[56] in Project_DB
Planned action on "non-certificate access" to project db.
daemon@ATHENA.MIT.EDU (Bill Cattey)
Fri Mar 21 17:19:17 1997
Date: Fri, 21 Mar 1997 17:19:10 -0500 (EST)
From: Bill Cattey <wdc@MIT.EDU>
To: project-db@MIT.EDU
As most of the readers of this list understand, the initial deployment
of the project database allowed access if and ONLY if the person
accessing had a valid MIT certificate.
There was some discussion of the possible impact on customer
expectations, and on the scope of the customer base who could be
supported with that restriction.
At that point three courses of action were possible:
1. Do nothing.
2. Create a second server that would access through the non-secure
"http:" access point in addition to the secure "https:" access point.
3. Debug the SSL code that is documented to allow access through the
"https:" access point without a certificate.
Tim McGovern asked that some assessment of the work required be made in
actions two and three.
In response to his query, Miki has done a prototype of a second access
point on the OPS-5 system. It is her estimate that converting Arachne
in this way would be a day's work or so.
Miki had informally presented me with an estimate of "a couple weeks" to
debug the SSL code.
She carefully pointed out to me her concern that customers might get
disoriented if they looked at the project database through the open
connection, and then tried to edit the projects they saw.
I convened a small meeting of Tim McGovern, Mike Barker, and myself to
discuss this concern. It was our consensus that reading the projects
and editing the projects were different services with different groups
of users, and that the number of people who were in both groups could
easily be educated to use one access point OR the other depending on
what they wanted to do. Although we thought being able to seemlessly
edit from the open access pages would be convenient, we agreed that the
cost of doing the work was prohibitive at this time.
Therefore, I propose that:
Miki take the requisite day to convert Arachne to have an open,
read-only access point for the project database,
that the Delivery, and other web pages point our outside customers to it,
that there be other explicitly labeled pointers into the secure
access point for people who are going to EDIT projects.
that we try to log and review future suggested changes rather than
just doing them.
-wdc
