= Project CCA Rollout = == Tasks == || Task || Bug || Effected file || Responsible || Remarks || Status || || Define a central function CCA accept that can be trigged from everywhere where it is needed || || || Marek/Michael? || || || || Record CCA at account creation || || index.php?id=1 || || What information needs to be recorded?<
>$memid = ActualUserID<
>$document = “CCA”<
>$active = 1<
>$method = “account creation”<
>$comment = ?<
>What kind of error messages and warnings are needed? || || || Record CCA when creating client certificates || || account.php?id=3 || || What information needs to be recorded?<
>$memid = ActualUserID<
>$document = “CCA”<
>$active = 1<
>$method = “client cert issuing”<
>$comment = SerialNumber of Certificate?<
>What kind of error messages and warnings are needed? || || || Record CCA when creating server certificates || || account.php?id=10 || || What information needs to be recorded?<
>$memid = ActualUserID<
>$document = “CCA”<
>$active = 1<
>$method = “server cert issuing”<
>$comment = SerialNumber of Certificate?<
>What kind of error messages and warnings are needed? || || || Record CCA when creating gpg certificates || || gpg.php?id=0 || || What information needs to be recorded?<
>$memid = ActualUserID<
>$document = “CCA”<
>$active = 1<
>$method = “gpg cert issuing”<
>$comment = SerialNumber of Certificate?<
>What kind of error messages and warnings are needed? || || || Record CCA when creating org client certificates || || account.php?id=16 || || What information needs to be recorded?<
>$memid = ActualUserID<
>$document = “CCA”<
>$active = 1<
>$method = “org client cert issuing”<
>$comment = SerialNumber of Certificate?<
>What kind of error messages and warnings are needed?<
>Do we need to active ask for CCA agreement for organaisation certs? <
>Workaround Check if OrgAdmin has CCA and then $active =0 || || || Record CCA when creating org client certificates || || account.php?id=20 || || What information needs to be recorded?<
>$memid = ActualUserID<
>$document = “CCA”<
>$active = 1<
>$method = “org server cert issuing”<
>$comment = SerialNumber of Certificate?<
>What kind of error messages and warnings are needed?<
>Do we need to active ask for CCA agreement for organaisation certs? <
>Workaround Check if OrgAdmin has CCA and then $active =0 || || || Record CCA while entering an assurance || || || || What information needs to be recorded?<
>Function needed twice one for the assurer and one for the assuree<
>Assurer:<
>$memid = ActualUserID<
>$secmemid=AssureeID<
>$document = “CCA”<
>$active = 1<
>$method = “aussuring”<
>$comment =?<
>Assuree:<
>$memid = AssureeID<
>$secmemid= ActualUserID <
>$document = “CCA”<
>$active = 0<
>$method = “get aussured”<
>$comment =?<
>What kind of error messages and warnings are needed?<
>Problem old assurances prior to 2009 without CCA <
>Solution create date selector in wot form for date if date prior xxx accept without || || || SE-View || || || Michael? || See below || || == Data handling == === Database structure for table User_Agreements === || Field || Type || Comment || || ID || int(11) NOT NULL || Primary Key, autoincrement || || memid || int(11) || Member for which the agreement is recorded || || secmemid || int(11) || user that is involved in the agreement (e.g. Assurer) / ID of another member involved, like the counterpart in an Assurance || || document || varchar(50) || Kind of agreement which got accepted, e.g. "CCA" || || date || datetime || Time the agreement was recorded || || active || int(1) || whether the user actively agreed or if the agreement took place via an indirect process (e.g. Assurance) || || method || varchar(100) || in which process did the agreement take place (e.g. certificate issuance, account creation, assurance) || || comment || varchar(100) || user comment, Describes the circumstances, currently one of "Assuring", "Being assured", "GPG", "called from ...", depending on which action the user wanted to do when accepting the agreement. || Would it not be better to have the document and the method placed in two seperate tables and and link them instead of using varchar? (first to third normal form of a database) INOPAIE, Marek 2012-06-05 === Function (pseudo code) === Function documentaccept($memid, $document, $active, $method, $comment, $secmemid=Null){ $date=Now() Sql= Insert into User_Agreements (memid, secmemid, document, date, active, method, comment) values ($memid, $secmemid, $document, $date, $active, $method, $comment) } Check SQL statement for possible injection threads needed? == Audit functions == * How can the CCA agreement be monitored? * Who should have access to the CCA agreement information? SE => function CCA agreement in user view: 1. proposal * shows date of account agreement * shows date of last cert/assure agreement 2. proposal * Only show CCA 0/1 == Information of user == || Task || Needed || Remark || || Account creation || Already done as present in actual create-form || || || Assure someone || Already done as prepared in actual wot-6.php form but not visible for the user || || || Certificate || User needs to be informed || || == Timeline == * Introduce SQL-function * SE-View * Record account creation * Record assurer someone * Record certificate creation / information of user Uli mentioned that is necessary to first have the “Delete account routine” finished. == Related documents == * [[Technology/Laboratory/COrbitCA]] and [[Brain/Study/COrbitCA]] * [[https://wiki.cacert.org/Software/BugsOverview]] ---- . CategorySoftwareAssessment