|
Grex > Coop8 > #117: Things that Grex might do better | |
|
| Author |
Message |
| 19 new of 143 responses total. |
mdw
|
|
response 125 of 143:
| 
Oct 12 10:40 UTC 1996 |
An electronically signed web page might be more interesting.
|
steve
|
|
response 126 of 143:
|
Oct 12 18:21 UTC 1996 |
But still not useful in this context, 'till the legal system
in this country recognizes them.
|
ladyevil
|
|
response 127 of 143:
|
Oct 12 20:43 UTC 1996 |
Well, State Law might not be dealt with, using an electronically signed
Homepage.. but what about the "good net neighbor" concept?
BTW< I'm not getting on the web anytime soon- I really don't care for it,
so don't worry that I'm going to run out and try this. I'm just curious.
|
dang
|
|
response 128 of 143:
|
Oct 14 01:02 UTC 1996 |
Suppose, for example, that I use my webpage on UM as identification for net
use, if not for membership? I can tell staff that I will set up a page
without a link from anywhere, in any directory they want, with whatever
filename they want, that says whatever they want, and then they can varify
it. UM maintains an accurate list of all the people's names, addresses, and
phone numbers in the X.500 directory, that you have to use if you want a
webpage. Would that work? (I'm not going to try this either. Like Salena,
I'm curious.)
If that is accepted, that raises the question of what institutions are
accepted as "accurate names and addresses" and what aren't.
|
e4808mc
|
|
response 129 of 143:
|
Oct 14 01:38 UTC 1996 |
The UM X.500 directory, unless it has changed dramatically, doesn't provide
any better data than you give it. For years, I used a PO Box and an old phone
number in my file. The UM can only verify that a person using a certain name
is a student or an employee. They don't verify addresses or phone numbers.
What is the problem we are trying to solve? If you want to be a member, you
comply with state law and send in a copy of legal, picture ID. If you don't
want to do that, you can give huge sums of money and not have to reveal
personal information.
If you want to change the state law, you go to Lansing and get your
representative to introduce an amendment to the state commerce law that sets
up corporations. Grex can't change state law by fiat.
Besides, I like the idea of bidding for the Grex Enchantress title. ;-)
|
ajax
|
|
response 130 of 143:
|
Oct 14 01:53 UTC 1996 |
The file /usr/local/grexdoc/minutes/1995-09-27 has the minutes with
the current verification policy. The policy is oriented identifying
users who want to post Usenet articles (whether members or not), but
since we don't offer that service directly right now, it's not used
for that. I think the ID list is the same for member identification
as well, but I'm not positive. Here are the first two paragraphs of
the policy:
"(1) Anyone requesting access to Grex services for which verification
is required shall present proof of his or her identity. Members and
non-members will be held to the same verification criteria. In order
to be considered verified, a person shall submit a photocopy of an
item of acceptable identification and a signed letter requesting the
access.
(2) The acceptable items of identification are government-issued ID,
school-issued ID, library-issued ID, or a personal check written to
Cyberspace Communications Inc. by the person requesting access. To be
accepted, the item must be currently valid (i.e. not expired), must
identify the person by name, and must include additional identifying
information other than a photograph (such as home address,
passport number, or name of school)."
|
srw
|
|
response 131 of 143:
|
Oct 14 01:59 UTC 1996 |
Our current policy is not to rely on other sites for
authenticity checking, because we really have no idea which ones
are trustworthy and which not. So this is all academic about the
X-500. We could change our policy if there were sufficient
reason to, I suppose. I don't see it right now.
(no *picture* ID is required, by the way, since in general we
don't know what you look like anyway. Just an official ID.)
|
srw
|
|
response 132 of 143:
|
Oct 14 02:01 UTC 1996 |
Rob slipped in with a lot more detail.
|
scg
|
|
response 133 of 143:
|
Oct 14 03:53 UTC 1996 |
We know the University of Michigan, and we know that somebody with an account
there is likely to be a real person, who we could probably track down if we
needed to. The problem is that tehre are lots of universities that we don't
know, , and putting together a list of trusted sitest like that would be way
more trouble than it would be worth.
|
dang
|
|
response 134 of 143:
|
Oct 14 17:43 UTC 1996 |
I realize all that. It was merely a hypothetical situation. Someone
presented me a ball, and I ran with it. (Have you ever imagined a world with
no hypothetical situations?) BTW, The X.500 didn't *ask* me for anything.
It just put in my official residence from the UM records or something.
|
mdw
|
|
response 135 of 143:
|
Oct 15 03:24 UTC 1996 |
The information in X.500 comes from two sources, (1) the databases at
DSC (such as the staff and student databases), which in turn come from
records such as employment applications, student applications, and which
generally get updated for purposes such as sending out tax forms and
student grades, and (2) information supplied by the user directly. UM
has a fairly strong sense of user privacy - and it has a very strong
sense of cya. The former means they are not likely to give out any
information that the user does not specifically designate as information
to publish - and that generally includes student home addresses. The
latter means that if a user here claimed to be a UM student, then
perpetrated some horrendous crime on some other internet site, it is not
likely that UM would release any information on the student to us under
any circumstances, or any information on the student to anyone without a
court order to that effect.
For voting purposes, we need to keep and maintain a list of members,
including their addresses. For the protection of the organization, and
to prevent fraud, we need to have *some* fair and objective means to
keep one person from claiming to be more than one member, and the voting
list must be accessible to anyone who has the ability to legitimately
question the voting process on grex. The records in X.500 aren't very
useful for either purpose, and aren't intended to be used for such
purposes. I believe we'd only be asking for trouble by using them for
this.
For internet purposes, there is no definitive legal standard. There is,
nevertheless, the expectation that internet sites can (a) hold their
users accountable for actions they perform on the internet, and (b) deny
access to users who do bad things. This is, of course, contrary the
original intent of grex, to provide public access to all, and so we have
an inherent problem, how to support policies required by other
institutions, without affecting the flavor of grex itself. In order to
implement (a), we have to collect sufficient information that another
site could (in theory) sue a grex user for actions they did on their
system. We hope that will never happen - actually, we hope such users
will be discouraged by being asked for valid identification information,
and find some other means to satisfy their desires that does not involve
grex. Because users can change their own X.500 address information,
clearly the information in X.500 doesn't directly meet either need, and
because UM is unlikely to surrender such information on demand,
connecting a grex loginid with a UM uniqname is of very limited value,
at least to us. So, again, X.500 doesn't seem to be of use here.
|
arthurp
|
|
response 136 of 143:
|
Oct 19 23:55 UTC 1996 |
And to take another tack. UM 'unique names' are widely circulated. Friends
share passwords so that a particular 'unique name' may be three or four
people. I see it all the time. Hmph.
|
popcorn
|
|
response 137 of 143:
|
Oct 20 03:34 UTC 1996 |
Interesting. As I understand it, you can lose your U of M computer access
for sharing it with anybody.
|
dang
|
|
response 138 of 143:
|
Oct 20 21:19 UTC 1996 |
How are thry going to know?
|
mta
|
|
response 139 of 143:
|
Oct 21 00:16 UTC 1996 |
If a thing becomes common enough, people forget to cover their trails. Then
it becomes simplicity itself to spot. Or so it works with most things.
(Dunno about login sharing...)
|
arthurp
|
|
response 140 of 143:
|
Oct 21 01:32 UTC 1996 |
The only thing they share regularly is usenet access, web access, and
telnet/ftp connections. I think anyway. THe email is genearlly understood
to be off limits to the borrowers. I sure would yank an account for that.
Besides I'm not really willing to share my account (when I have it) after
paying the kind of money it takes to get it.
|
dang
|
|
response 141 of 143:
|
Oct 22 16:19 UTC 1996 |
(Doesn't cost us at UM any more than tuition to get it.)
|
davel
|
|
response 142 of 143:
|
Oct 22 19:24 UTC 1996 |
(That makes it the most expensive ISP I've ever heard of, by several orders
of magnitude.)
8-{)]
|
dang
|
|
response 143 of 143:
|
Oct 23 16:43 UTC 1996 |
(Assuming, of course, that you don't have someone else paying your tuition...
:)
|