|
Grex > Coop10 > #72: Validating Institutional Members | |
|
| Author |
Message |
| 25 new of 96 responses total. |
aruba
|
|
response 25 of 96:
| 
Jan 26 04:22 UTC 1998 |
Re #23: "What then, is the problem?" Well, the problem is this. If we
allow people to pay for internet access on as many personal accounts as
they want, I don't think there's any way we can pretend we're not "selling
internet service". Up to now, we call membership fees "donations", and
internet privileges "membership perks". I don't see how we can extend
that to a situation where people can buy access for as many accounts as
they'd like.
I don't think we should be in the business of selling internet service.
For one thing, I think we'd have to charge sales tax on those extra
accounts. And for another, if our attitude shifts away from the
donations/perks model toward the sales model, people may start to treat us
the way customers treat a provider. That's not what Grex has been like up
to now.
|
scg
|
|
response 26 of 96:
|
Jan 26 06:37 UTC 1998 |
I agree with Mark.
|
rcurl
|
|
response 27 of 96:
|
Jan 26 06:58 UTC 1998 |
Nobody is proposing what Mark describes in #25. The policy is one internet
access per member, individual or institutional. I recommend keeping that
policy.
I'm a case in point, I guess. I maintain four accounts for non-profit
organizations (all MI corporations and 3 501(c)3) in addition to my (one)
personal account. Three of those organizations are institutional members
and the fourth one will be soon. They all use the internet - but only for
e-mail, web pages, and ftp from outside, which are all allowed non-members
anyway. None use party or a lot of other resources.
Am I a camel's nose? 8^}
(I just noticed that we already provide *everyone* with most of the
internet "perqs" that people might want - add lynx to the list above -
....the additional member internet "perqs" don't amount to much.)
|
remmers
|
|
response 28 of 96:
|
Jan 26 11:09 UTC 1998 |
I agree with Mark also.
|
albaugh
|
|
response 29 of 96:
|
Jan 26 16:46 UTC 1998 |
This doesn't help with institutional users, but is there a way we could use
Unix group membership etc. to do the following: Allow a user to establish
a "primary" account that would be internet-enabled and vote-enabled given the
$ and verification. If that same user wanted internet access as another user,
then he'd send staff or whoever an e-mail from his primary account, to add
the secondary account to the group of the primary user. That would allow the
secondary account to have internet access under the umbrella of the primary
account. The downside would be a person who pays for his primary account,
then gets secondary accounts for his buddies to use without paying. But if
we're supposed to operate in an atmosphere of trust...
|
aruba
|
|
response 30 of 96:
|
Jan 26 17:34 UTC 1998 |
Yes, we could do that, and we wouldn't even need to use UNIX groups to
accomplish it. The member could just write to me and I'd add the pseudo to
the internet group, and keep track of it in my database, so I know to delete
it if the membership expires.
I confess to being worried about the "add my friends" problem. (We ought to
at least put a cap - say 3 - on the number of additional accounts with
internet access, and make the member state that the accounts are indeed his.)
Re #27: Rane, I think several people were proposing that we allow people to
"pay more and get more", which is what I was reacting to. If anyone wants to
know exactly what internet privileges we're talking about here, this is what I
tell people when they ask me (courtesy of srw):
Non-members are forbidden all internet access except via these protocols:
finger, gopher, talk, and http. All other internet protocols (such as
telnet, ftp, irc, and many more) are reserved for members only. So that's
what you gain by being in the internet group.
|
remmers
|
|
response 31 of 96:
|
Jan 26 18:55 UTC 1998 |
What Kevin proposes in #29 sounds reasonable; my reservation would
be that it's yet another drain on staff time, which is in scarce
supply to begin with.
|
rcurl
|
|
response 32 of 96:
|
Jan 26 19:02 UTC 1998 |
Add to the allowed protocols e-mail and ftp from a remote site.
So, why don't you just verify organizations like you verify individuals?
The 'proofs' may be a little different, but we decided what was acceptable
for individuals, and we can do the same for organizations.
|
other
|
|
response 33 of 96:
|
Jan 26 23:35 UTC 1998 |
i just didn't see it the way aruba describes it. that makes a lot of sense
to me, and given that we do not "sell" internet service, and do not want to,
it also makes sense to me to keep the limit we currently have.
perhaps we could have institutional memberships for formally organized groups,
and ask that informal groups register as essentially the personal account of
the contact person/primary user...? hmmm... i see some potential problems
with that idea.
i guess then what we are left to struggle with is the perception of what we
provide and what we are. we could try to authenticate inst'l users, and any
who cannot provide some significant authentication can be asked to assign a
member of their group as "the person responsible and answerable for any use
or abuse of the account." then we can treat that account, for all intents
and purposes as an inst'l account. again, we'll have to rely on the good faith
of the contact person who creates the account, but since it's not a voting
account, i think that as long as we continue to maintain the idea that
individual users can only have one account with full access, we don't really
lose anything if occasional people want to deceive us and pay us for more.
|
valerie
|
|
response 34 of 96:
|
Jan 27 16:49 UTC 1998 |
This response has been erased.
|
valerie
|
|
response 35 of 96:
|
Jan 27 16:49 UTC 1998 |
This response has been erased.
|
rcurl
|
|
response 36 of 96:
|
Jan 27 17:22 UTC 1998 |
For what its worth...the IRS makes a distinction between inexpensive premiums,
such as tote bags, and more significant premiums, such as the cost of a
dinner. There is also a distinction between an incidental premium and a
regular premium. You may get a tote bag for joining some organization, but
you do not usually get them for renewing. You can also not usually take
out two memberships for yourself in most non-profit organizatiions in order
to get a double premium ("one to a customer...").
In any case, I did not think that Grex was offering internet acess as a
perq to members, but rather limiting it to members in order to manage the
resource.
|
remmers
|
|
response 37 of 96:
|
Jan 27 19:17 UTC 1998 |
That's what I thought too.
|
mary
|
|
response 38 of 96:
|
Jan 27 21:56 UTC 1998 |
Yep. That's been my understanding of the restriction too.
|
mdw
|
|
response 39 of 96:
|
Jan 28 01:36 UTC 1998 |
There are several reasons we restricted some internet access to members
only.
(0) anti-vandalism. Vandals like to find anonymous machines to
use as "jump gates" to hide their actual location, and they
also like anonymous machines when attacking other machines.
(1) accountability/liability. If a non-vandal decides to attack
some other site or person, this allows us to name the person
and pass the buck in terms of responsibility for the problem.
(2) to limit some kinds of use to a scarce resource.
(3) to be a perk for members. This was not the *only* reason why
we did this, but this *was* one of the reasons we originally
setup this restriction.
I don't see a big problem with institutional access, provided it isn't
abused. We certainly need to get a good idea of who is responsible for
the use of the organization - for an incorporated business, this is not
hard. They're registered with some state, and this is something we can
verify - we should also be able to get an address for the principle
office of the organization, & other contact info.
For an unincorporated business, the business itself can't be held
liable; rather, the individual people concerned are completely liable.
So, for an unincorporated business, we need the name(s) of all of the
people who will have access Since there's no difference between this &
somebody just "buying" 2 accounts (so if we allow unincorporated
businesses, we should also allow people to just plain buy 2 accounts
with no need to make up a business name).
There are certainly ways this could be abused, so we should be careful
about this. For instance, we certainly don't want to sell accounts to
"bulk mailers". We don't want institutions to think of grex as a good
place to set up high traffic web sites. We also want to be up front
about voting rights, so that they are not "surprised" later. We also
don't want an institution to think of grex as a respository to store or
exchange private data, say, proprietary trade information.
|
davel
|
|
response 40 of 96:
|
Jan 28 01:46 UTC 1998 |
Or, simply, any serious amount of data.
|
dang
|
|
response 41 of 96:
|
Jan 28 03:49 UTC 1998 |
I am strongly against allowing multiple internet-enabled accounts to users.
As long as we are limiting it to one account/vote/internet access per person,
I can justify to myself giving Internet access as a perq. (BTW, it was my
understanding when we voted on this that is *was not* a perq. It was to limit
the use for resource resons. I'm against giving it even as a perq. Even to
the point of not allowing it.) However, if we start to allow people to buy
as many accounts as they want, then that's selling internet access. We then
have an implied contract with out customers. I, personally, don't want to
devote my spare time, what there is of it, to maintaining a system that sells
internet access. I guess I just have big problems with the idea. So, I'd
say we need to verify institutions somehow. I'm not sure how, but to a
similar extent as the personal verification.
|
janc
|
|
response 42 of 96:
|
Jan 28 04:29 UTC 1998 |
If we are limiting internet to members primarily for accountability reasons,
then it makes sense to allow members to have extra internet-enabled accounts
*for personal use* for no extra fee.
If we are also trying to limit use of scarce resources, that means we don't
want to allow people to give extra accounts away to friends, even if they are
willing to take responsibility for the use of the account, because that would
unbalance our rather delicate resource equation.
Note that if we did this, any user would be able to tell that one particular
account had member status but no voting status, so they'd know that it was
either a corporate account or a pseudo. It would probably not be a matter
of public record which member a pseudo-member account was associated with.
I don't know if this would be all that interesting to all that many people.
We should not give sell pseudo-member accounts for the full membership price
because they don't include what is formally the main "perk" of membership -
a vote.
We could sell them for some lower price - $6 a year or something. But I don't
really feel like that is worth the trouble.
I'd be OK with no-extra-charge, for-personal-use-only spare member accounts.
I'm not sure if the demand for them would be large enough to be worth the
effort of offering them, and the small possiblity of abuse, or the large
headaches when we start suspecting that xyz1, xyz2, and xyz3 are actually
being used by different people.
|
mary
|
|
response 43 of 96:
|
Jan 28 04:41 UTC 1998 |
Me thinks someone should just go back and repost the original
items where this was discussed so our memories could be
refreshed.
Security isn't tied to $6 a month but rather to validation.
|
mary
|
|
response 44 of 96:
|
Jan 28 05:31 UTC 1998 |
The following is the text of the membership vote which restricted
specific services to members only. A number of reasons for limiting
access are mentioned but I don't see any reference to using these
restrictions as an incentive for folks to send in membership dues.
***************************************
PROPOSAL:
The following internet services enrich the Grex community, do not use
much bandwidth, and do not provide much potential for internet
mischief; therefore they should be made available to all:
Finger
Whois
Ping
Mail (incoming and outgoing)
Incoming Usenet News
Incoming Telnet
Incoming FTP
Incoming Lynx
Talk (and it's various permutations)
Archie
Veronica
WAIS
Gopher (with all Telnet capabilities disabled)
The following services will be restricted to VERIFIED GREX MEMBERS and
VERIFIED GREX USERS (however the board shall define that term) because of
the potential for world-wide mischief:
Outgoing Usenet News
The following services will be restricted to VERIFIED GREX MEMBERS in good
standing, because these services utilize a lot of bandwidth, offer
less of a benefit to the Grex community as a whole, and/or hold the
potential for system cracking and other undesirable activities:
Outgoing FTP
Outgoing Telnet
Outgoing Lynx
Gopher (with telnet capability enabled.)
IRC
Being that the major objection to open access for the above
services is the lack of available bandwidth on Grex's internet
link, It is understood that any of these services may be made
available to all VERIFIED USERS as well as VERIFIED MEMBERS as soon as Grex
acquires a link of suitable power and robustness.
In order to maintain the integrity of both Grex, and of the Internet as a
whole, the Grex board shall have the power to restrict or deny internet
access to groups or individuals who pose a security risk, or who engage in
inappropriate behavior (as defined by the Grex board).
The board may also make modifications to this proposal without resorting
to a member vote in the case of an emergency situation, or if some
provision of this proposal proves to be technically impossible to implement.
VOTE RESULTS:
Results were posted on Wednesday, August 17, 1994.
49 out of 80 eligible voters cast ballots. The Tally: Yes 36 No 13
The proposal passed.
*********************************************
|
janc
|
|
response 45 of 96:
|
Jan 28 16:47 UTC 1998 |
Wow. Mail is a service that doesn't use much bandwidth? Well, not on a
per-user basis, normally, I guess.
Also, I note that we do allow "outgoing lynx" to all users.
Anyway, I think the alternatives that have some plausible support are:
- status quo: verified members can have one account each.
- verified members can have extra non-voting accounts with net access
upon request, but these accounts are for personal use only, not to
be passed on to other people to use. There is no charge for such
accounts.
The above text raises some other issues that probably ought to be treated in
another item.
|
dang
|
|
response 46 of 96:
|
Jan 28 17:21 UTC 1998 |
I like the status quo.
|
rcurl
|
|
response 47 of 96:
|
Jan 28 17:24 UTC 1998 |
Right. The terms of verification of an Institutional membership are still
not clear. Since that is what this is about, I will suggest some acceptable
verifying documents:
1. Proof of incorporation and name/address/phone of resident agent (a copy
of the annual report to the state would provide all of this).
2. Check imprinted with name and address of organization, plus
names/addresses/phones of officers.
3. Copy of minutes of organization meeting showing resolution to join
grex, with names/addresses/phones of board members attached.
|
rcurl
|
|
response 48 of 96:
|
Jan 28 17:24 UTC 1998 |
dang slipped in.
|
other
|
|
response 49 of 96:
|
Jan 28 17:48 UTC 1998 |
How about if we simply restrict institutional memberships to organizations
which are sufficiently formalized to be able to meet our needs for validation.
Any other groups which desire accounts may create, identify and pay for them
under the guise of personal memberships for the contact person. Other members
of such informal groups could simply create accounts of their own, and the
group could ask the paid member to use their own access resources to provide
for the group's needs. The individual member would still have a vote (because
it is not an institutional membership).
This does not seem on close examination to be particularly discriminatory to
informal organizations, especially when we created the inst'l m'ship as just
a way to recognize unusual needs. Also, I think it is fair to ask that such
informal organizations not hamper Grex's need to maintain its own security
and internet integrity. What is at issue is what we want to *give* to whom,
and as such, it is within our prudent purview to make those choices.
|