[cap-talk] CapWiki sources ?

Jed Donnelley jed at nersc.gov
Fri Apr 4 19:02:55 CDT 2008


On 4/4/2008 4:11 PM, Pierre THIERRY wrote:
> Scribit David Chizmadia (Home) dies 04/04/2008 hora 18:24:
>> As Shap has noted in other threads, most wiki owners aren't really
>> looking for an OCap access model to protect their wiki pages.
> 
> The reality is subtly different: most wiki owners aren't expecting any
> advanced access model to protect their wiki pages. The whole wiki model
> tends to advocate that access acontrol isn't necessary to protect
> because version control is enough.

Huh??  While I admit I've seen some evidence of this attitude,
I believe that where the rubber meets the road there are very
many applications of wikis that require effective access control.

I know for a fact that we have three wikis at NERSC (all running
the twiki wiki incidentally) where access control is vital.
Since the access control mechanisms available with the wiki
are so broken, we make do with LDAP login authentication (which
limits access to NERSC staff members) and then use the broken
and untrustworthy user/group/ACL sort of mechanism that the
twiki wiki provides for finer grained access control - though
I haven't encouraged anybody to depend on it.

A wiki with a better access control model (e.g. network
capabilities as data) would be a big plus for us.

> Also, wikis are discarded where their ease of use would be a virtue but
> their lack of access control is an unacceptable defect.

That comes close to matching our situation.  We find ourselves
unable to "reach out" to users outside our LDAP/staff community
with our wikis.  We also find ourselves proliferating wikis
with different access control needs.  E.g. we recently stood
up a "Cray" wiki for interaction between our staff and the
staff of that vendor.  Definitely not an optimal solution!

--Jed  http://www.nersc.gov/~jed/



More information about the cap-talk mailing list