Project CCA Rollout

Tasks

Task

Bug

Effected file

Responsible

Remarks

Status

Define a central function CCA accept that can be trigged from everywhere where it is needed

Marek/Michael?

Record CCA at account creation

index.php?id=1

What information needs to be recorded?
$memid = ActualUserID
$document = “CCA”
$active = 1
$method = “account creation”
$comment = ?
What kind of error messages and warnings are needed?

Record CCA when creating client certificates

account.php?id=3

What information needs to be recorded?
$memid = ActualUserID
$document = “CCA”
$active = 1
$method = “client cert issuing”
$comment = SerialNumber of Certificate?
What kind of error messages and warnings are needed?

Record CCA when creating server certificates

account.php?id=10

What information needs to be recorded?
$memid = ActualUserID
$document = “CCA”
$active = 1
$method = “server cert issuing”
$comment = SerialNumber of Certificate?
What kind of error messages and warnings are needed?

Record CCA when creating gpg certificates

gpg.php?id=0

What information needs to be recorded?
$memid = ActualUserID
$document = “CCA”
$active = 1
$method = “gpg cert issuing”
$comment = SerialNumber of Certificate?
What kind of error messages and warnings are needed?

Record CCA when creating org client certificates

account.php?id=16

What information needs to be recorded?
$memid = ActualUserID
$document = “CCA”
$active = 1
$method = “org client cert issuing”
$comment = SerialNumber of Certificate?
What kind of error messages and warnings are needed?
Do we need to active ask for CCA agreement for organaisation certs?
Workaround Check if OrgAdmin has CCA and then $active =0

Record CCA when creating org client certificates

account.php?id=20

What information needs to be recorded?
$memid = ActualUserID
$document = “CCA”
$active = 1
$method = “org server cert issuing”
$comment = SerialNumber of Certificate?
What kind of error messages and warnings are needed?
Do we need to active ask for CCA agreement for organaisation certs?
Workaround Check if OrgAdmin has CCA and then $active =0

Record CCA while entering an assurance

What information needs to be recorded?
Function needed twice one for the assurer and one for the assuree
Assurer:<<BR>>$memid = ActualUserID
$secmemid=AssureeID
$document = “CCA”
$active = 1
$method = “aussuring”
$comment =?
Assuree:<<BR>>$memid = AssureeID
$secmemid= ActualUserID
$document = “CCA”
$active = 0
$method = “get aussured”
$comment =?
What kind of error messages and warnings are needed?
Problem old assurances prior to 2009 without CCA
Solution create date selector in wot form for date if date prior xxx accept without

SE-View

Michael?

See below

Data handling

Database structure for table User_Agreements

Field

Type

Comment

ID

int(11) NOT NULL

Primary Key, autoincrement

memid

int(11)

Member for which the agreement is recorded

secmemid

int(11)

user that is involved in the agreement (e.g. Assurer) / ID of another member involved, like the counterpart in an Assurance

document

varchar(50)

Kind of agreement which got accepted, e.g. "CCA"

date

datetime

Time the agreement was recorded

active

int(1)

whether the user actively agreed or if the agreement took place via an indirect process (e.g. Assurance)

method

varchar(100)

in which process did the agreement take place (e.g. certificate issuance, account creation, assurance)

comment

varchar(100)

user comment, Describes the circumstances, currently one of "Assuring", "Being assured", "GPG", "called from ...", depending on which action the user wanted to do when accepting the agreement.

Would it not be better to have the document and the method placed in two seperate tables and and link them instead of using varchar? (first to third normal form of a database) INOPAIE, Marek 2012-06-05

Function (pseudo code)

Function documentaccept($memid, $document, $active, $method, $comment, $secmemid=Null){ $date=Now() Sql= Insert into User_Agreements (memid, secmemid, document, date, active, method, comment) values ($memid, $secmemid, $document, $date, $active, $method, $comment) } Check SQL statement for possible injection threads needed?

Audit functions

SE => function CCA agreement in user view:

  1. proposal
    • shows date of account agreement
    • shows date of last cert/assure agreement
  2. proposal
    • Only show CCA 0/1

Information of user

Task

Needed

Remark

Account creation

Already done as present in actual create-form

Assure someone

Already done as prepared in actual wot-6.php form but not visible for the user

Certificate

User needs to be informed

Timeline

Uli mentioned that is necessary to first have the “Delete account routine” finished.

* Technology/Laboratory/COrbitCA and Brain/Study/COrbitCA * https://wiki.cacert.org/Software/BugsOverview


Software/Projects/CCARollout (last edited 2012-06-05 05:02:09 by MarekMazur)