NOTA BENE - WORK IN PROGRESS - Your Inputs & Thoughts
To comma Workbench - To comma Workbench - Overview Projects - To Technology Laboratory CAcert.org Blog - Certificate Login - To comma Arsenal - CAcert.org Blog
CAcert.org Blog Certificate Login - comma Project Background
User - Blog Authors & Editors
CAcert.org Community Members want certificate login for easy and secure access to CAcert.org Blog
For technically interested Users
comma Use Case(s) or Purpose
- - Stimulation of CAcert.org Community writing blog articles.
- Lower the barriers to entry when registering, writing posts or adding comments.
Benefits for CAcert.org Community & Certificate Users
- - Easy (for those with existing certificates)
- - Enrichment of contribution on the blog about the contributor's knowledge and experience
- - Spam-resistant
- Secure - in this case, secure means strong authentication, Reliable, Traceable. One of us.
comma Campaign Roll-Out
- Description
- received feedback on requirements
- notified board / sysadmin group of design to ensure it was suitable
- deploy solution
- blog post / email to cacert / cacert-members lists
comma Usability Test
- Start Test CW 38 - Inform / Stimulate CAcert.org Community by:
USABILITY Feedbacks (NOT technical) -> on comma - Inputs & Thoughts, below
Technical Feedback to Technology Laboratory CAcert.org Blog - Certificate Login or DanielBlack
Inputs & Thoughts
20090911-DanielBlack
Features: * Author privileges to named certificates * Contributor (moderated posts) for unnamed certificates * Existing accounts still work if you have a certificate for the email address matching your account * Existing accounts will update to Author privileges when a named certificate is presented. * Autoregistration on presenting a certificate to login or manually doing a registration with a certificate. Non-Features: * Due to the complexity and limited time for testing dual support of certificate and password logins has been dropped in favour of only certificate logins. Password logins may be examined if there is a need. The plan is to test it a bit more hopefully next week and deploy it a week after. We'll let you know when it is done. If anyone wants to do a code review let us know. New registrations have been temporarily disabled due to blog spam that I'm feeling obliged to moderate. Thanks,
20091001-DanielBlack
Bit later than expected but its done now. Blog is fully X509 enabled. From never visited the site before and using a named certificate you can, with one click (login), register for the site and have author status ready to write your own contribution. If you only have a WoT unnamed certificate you can write your article it will be spam controlled by the PR people (aka editors). If you had a contributor account and haven't posted anything you have been downgraded to a subscriber (no comment or write a post access) with all the other spammers. The good news is once you login with a certificate you get upgraded to the correct status just as if you'd registered. There is no password authentication any more. As previously mentioned the time taken to make sure both behaved reliably was not possible in the time theadmins had available. Please ignore the big blog upgrade notice - we are using debian security maintained packages and don't need a wordpress upgrade. So get to it - write something interesting.
YYYYMMDD-YourName
Text / Your Statements, thoughts and e-mail snippets, Please
YYYYMMDD-YourName
Text / Your Statements, thoughts and e-mail snippets, Please