W3C Community Site Issues from Manu Sporny on 2011-07-14 (public-council@w3.org from July 2011)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Thu, 14 Jul 2011 15:11:44 -0400
To: Community Council <public-council@w3.org>
CC: David Lehn <dlehn@digitalbazaar.com>
Message-ID: <4E1F3F70.6050805@digitalbazaar.com>
Provided below are a list of issues that Dave Lehn collected during the
the course of having a few Digital Bazaar engineers sign up to the Web
Payments Community Group in early July. Apologies if some of these bugs
have already been fixed. I'm cc'ing Dave Lehn so that he may provide
more feedback if necessary.

---------------------

Users get an email with a temporary password but after updating the
password the new password gets sent back to user over unencrypted email
in clear text! (CRITICAL)

Suggested changes: Passwords should never be stored or sent over
email in clear text.

---------------------

HTTPS not used even on login pages. (IMPORTANT)

Suggested changes: Please ensure that login pages force HTTPS mode.

---------------------

Dave Longley joined the web payments group and I (David Lehn) was
ejected from the group at the same time he was added?! (CRITICAL)

Suggested changes: Ensure that people joining/leaving a group has
minimal impact on the rest of the people in the group.

---------------------

Constant browser auth popup though you can usually cancel and still
browse around.

Suggested changes: Remove Basic Auth support - tie W3C's authentication
system into the WordPress platform, if possible.

---------------------

Website requires both wordpress and basic auth logins to function
properly.

Suggested changes: Would be better if it was just one login through the
WordPress platform.

---------------------

Long delay between creating account and getting email response.

Suggested changes: Feedback on creating an account, joining and leaving
groups needs to be immediate.

---------------------

When you join a group you get a confirmation message send to various
w3 people with subject "Digital Bazaar, Inc. has joined the Web
Payments Community Group" that starts with "Digital Bazaar, Inc.
joined the Web Payments Community Group as representative of Digital
Bazaar, Inc.".

Suggested changes: Looks like template errors in subject and content
where the company name is used where it should be a user name.

---------------------

We accidentally created "Digital Bazaar, Inc." and "Digital Bazaar"
because a number of engineers were asked to join, they did so, but
without coordinating with one another (which will most likely happen
elsewhere as well). There needs to be some way to merge or change
companies when this happens.

Newly created companies need to show up immediately in the list of
companies to choose from so multiple people don't create the same
ones. (There's a race condition here so changing and deleting
companies features are needed too.)

Mike Johnson had to leave the group before he could join the group.
(?!) Page only had leave group form. He agreed to leave. Then he got
join form and could join.

---------------------

Web content issues:

http://www.w3.org/community/webpayments/participants
Link to reports is bogus with "@@" in the URL.

http://www.w3.org/community/reports/
Obviously has bogus test data on it.

http://www.w3.org/2000/09/dbwg/details?group=47952

Don't have consistent companies and links for everyone.

Regular group members are "Invited experts"?

Can get the "blue screen" version if you logged in with basic auth on
another page (like your account page). But can't edit anything without
a new auth request that doesn't accept same user/pw.  In any case, can
get through to see phone numbers, skype names, etc.

http://www.w3.org/Systems/db/userInfo

(minor) Doesn't handle back navigation between tabs properly (hash
changes but content doesn't update).

http://www.w3.org/community/webpayments/join
Link to unknown page for changing representative:
http://www.w3.org/community/webpayments/change

Top says "Your organization is participating in group and you can
resign using this form..." even though there is no resign option. Next
paragraph starts talking about how to join.

Missing a space after period after policies link.

Text or layout needs to be fixed so that both options make sense.  The
initial "I, David Lehn, ..." part will flow into the first option but
the second option starts with a new sentence.

The older participant list had pic links to "/" and company links for
some people to "#". I think this was partly fixed by just totally
removing links. Would be nice to put back company links and a personal
link.

-------------------------------------------------------------------

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny)
President/CEO - Digital Bazaar, Inc.
blog: PaySwarm Developer Tools and Demo Released
http://digitalbazaar.com/2011/05/05/payswarm-sandbox/
Received on Thursday, 14 July 2011 19:12:28 UTC