Peter Crowther wrote:
Let's try a different artifact. Most 'mildly-secure' systems consist of the following:
[snip] You're right. That kind of security is probably doable without killing the project. It might not be good enough for money handling or legally binding stuff, but it probably is for all kinds of decisions the community is trying to make now.
This is absolutely not hacker-proof - I could compromise it in many different ways. Yet, for voting, it probably wouldn't be worth my while. So let's consider that our target for a 'mildly-secure' system for a moment
On this we agree. Do you mind updating the minnow page to reflect these requirements? I propose to place it with the non-functional requirements, rather than mess up the functional workflow description.
and see how much of it we already have:
[stuff SqP does]
OK, so how about adding 'referenda' as a new kind of thing on which opinions can be registered, giving people the option to validate their email address, and calling that system our 'version 1' voting system? Yes, I accept that we still have to construct our initial set of voters; but I suspect that is going to be the case with any system, and I note that it is conceptually independent of any existing ranking system on SqP.
Here I don't quite understand your intention. Do you mean to extend SqP itself? note that it is not Squeak, so some Squeakers won't hack it directly. Anyhow, Cees has built several systems based on an interface to SqP that exposes some of its objects, including the trust and users. I haven't looked at that interface to see what it exposes exactly yet.
Anyway, I think the first thing is to make sure we can live with the initial requirements list, and then let move to implementation. For that I was going to ask on the Squeak list for volunteers, unless one of you wants to tackle it yourselves. In the case where someone else is doing it, there's no point in making too many implementation decisions now.
Within the time I have available, and with the understanding that I am paranoid, have worked on security in the past, but cannot be considered a security expert... I'm willing to do so.
Great!
I will update the spec to allow the voters to be specified as a simple string, with 'dvf danielv@tx.technion.ac.il 123456 ls lex@lexspoon.org 654321 ?? Peter@ozzard.org 346098' as the initial value.
Agreed?
Not yet - I'd like some clarification. What are the values here? The first set appear to be initials, and may correspond to an account on SqP (although my usename on SqP is not my initials). The second is an email address. The third?
I meant it to be an initial mock password, useful for our testing the 0.5 version. But its your call now... :-)
Daniel