Edgewall Software

Trusted Trac

(isn't it a cool label?)

This is a draft about pushing Trac to a new level of confidence in user supplied data, witch may be especially valuable in commercial/cooperate setups. It is not so much about whole new code but clever integration of existing features of Trac or Trac plugins. In the end we can trust in user identities backed by one or several Webs of Trust (community-based PGP key chain, CAcert issued X.509 certificate, etc.) and may get i.e. near zero ticket and wiki SPAM without any SPAM filtering as a side-effect. Tight registration control, timed automatic deactivation of unverified user accounts and accounts with expired PGP key respectively certificate, all just a matter of choice.

just a quick and dirty artwork derived from current Trac logo with The GIMP

Concept details

Trusted Trac Notification

(put references on existing/upcoming implementations for Trac and wiki:AnnouncerPlugin/MessageEncryption here)

Registration/new user process

(add description along the lines of Carsten Klein's idea from 23-Jul-2010 on IRC channel #trac here)

Editor identity verification

(develop handshake models for checking any user input)

Implementation

There's nothing more done right now than collecting ideas. As I feel wiki is not the best for conceptual discussions, that are not worth being preserved to eternity, I'd rather see them at the mailing-list and IRC channel #trac than at this page. We could still have pointers to mailing-list postings we feel most important later on. Most importantly it should produce hints on further develop of plugins, that may provide parts of the final infrastructure. Down the road …, well we'll see, when we are there.

—hasienda

Last modified 4 years ago Last modified on Jul 24, 2010 11:30:03 PM

Attachments (1)

Download all attachments as: .zip