Struggles
Bernard,
I've asked several questions that may seem odd. Hopefully this post will clear up any misconceptions and I'll be able to see whether YACS can work for me.
Let's say that I own BigCompany.com with offices in Toledo, Miami, Paris, London, and LA.
Let's say that I want to set up a public intranet of sorts for my employees that is read only - they can't edit the content. What I mean by public is that it will be out on the web but access will be controlled by passwords and logins.
Further let's say that on this employee only site we have news, articles, checklists, etc. However I only want employees from Miami to be able to see the Miami related information and the same for the others.
I can see setting this up in 2 ways - either one big site or multiple separate sites.
One big site.
The problems with this setup are:
1. I can't have forums that are separate for each location. I would not want the Toledo employees using or seeing the Paris forum.
2. I can't have separate newsletters. Again employees from Miami should only get the news about Miami.
3. I can't control sections/categories by location. If I have checklists for the LA employees that don't apply to the London employees I would want it separate. However if an LA employee is logged in he would be able to see the London sections/categories too.
4. I know that we could approve every sign up. But if a bunch of non-employees came in and signed up it would create a hassle trying to determine and approve everyone. This could partially be resolved by being able to hide the register link but apparently that isn't possible.
5. Also problem #2 below applies.
Multiple sites.
The main problems with this scenario are:
1. Because of the distributed authentication scheme YACS would automatically let employees from Paris login to the Miami separate installation.
2. Further if a regular non-employee -- let's say one of YOUR members wants to login to my private employee site they can. This is even worse than problem #1.
Any thoughts or ideas on how to accomplish this type of setup? Thanks!
I've asked several questions that may seem odd. Hopefully this post will clear up any misconceptions and I'll be able to see whether YACS can work for me.
Let's say that I own BigCompany.com with offices in Toledo, Miami, Paris, London, and LA.
Let's say that I want to set up a public intranet of sorts for my employees that is read only - they can't edit the content. What I mean by public is that it will be out on the web but access will be controlled by passwords and logins.
Further let's say that on this employee only site we have news, articles, checklists, etc. However I only want employees from Miami to be able to see the Miami related information and the same for the others.
I can see setting this up in 2 ways - either one big site or multiple separate sites.
One big site.
The problems with this setup are:
1. I can't have forums that are separate for each location. I would not want the Toledo employees using or seeing the Paris forum.
2. I can't have separate newsletters. Again employees from Miami should only get the news about Miami.
3. I can't control sections/categories by location. If I have checklists for the LA employees that don't apply to the London employees I would want it separate. However if an LA employee is logged in he would be able to see the London sections/categories too.
4. I know that we could approve every sign up. But if a bunch of non-employees came in and signed up it would create a hassle trying to determine and approve everyone. This could partially be resolved by being able to hide the register link but apparently that isn't possible.
5. Also problem #2 below applies.
Multiple sites.
The main problems with this scenario are:
1. Because of the distributed authentication scheme YACS would automatically let employees from Paris login to the Miami separate installation.
2. Further if a regular non-employee -- let's say one of YOUR members wants to login to my private employee site they can. This is even worse than problem #1.
Any thoughts or ideas on how to accomplish this type of setup? Thanks!
Comments
Bernard from nearby-an-airport Associate, 6674 posts |
Mark, if you want your employees to access internal and local information, you should:
The only thing I have to add to YACS to fulfill your requirement is a global parameter to block cross-authentication between servers (roughly, about one hour development time...) Generally speaking, I would recommend to not push on the Internet information that have to stay within company boundaries. This being said, if you really want to do it differently, please consider first that HTTP basic authentication and cookie-based session management is not as secured as an IPsec tunnel. Still wanting to build your intranet across the Internet? Well, create one server per location, and make it hosted as near as possible of related location. Then you will use the global parameter mentioned previously to avoid cross-authentication. Also, I would have to add a global parameter to limit member rights to read access. Another hour development time, maximum. Of course you will end up with several servers to manage, but YACS has very specific features aiming to reduce related management costs:
I will try to integrate the two new configuration parameters discussed above into the next release, and will send you a message when the next build will be available, hopefully before week end. Thank you for having stated your issue so clearly, and for giving YACS a chance to support your business. |
| Mark 16 posts |
Some of those changes would be great. On a related note I don't know if you're familiar with About.com. It has about 400 topics all on their own subdomains. Each topic has its own editor. Each topic has its own newsletter and forum. They use MovableType to power their sites. I understand that YACS is SO much more than MT is or ever will be. I haven't seen a content system so powerful with so much potential in a long time and I've tried just about all of them both paid and free. If I had a site similar to About.com with tons of content how would you recommend setting up YACS to provide similar functionality to that listed above (separate topics, editors, newsletters, forums, etc.)? Would you create many separate installations or what? Thanks! |
| Mark 16 posts |
One further comment regarding the changes you mentioned. I think they should be optional depending on each person's setup and needs. One of the biggest problems with most content systems out there (even paid ones) is the lack of options and customizability of various features without being a programmer. I think with the power and potential of YACS one of the determining factors in its future usability and marketability and widespread use is to provide as much customizability as possible in an as easy to use manner as possible. Thanks for all you are doing to build this powerful system. Mark |
| Bernard from nearby-an-airport Associate, 6674 posts |
Mark: Well, I had never imagine that someone would have asked me to mimic the famous about.com, but why not?  Let see what we can do NOW with YACS. Create one section per topic. YACS will definitely support dozens or hundreds of different sections, and therefore different topics. Each topic can have an unlimited number of pages, with images, files, links, as you already know. Use the topic as the nick name of each section. This will enable surfers to use the page locator to browse topics, eg, 'http://mysite/go.php/a_topic'. Promote regular members to topic editors by mentioning their ids into the 'editors' field of each section. Editors are able to do almost what they want from within their own sandbox, which is exactly what you want to achieve. At the moment YACS newsletters are global, as explained to you previously. Of course this could evolve over time, but at the price of a significant development time. YACS offers natively one RSS feed per section/topic, and this may be enough for people to track individual topics. You can create one discussion board per topic as well, or let people annotate topic pages directly.Well, as a temporary conclusion, we could say that with the current release of YACS we can support most salient points of the content organization that about.com has. |
| Bernard from nearby-an-airport Associate, 6674 posts |
" a global parameter to block cross-authentication between servers " Well, actually, this would be unnecessary effort. Cross-authentication requires you to explicitly list servers to which XML-RPC calls will be submitted. Therefore to disable cross-authentication you just have to not enable it, and to ensure that no server profile has been checked for remote login authentication. I am currently working on the other global parameter we talked about, to turn sites as read-only even to members. Keep posted... |
| Bernard from nearby-an-airport Associate, 6674 posts |
Mark: Can you please download the latest nightly build and check the Control Panel, and security parameters at the main Configuration Panel? |
Rate this page
Posted by Mark on Feb. 2 2005, commented by Bernard on Feb. 2 2005, (popular)
