, 31 Jan 2011 12:16:41 -0800 (PST)
Message-ID: <4D4718A8.4040604@amsl.com>
Date: Mon, 31 Jan 2011 12:16:40 -0800
From: Glen <glen@amsl.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: yaco-liaison-tool@ietf.org
References: <D0DD124C-E261-4702-99BB-CC67DA173BBB@amsl.com> <4D46B432.4040600@yaco.es> <4D46E427.4060506@amsl.com> <4D46F14D.6030904@yaco.es>
In-Reply-To: <4D46F14D.6030904@yaco.es>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [yaco-liaison-tool] From Field in Liaison Tool
X-BeenThere: yaco-liaison-tool@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of the Yaco / Liaison Statement Management Tool Project details <yaco-liaison-tool.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/yaco-liaison-tool>, <mailto:yaco-liaison-tool-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yaco-liaison-tool>
List-Post: <mailto:yaco-liaison-tool@ietf.org>
List-Help: <mailto:yaco-liaison-tool-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yaco-liaison-tool>, <mailto:yaco-liaison-tool-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2011 20:13:27 -0000

Hi again everyone -

On 1/31/2011 9:28 AM, "Emilio A. Sánchez López" wrote:
> I'll understand that secretariat staff has to be able to perform any
> action on the system. However, the fact that they can impersonate any
> user does not seem a good idea. In that case you will not be able to
> know if the user X made some change of was a staff user impersonating X.
> But this is only my opinion :)

Just to clarify -

I am certainly not in favor of impersonation.  I am very much in favor 
of accountability, since that protects all parties in all directions.

It should always be the case that it is noted that someone has taken an 
action on behalf of someone else; however, in most cases today the 
database doesn't support this.

I do not want users to have to log in as other users.  I do not want 
people sharing passwords.  That indeed is what I'm trying to AVOID here.

The IETF leadership and community expects the secretariat to be able to 
act on their behalf whenever necessary.  The secretariat requires this 
ability in order to do their jobs.  But as I said previously this needs 
to be addressed more clearly going forward, and that will either be done 
in the form of separate secretariat tools, or in the form of more 
specifics in the contract.  Everything I've said up to here is just 
general stuff, for the future, not about this project.

As far as this project specifically, Emilio, I do not personally expect 
or ask you to take, nor do I necessarily think that you *should* take 
any action here.  I am just trying to help bracket and identify the 
problem here so we can avoid it going forward.  I apologize that I 
failed to make that clear.

For now, our [the secretariat's] plan is to do what we always planned to 
do, which is that, for the moment, we will continue to use the old tool 
as needed, and, going forward, we had already planned to, and will, 
upgrade the secretariat tools we currently use to support whatever new 
functionality your product added.

I appreciate the detail you've sent us in the email, and your 
participation with the IETF on this project.

Best,
Glen