- From: Ian Jacobs <ij@w3.org>
- Date: Thu, 14 Jul 2011 15:00:36 -0500
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Community Council <public-council@w3.org>, David Lehn <dlehn@digitalbazaar.com>
On 14 Jul 2011, at 2:11 PM, Manu Sporny wrote: > Provided below are a list of issues that Dave Lehn collected during the > the course of having a few Digital Bazaar engineers sign up to the Web > Payments Community Group in early July. Apologies if some of these bugs > have already been fixed. I'm cc'ing Dave Lehn so that he may provide > more feedback if necessary. Hi Manu, Thanks to you and Dave for writing these up! > > --------------------- > > Users get an email with a temporary password but after updating the > password the new password gets sent back to user over unencrypted email > in clear text! (CRITICAL) > > Suggested changes: Passwords should never be stored or sent over > email in clear text. Yes. Already on the todo list. > > --------------------- > > HTTPS not used even on login pages. (IMPORTANT) > > Suggested changes: Please ensure that login pages force HTTPS mode. Added to todo list. > > --------------------- > > Dave Longley joined the web payments group and I (David Lehn) was > ejected from the group at the same time he was added?! (CRITICAL) > > Suggested changes: Ensure that people joining/leaving a group has > minimal impact on the rest of the people in the group. I have no idea why one person joining would affect another. My only suspicion is that this is a coincidence and tied to delays between joining and our ldap information being updated. I agree: The delay must be fixed/reduced. > > --------------------- > > Constant browser auth popup though you can usually cancel and still > browse around. I think we fixed that this morning; there was a resource that was not public that now is. Can you reconfirm? > > > Suggested changes: Remove Basic Auth support - tie W3C's authentication > system into the WordPress platform, if possible. Yes, that's already on the todo list. We started dissecting the WP cookie but vacations have interrupted that work. I expect it to resume as of 20 July. > > --------------------- > > Website requires both wordpress and basic auth logins to function > properly. > > Suggested changes: Would be better if it was just one login through the > WordPress platform. Agreed; see above. > > --------------------- > > Long delay between creating account and getting email response. > > Suggested changes: Feedback on creating an account, joining and leaving > groups needs to be immediate. We are working to decrease that delay. (This delay, IMO, is the culprit for a number of issues.) > > --------------------- > > When you join a group you get a confirmation message send to various > w3 people with subject "Digital Bazaar, Inc. has joined the Web > Payments Community Group" that starts with "Digital Bazaar, Inc. > joined the Web Payments Community Group as representative of Digital > Bazaar, Inc.". > > Suggested changes: Looks like template errors in subject and content > where the company name is used where it should be a user name. Indeed. I will ask Dom to help fix that. > > --------------------- > > We accidentally created "Digital Bazaar, Inc." and "Digital Bazaar" > because a number of engineers were asked to join, they did so, but > without coordinating with one another (which will most likely happen > elsewhere as well). There needs to be some way to merge or change > companies when this happens. Agreed. I think the answer is "tell us on site-comments." at least for now. Which one do you want, btw? (with Inc or without?) > > Newly created companies need to show up immediately in the list of > companies to choose from Added to the todo list. > so multiple people don't create the same > ones. (There's a race condition here so changing and deleting > companies features are needed too.) I am not sure we will provide editing capabilities via a UI for companies added to the system. > > Mike Johnson had to leave the group before he could join the group. > (?!) Page only had leave group form. He agreed to leave. Then he got > join form and could join. I think this is related to the delay issue. > > --------------------- > > Web content issues: > > http://www.w3.org/community/webpayments/participants > Link to reports is bogus with "@@" in the URL. Right. That means "This will be filled in later." > > http://www.w3.org/community/reports/ > Obviously has bogus test data on it. Will be filled in later. > > http://www.w3.org/2000/09/dbwg/details?group=47952 How did you get to that page? > > Don't have consistent companies and links for everyone. Please provide more detail on what you are observing on that page... > > Regular group members are "Invited experts"? Since we don't expect people to get to this page, it may not be that important. > > Can get the "blue screen" version if you logged in with basic auth on > another page (like your account page). But can't edit anything without > a new auth request that doesn't accept same user/pw. In any case, can > get through to see phone numbers, skype names, etc. I don't think that page will be visible to people. > > http://www.w3.org/Systems/db/userInfo > > (minor) Doesn't handle back navigation between tabs properly (hash > changes but content doesn't update). > > http://www.w3.org/community/webpayments/join > Link to unknown page for changing representative: > http://www.w3.org/community/webpayments/change I believe we've fixed that. Please confirm. > > Top says "Your organization is participating in group and you can > resign using this form..." even though there is no resign option. Next > paragraph starts talking about how to join. Probably fixed. Please try again > > Missing a space after period after policies link. Fixed > > Text or layout needs to be fixed so that both options make sense. The > initial "I, David Lehn, ..." part will flow into the first option but > the second option starts with a new sentence. Yes. FIxed. > > The older participant list had pic links to "/" and company links for > some people to "#". I think this was partly fixed by just totally > removing links. Would be nice to put back company links and a personal > link. Fixed for now. We hope to add individual pages (but not at launch). > > ------------------------------------------------------------------- > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny) > President/CEO - Digital Bazaar, Inc. > blog: PaySwarm Developer Tools and Demo Released > http://digitalbazaar.com/2011/05/05/payswarm-sandbox/ > > -- Ian Jacobs (ij@w3.org) http://www.w3.org/People/Jacobs/ Tel: +1 718 260 9447
Received on Thursday, 14 July 2011 20:00:45 UTC