JIRA 10165[1] been fixed, and I've successfully modified the cn value
for uid=rubys. In the comments, pctony tells me that users can change
their own givenNames and sn.
It occurs to me that this may be a feature, i.e. we allow users to
change their givenNames to whatever they want, but don't treat those
names as authoritative. Periodically (or when requested), the Secretary
could run a future read/write version of the public_names tool and made
decisions whether to individually adopt or revert the differences that
are shown.
Breaking this down:
1) The strength of LDAP is fine grained access control and immediacy.
Users may have access to some fields is some objects without being given
access to all fields in all objects of a given type.
2) The strength of SVN is auditability and ability to handle loosely
structured and even unstructured data without prior approval/coordination.
3) The strength of a web UI is ease of use and the ability to operate on
data without having to worry about where it resides. For example,
updating a canonical public name can cause both LDAP and iclas.txt to be
updated.
Plans:
I'd like to start rewriting the roster tool to make it both faster and
read/write. Rough timeframe: by the end of the year-ish. This should
eliminate the need for people to log onto people.apache.org and run Perl
scripts from the command line. Ultimately, it could be a replacement
for id.apache.org?
Along the way, we need to have a dialog as to what data can be updated
by whom. People should be able to continue to update their own personal
web site address. Only the secretary (and team) should be able to
update the canonical public name. On the infrastructure team should be
able to update numeric user ids.
Part of the strategy could involve invitations and/or notifications.
I've prototyped invites as a part of the demo online ICLA submission
tool. Changes in PMC rosters could cause emails to be sent and the
changes to be marked as pending with a future effective date.
Other tools can be updated too. At the moment, the board agenda tool
provides to the secretary a list of post meeting actions that need to be
performed. There is no reason that the secretary couldn't initiate
those actions directly from the board agenda interface.
Thoughts?
- Sam Ruby
[1] https://issues.apache.org/jira/browse/INFRA-10165
