Good discussion. I'm on vacation, and haven't been able (or willing,
heh) to participate much in this discussion. A few points from my
perspective:
- Author names, timestamps, etc. are metadata in my opinion, and
should be stored that way. This implies that we should be storing user
IDs. The nice thing about using IDs that if the login/wiki name
changes, the current name will be displayed. If IDs were also stored
for past revisions, there won't be any problems understanding who the
person is, because it will always reflect the current name. This would
eliminate the "snapshot" issue Janne raised. I am not a Sarbox expert
-- and it should not drive our thinking. But "normalizing" user
references (using IDs and not names) is just good programming
technique, IMHO.
- ACLs, in the future, will need to persist identity references as
IDs. We need to move ACLs out of page markup anyway, because it's
really metadata and not page content. This should be pretty easy to
migrate, ideally at startup. For user input and display purposes, of
course, we should always allow users to view and edit ACLs using plain
old user names, roles and groups.
- For those who are curious (Terry?), we already change user names in
ACLs when the person's login/wiki name changes. So if Terry decides to
change his wiki name from TerryS to Terry, all ACLs that contain
"TerryS" will be chanced correctly.
- User preference properties, today, can and arguably should be stored
with the UserProfile. The UserProfile class was extended (by me) to do
this, and the XML and JDBC UserDatabase implementations also support
this. If we implemented a JCRUserDatabase, they could certainly be
stored in the manner Janne describes. That might be easiest. On the
other hand, one could argue that user prefs (which are specific to
JSPWiki) are in an entirely different topic compared to basic identity
attributes like login name, password, full name. So I think we could
also use the UserDatabases as just an "identity store," whereas prefs
belong to the wiki backend.
Andrew
On Aug 23, 2008, at 10:41 AM, Janne Jalkanen wrote:
On Aug 23, 2008, at 17:31 , Terry Steichen wrote:
OK, just please clarify this issue for me: Under whichever technical
approach that's adopted, will JSPWiki users always be able to clearly
see which other users previously edited a page (and not be
potentially
misled by interim changes in these other users' names)?
That would be my understanding yes - though mislead is an
interesting word: if you change your login name, should the old
pages that have your old name to automatically use your new name, or
still the old name - because at the time when the history was made,
that *was* your name. So you are in a way changing the history...
Which incidentally means that getting a snapshot of a particular
wiki at some point would be different depending on what has been
happening in the repository afterwards.
I don't know whether this is even acceptable in enterprise circles,
e.g. due to Sarbanes-Oxley legislation, etc.
(That could potentially actually be a strong reason to store the
WikiName instead of an userid.)
/Janne
