Proposal: Why an e-mail based workflow could work!

On Sunday, October 16, 2016 at 7:04:43 AM UTC+2, JWHoneycutt wrote:

    1) I want complete control over my wiki.
    2) I want to make it accessible on the web, and not with a link to my 
Dropbox, or in a way that has my name all over it.
    3) I want it securely encrypted.
    4) I want to know who is logging in to access it, so that I can verify 
their identity. (Facebook login confirmation?)
    5) I want to be able to control what portions of the wiki are 
available, and individually expand what is available over time.
    6) I need to restrict/eliminate the viewer's ability to edit a tiddler.
    7) I need the viewer to be able to provide comments/suggestions for me 
be able to incorporate into the wiki.
    8) I need to create a separate wiki for each different viewer, if they 
chose to enter personal information into it.

    9) This is all about medical records - so the controls have HIPAA and 
legal requirements.


add 1) I want complete control over my wiki.

Not only you want this. Your users may want that too! TiddlyWiki's initial 
design is a locally stored wiki. With everything which is local, you and 
your users have full control. 


add 2) I want to make it accessible on the web, and not with a link to my 
Dropbox, or in a way that has my name all over it.

As I wrote in my reasoning. As soon as it's on the web, it's public. 
Encrypted or not, it will be very hard to delete it. Except, if you own the 
server. And even then, you are bound to local law. 

I don't understand your phrase: "or in a way that has my name all over it." 
Given that you deal with "sensitive private data" I think "trust" is 
involved. I personally wouldn't trust anyone, that I don't know. ... So 
this is confusing for me!?!

Anyway: If you send your locally generated TiddlyWiki's per mail, the mail 
client can use (open)PGP 
https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP encryption. So 
only the recipient with the right key can read your mail conversation and 
the TW content. 

It's not needed to trust the e-mail server, but sure it will be a plus. 
This e-mail server is the only "moving part" here. There are some "throw 
away email services" If we trust PGP, there is no need ot trust the e-mail 
server. It would be nice though, if the service would delete all messages 
after a given time eg. 2 weeks or even less. 


add 3) I want it securely encrypted.

I personally would let the operating system deal with encrypting/decrypting 
the Harddisk and use PGP to send stuff via email. PGP is considered secure, 
if the key length is big enough. ATM 2048 bit if I remember right. 



add 4) I want to know who is logging in to access it, so that I can verify 
their identity. (Facebook login confirmation?)

If you use PGP and emai, both of you are safe, that nobody else can access 
the content. Your receiver can be sure, it was you that sent it and you can 
be sure that only the right recipient can open it. No need for logging and 
leaking information. 


add 5) I want to be able to control what portions of the wiki are 
available, and individually expand what is available over time.

TiddlyWiki allows you to export several tiddlers in a so called 
tiddlers.json file. It contains only those tiddlers, that you exported. You 
can encrypt this file and your client can drag and drop import it to an 
existing locally stored TiddlyWiki. So you can make an "incremental update" 
... or

Or you can mail them a completely new TW file. ... So no complicated 
managing overhead needed.


add 6) I need to restrict/eliminate the viewer's ability to edit a tiddler.

Can be done, but nobody did it yet. Depending on how you send updates see 
add 5) the solution may look different. 


add 7) I need the viewer to be able to provide comments/suggestions for me 
be able to incorporate into the wiki.

That's what e-mail was invented for. Your client just needs to use PGP too 
and you can have an "end to end" encrypted conversation. The e-mail client 
can do all the key management for you. see: 
https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages 
for a possible workflow. .. There is still a learning curve, but it's 
definitely less then a cloud based solution. 


add 8) I need to create a separate wiki for each different viewer, if they 
chose to enter personal information into it.

yes. 


add 9) This is all about medical records - so the controls have HIPAA and 
legal requirements.

This may still be a problem, but my proposed workflow has a lot less 
"moving" components that need to be audited. ... 

As always:
just some thoughts

I'm sure, this process can be improved, but I think it's worth to give it a 
try. 

have fun!

Mario Pietsch

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tiddlywiki+unsubscr...@googlegroups.com.
To post to this group, send email to tiddlywiki@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tiddlywiki/cba19226-86d5-411f-9155-985d17d737d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to