[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New nm.debian.org site is up!

On Tue, Mar 06, 2012 at 09:36:42PM +0100, Thijs Kinkhorst wrote:

> On Tue, March 6, 2012 13:55, Enrico Zini wrote:
> > You should be hearing more about this (and about what is a Debian web
> > password) soon :)
> Great. Can you tell us something more about that or can we read some
> discussion somewhere? I'm interested since I've been doing a lot with web
> auth protocols so I'd like to see if my experiences align with the plans.

The idea is to get DACS to work:
but we're talking experiments here and I'm not yet sure if/when it'll
actually happen.

The advantage of DACS is that the webapp behind it doesn't get to know
the password one has entered, so for example I can't setup the nm.d.o
webapp to log cleartext passwords and steal your accounts. That's why,
although I could probably setup the site to authenticate using Debian's
LDAP, if I did that then DSA would (rightfully) want to have a violent
word with me.

> To many of us non-Americans the concept of a "middle" name may be unknown:
> most persons here have between one and five given names and a surname;
> there's no such thing as any name being the 'middle' one, many people have
> just one and of course we all know at least one person without even a
> first name.
> The split between first/middle/last adds in my opinion no value for the NM
> website - this is confirmed by the code which uses those fields only to
> form the fullname attribute and to display them in the person info table.
> Let's just simplify and make the name one string in the data model. If you
> agree I can see to create a patch.

I agree 'middle name' is very culture specific, and even the distinction
between first and last name tends to be: we spent some time making sure
we deal correctly with Wookey, Intrigeri and Bertagaz, for example.

However, that information is collected because we use it to feed
Debian's LDAP database when the account is created, and the standards of
LDAP schemas used in Debian and in pretty much any LDAP deployment
mandate that distinction.

Currently the burden of AMs to fill up the first/middle/last name fields
and it could lead to confusion, for example when an AM isn't used to the
hispanic tradition of having multiple first and last names, or one
doesn't know whether the applicant is from a culture that shows the last
name first. One can ask of course, but it seems that not many do.
Because of this I'm planning to let the applicant fill up those fields
by themselves when applying.

Sorry about the digression. To go back to the 'middle name' coming
across as confusing, what I could do is to hide the middle and last name
fields when not used, and only show them in the edit form. Would that
make more sense?



GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

Attachment: signature.asc
Description: Digital signature

Reply to: