User:Laxathom/Drafts:FAS3.0: Difference between revisions

This is a draft
This is a draft of potential features for FAS v3.0. It is meant to spawn discussion and will most likely evolve in the future.

Mockups

• FAS 2 as reference

• 

  FAS 2 - People list

• 

  FAS 2 - People edit

• 

  FAS 2 - Groups list

• 

  FAS 2 - Group details

• 

  FAS 2 - Invite people

• 

  FAS 2 - Password Change

• 

  FAS 2 - TODO list

• 

  FAS 2 - Yubikey setting

• 

  FAS 2 - About page

• FAS 3.0 - Desktop rendering
  • Initial 1rst mockup idea

Goals

• Move web framwork from TurboGears 1 to Pyramid
• A real endpoint API
• Better membership management/workflows
• Improved database model
• Make it more Fedora agnostic
• Bring new features
• A better administration mangement.
• A dynamic configuration management
• Social-network friendly

Features

Groups and people visibility

No need to log in anymore to review groups and people's profile.

RESTful API

Provide a dedicated ENDPOINT to retrive accounts' data.

Access to this API requires a generated token that people can get from their

profile's page.

Profile Avatar

People will be able to add an avatar to their profile (from a 3rd party service)

This avatar will be available to 3rd-party which can use it in their views or more.

Profile Bio

Allow people to write up a bio (view-able from their profile's page).

Group 3rd-party binding

As we (Fedora project) has a specific way of using group (i.e providing VCS access and the like)

group will provide a way to bind its ACLs to 3rd party in order to retrieve people or to give people

some rights to this 3rd party if its members exist from this 3rd party.

Current target for now is:

• GitHub organization

Admin or group's admin could bind a group to a github organization's team.

Which, create github's team if not exist and add its members to it if its members exist on github.

If group is VCS related, create a github's repo if not exist already and give its members commit access.

Group ownership

Group's owner has been renamed to "principal Administrator" as group's admin can now

pass along their group's ownership to another admin of the same group.

Account's administrator can do the same.

Settings panel

Account's admin will have a dashboard where they could manage account related elements

• people management
  • Remove an account
  • Block, disable or archive account
• groups management
  • Add, edit and remove groups
  • Block or archive groups
• groups' types management
• license agreement management
  • Add, edit and remove Licenses
  • Enable license at sign-up which flag the license signing as mandatory
• private API access management
  • Generate private token for trusted applications

Account activities

A new page where people can review their account's activities with datetime, events and locations.

Connected applications

• Github

Allow people to connect their github account and share their public infos with Fedora services.

• Twitter

Allow people to connect their twitter account and share their public infos with Fedora service.

2 factors authentication

This 2 factors auth will be required from every login request (web app including) which mean, if user active it, and want to log in to mediawiki, they will have to enter both login+password then 2nd factor.

Note
A group can requires that a 2 factor auth has to be enabled for its members, which mean user won't be approved until they enable this feature. For approved members, they will received an email ask them to enable it. A time period could be necessary otherwise member will be set as inactive.

• Gauth token or FreeOTP?

Optional 2nd auth wihch once activated, will ask people after entered a valid login+password

their Gauth token to let them in.

• Yubikey

This one will not be added as a 2nd auth but as a combo with the login and password (i.e login+password+otp)

(as discussed last flock-2014).

• Fido U2F (TBD)

Requires a FIDO key and a chrome browser.

a plugins for firefox should come out soon though.

LDAP backend

Change SQL backend to LDAP's for groups and people management.

Ideas

Status

• Demo instance:

URL: http://fas3-dev.fedorainfracloud.org (poke me on IRC #fedora-apps if page is blanc)

login: jbezorg

pass: jbezorg

• Pyramid move

Release 3.0

Features (Not up-to-date)

REST API

• Public (user with token)

People infos

Groups infos

• Private (trusted 3rd party with token and secret)

Login request

Account permission request that user grant.

Registration

• registration by step
• License agreement at registration
• Send an email with a generated token to validation email/registration

Search

• Groups
• People

Group Management [demo video]

• group hierarchy
• Membership request (with visual feedback on status)
• Pending requests (also from user's drop-down menu)
• List members view with action per members
• Group's owner edit-able
• Join group when there's no requirements
• Github sync/binding

People profile's page

• Avatar
• Status update
• Bio
• Password update
• Access token
• Account activities
• Membership listing with contextual action from a drop-down menu

Login failure

• Lock account on pre-configured x login failure
• Lock account for a pre-configured time
• Reset password

Admin dashboard

• Create/edit/delete groups
• Create/edit/delete group type
• Create/edit/delete license agreement
• Create/edit/delete Certificate
• Edit/delete account

Notification

• Email

Group membership (request, removal, join, owner update, group update)

People profile (update, password change, activities)

New license agreement

New group type

New group

New Certificate

• Fedmsg

Desktop rendering

• v0.1

• v0.5

• 

  Landing page

• 

  Login

• 

  People list

• 

  Account activities

• 

  Account access

• 

  Group details

Mobile rendering

• v0.5

• 

  FAS 3.0 - Landing page

• 

  FAS 3.0 - People list

• 

  FAS 3.0 - People list with dropdown-menu

Release 3.1