Well done Ian.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Ian Haywood
Sent: Sunday, 3 September 2006 9:36 PM
To: [EMAIL PROTECTED]; General Practice Computing Group Talk
Subject: [GPCG_TALK] Wagtail Web Service: a demonstration version
This is an announcement for a web interface and mailserver for Wagtail,
an open-source clinical messaging
effort. It is not a complete product, and I do not contend it is
superior, or even comparable, to other
products. Instead I'm looking for feedback as to whether this would be
at all useful, and, if so, what the
next steps for development should be.
It is basically an encrypting mailserver written in Python, using
twisted. The default backend
is SQLite, but this can be changed to Postgres, etc. if required.
It allows you to generate GnuPG keys and manage the keyring via the Web
interface,
the interface is designed to be as opaque as possible in key-management:
public keys
are automatically and silently downloaded from the keyserver as required.
To establish the web-of-trust the user nominates someone to 'register' their
key with, the server sends them an encrypted e-mail containing the
contact details they entered
and their public key. The 'registrar' is anyone with a GPG key, who
contacts the new user and quotes
the registration code in the e-mail, when this is typed in through the
web interface,
the server signs the registrar's public key and mails it off. [Question:
does this simplification
compromise the PGP security model?]
The aim here is to basically hide the complexity of key-signing by
making it look
like the registration process that the other messaging providers have.
The difference
is there is an 'open market' for registration.
Once established, the user can send e-mails in one of two ways:
- through the web interface, a basic form for the addressee, patient
name and DOB, and
the message text.
- by configuring their mail client to send to the server via SMTP
(optionally with SSL).This has been
tested with Thunderbird and Outlook Express. These e-mails need to have
a Re: line with name and date of
birth somewhere in the message body (or subject line), so the conversion
to PIT can occur using PITifil
internally (Thanks David)
- Word attachments are internally converted using AbiWord on the
server and then parsed.
Thus the 'Guest criteria' are fulfilled: no local installation of
software (when using a remote server
via SSL), and no change to the specialists' Word->Outlook->Send workflow.
The recipient always gets an encrypted (PGP-MIME) e-mail with a single
attachment,
MIME type application/x-pit.
Received e-mails are available to download through the web interface as
a very basic 'Inbox'
page, and also a Javascript 'auto-download' page, which turns the
web browser (currently only
tested with Firefox) into a pathology downloader.
The public interface is at https://wagtail.bpa.nu, the code at
svn://ozdocit.org/wagtail/wagweb/trunk
Ian Haywood
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
