Re: New nm.debian.org site is up!
Enrico Zini enr...@enricozini.org writes: On Tue, Mar 06, 2012 at 09:36:42PM +0100, Thijs Kinkhorst wrote: On Tue, March 6, 2012 13:55, Enrico Zini wrote: You should be hearing more about this (and about what is a Debian web password) soon :) Great. Can you tell us something more about that or can we read some discussion somewhere? I'm interested since I've been doing a lot with web auth protocols so I'd like to see if my experiences align with the plans. The idea is to get DACS to work: http://en.wikipedia.org/wiki/Distributed_Access_Control_System_(DACS) but we're talking experiments here and I'm not yet sure if/when it'll actually happen. The advantage of DACS is that the webapp behind it doesn't get to know the password one has entered, so for example I can't setup the nm.d.o webapp to log cleartext passwords and steal your accounts. That's why, although I could probably setup the site to authenticate using Debian's LDAP, if I did that then DSA would (rightfully) want to have a violent word with me. To many of us non-Americans the concept of a middle name may be unknown: most persons here have between one and five given names and a surname; there's no such thing as any name being the 'middle' one, many people have just one and of course we all know at least one person without even a first name. The split between first/middle/last adds in my opinion no value for the NM website - this is confirmed by the code which uses those fields only to form the fullname attribute and to display them in the person info table. Let's just simplify and make the name one string in the data model. If you agree I can see to create a patch. I agree 'middle name' is very culture specific, and even the distinction between first and last name tends to be: we spent some time making sure we deal correctly with Wookey, Intrigeri and Bertagaz, for example. However, that information is collected because we use it to feed Debian's LDAP database when the account is created, and the standards of LDAP schemas used in Debian and in pretty much any LDAP deployment mandate that distinction. Currently the burden of AMs to fill up the first/middle/last name fields and it could lead to confusion, for example when an AM isn't used to the hispanic tradition of having multiple first and last names, or one doesn't know whether the applicant is from a culture that shows the last name first. One can ask of course, but it seems that not many do. Because of this I'm planning to let the applicant fill up those fields by themselves when applying. Sorry about the digression. To go back to the 'middle name' coming across as confusing, what I could do is to hide the middle and last name fields when not used, and only show them in the edit form. Would that make more sense? Ciao, Enrico As a point of reference my full name is Hans Henning Goswin von Brederlow. Brederlow is my last name. Or should that be von Brederlow or Brederlow, von? And yes, I've seen all 3 being used in RL. Hans would be my first name but Goswin is what people call me (my christian name?). So would I put Goswin as my first name and Hans Henning as middle name? Where do I put the von? So you see even for the applicant this is difficult to fill in. Please fill in Dr. Prof. Graf Albert Bert Corin von Debbie zu Erna. MfG Goswin -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87pqcox18w.fsf@frosties.localnet
Re: New nm.debian.org site is up!
On Wed, March 7, 2012 00:36, Enrico Zini wrote: On Tue, Mar 06, 2012 at 09:36:42PM +0100, Thijs Kinkhorst wrote: On Tue, March 6, 2012 13:55, Enrico Zini wrote: You should be hearing more about this (and about what is a Debian web password) soon :) Great. Can you tell us something more about that or can we read some discussion somewhere? I'm interested since I've been doing a lot with web auth protocols so I'd like to see if my experiences align with the plans. The idea is to get DACS to work: http://en.wikipedia.org/wiki/Distributed_Access_Control_System_(DACS) but we're talking experiments here and I'm not yet sure if/when it'll actually happen. The advantage of DACS is that the webapp behind it doesn't get to know the password one has entered, That's of course not really an advantage of DACS but of any 'webSSO'-type federated authentication system. :-) DACS surely sounds like a fit candidate although I haven't actually installed it myself. From my view it seems like SAML 2.0 (a protocol, not a specific type of software; called 'Shibboleth' by some) is going in the direction of being the 'new standard' though, so that may be something to consider. Advantage of a widely-used system is that plugins or methods may already exist for your existing software, e.g. RT. To many of us non-Americans the concept of a middle name may be unknown: I agree 'middle name' is very culture specific, and even the distinction between first and last name tends to be: we spent some time making sure we deal correctly with Wookey, Intrigeri and Bertagaz, for example. However, that information is collected because we use it to feed Debian's LDAP database when the account is created, and the standards of LDAP schemas used in Debian and in pretty much any LDAP deployment mandate that distinction. I'm not so sure about that. In the deployments I've seen there's usually the givenName, sn (common name) pair, something with initials; and the cn (common name, the full name or usual name someone goes by). As we're Debian I've checked the core schema as shipped with Debian openldap and this defines those attributes and as far as I can see doesn't create a concept of middle name. I would find it reasonable for the Debian LDAP to only carry the cn as this accomodates the possible uses Debian has for this data, it accomodates people with one-word names and in my eyes yields just what you want: a string representation of the common name someone goes by. If more distinction of the last nameis required for some reason, givenName + sn will allow that. In any case I don't yet see why there's a need to add a middleName as a field. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/3bf4c9ab653a5726c4efcebca9730bb7.squir...@wm.kinkhorst.nl
Re: New nm.debian.org site is up!
On Wed, Mar 07, 2012 at 09:29:35AM +0100, Goswin von Brederlow wrote: As a point of reference my full name is Hans Henning Goswin von Brederlow. Brederlow is my last name. Or should that be von Brederlow or Brederlow, von? And yes, I've seen all 3 being used in RL. Hans would be my first name but Goswin is what people call me (my christian name?). So would I put Goswin as my first name and Hans Henning as middle name? Where do I put the von? So you see even for the applicant this is difficult to fill in. Please fill in Dr. Prof. Graf Albert Bert Corin von Debbie zu Erna. Thank you for your insightful feedback, but as I mentioned in my previous email, we need to feed LDAP which uses RFC2798[1], which defines the fields we should fill up. Take your patronising sarcasm to IETF if you must, but please keep it away from here. [1] http://www.ietf.org/rfc/rfc2798.txt Ciao, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini enr...@enricozini.org signature.asc Description: Digital signature
Re: New nm.debian.org site is up!
Enrico Zini enr...@enricozini.org writes: On Wed, Mar 07, 2012 at 09:29:35AM +0100, Goswin von Brederlow wrote: As a point of reference my full name is Hans Henning Goswin von Brederlow. Brederlow is my last name. Or should that be von Brederlow or Brederlow, von? And yes, I've seen all 3 being used in RL. Hans would be my first name but Goswin is what people call me (my christian name?). So would I put Goswin as my first name and Hans Henning as middle name? Where do I put the von? So you see even for the applicant this is difficult to fill in. Please fill in Dr. Prof. Graf Albert Bert Corin von Debbie zu Erna. Thank you for your insightful feedback, but as I mentioned in my previous email, we need to feed LDAP which uses RFC2798[1], which defines the fields we should fill up. Take your patronising sarcasm to IETF if you must, but please keep it away from here. [1] http://www.ietf.org/rfc/rfc2798.txt Ciao, Enrico Sorry to offend, that wasn't my intention. MfG Goswin -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87399j7k0t.fsf@frosties.localnet
Re: New nm.debian.org site is up!
Hi Enrico, Thanks for the new website! From the first look, it already seems to do nearly everything that I need :-) On Tue, March 6, 2012 13:55, Enrico Zini wrote: You should be hearing more about this (and about what is a Debian web password) soon :) Great. Can you tell us something more about that or can we read some discussion somewhere? I'm interested since I've been doing a lot with web auth protocols so I'd like to see if my experiences align with the plans. * Helping with development Following good Debian practices, the code for the new site is linked at the bottom of every page; OK, I've got the first request right here. The site insists in displaying names of AM's and NM's divided between First, Middle and Last name (e.g.: at the top of https://nm.debian.org/am/amprofile). To many of us non-Americans the concept of a middle name may be unknown: most persons here have between one and five given names and a surname; there's no such thing as any name being the 'middle' one, many people have just one and of course we all know at least one person without even a first name. The split between first/middle/last adds in my opinion no value for the NM website - this is confirmed by the code which uses those fields only to form the fullname attribute and to display them in the person info table. Let's just simplify and make the name one string in the data model. If you agree I can see to create a patch. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/37c594870515fe71c10b36586f9bd5c8.squir...@wm.kinkhorst.nl
Re: New nm.debian.org site is up!
On Tue, Mar 06, 2012 at 09:36:42PM +0100, Thijs Kinkhorst wrote: On Tue, March 6, 2012 13:55, Enrico Zini wrote: You should be hearing more about this (and about what is a Debian web password) soon :) Great. Can you tell us something more about that or can we read some discussion somewhere? I'm interested since I've been doing a lot with web auth protocols so I'd like to see if my experiences align with the plans. The idea is to get DACS to work: http://en.wikipedia.org/wiki/Distributed_Access_Control_System_(DACS) but we're talking experiments here and I'm not yet sure if/when it'll actually happen. The advantage of DACS is that the webapp behind it doesn't get to know the password one has entered, so for example I can't setup the nm.d.o webapp to log cleartext passwords and steal your accounts. That's why, although I could probably setup the site to authenticate using Debian's LDAP, if I did that then DSA would (rightfully) want to have a violent word with me. To many of us non-Americans the concept of a middle name may be unknown: most persons here have between one and five given names and a surname; there's no such thing as any name being the 'middle' one, many people have just one and of course we all know at least one person without even a first name. The split between first/middle/last adds in my opinion no value for the NM website - this is confirmed by the code which uses those fields only to form the fullname attribute and to display them in the person info table. Let's just simplify and make the name one string in the data model. If you agree I can see to create a patch. I agree 'middle name' is very culture specific, and even the distinction between first and last name tends to be: we spent some time making sure we deal correctly with Wookey, Intrigeri and Bertagaz, for example. However, that information is collected because we use it to feed Debian's LDAP database when the account is created, and the standards of LDAP schemas used in Debian and in pretty much any LDAP deployment mandate that distinction. Currently the burden of AMs to fill up the first/middle/last name fields and it could lead to confusion, for example when an AM isn't used to the hispanic tradition of having multiple first and last names, or one doesn't know whether the applicant is from a culture that shows the last name first. One can ask of course, but it seems that not many do. Because of this I'm planning to let the applicant fill up those fields by themselves when applying. Sorry about the digression. To go back to the 'middle name' coming across as confusing, what I could do is to hide the middle and last name fields when not used, and only show them in the edit form. Would that make more sense? Ciao, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini enr...@enricozini.org signature.asc Description: Digital signature
Re: New nm.debian.org site is up!
Enrico Zini enr...@enricozini.org writes: Â * NM Committee definition changed The NM CTTE definition changed from AMs who approved someone in the last 6 months to AMs that had an applicant become DD in the last 6 months. That is mostly for ease of computation. It should not change much, but it's worth documenting. If you think this is wrong for some good reason, let us know at nm.debian.org Maybe this should be changed to the last 5 still active AMs that had an applicant become DD plus any that had one become DD in the last 6 month. That way the NM Committee would be harder to loose all its members. But lets hope that is a pathological case. MfG Goswin -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87399kyihf.fsf@frosties.localnet