Story #1913
Decide email redaction policy
100%
Description
At the October 2011 AHM there was concern over providing email addresses for all registered DataONE accounts. We can redact the email when listing subjects and when displaying details for specific subjects, but there are cases when the email is useful:
-to differentiate between very similar accounts (Matt Jones vs. Mike Jones or bwilson@gmail vs. bwilson2@gmail) when setting access control rules
-to allow the yet-to-be-determined "account verifier" to actually be able to verify that the email is valid for that identity
-to allow system maintenance messages to be sent to member node administrators
-to report usage history from the log (name + email) to data package owners
Possible rules for NOT redacting emails:
* CNs can retrieve all account information
* MN admin accounts can retrieve all information
* special D1 admin accounts can retrieve all information
*these rules can specified in the registered Node-->Service-->ServiceMethodRestriction
History
#1 Updated by Ben Leinfelder about 13 years ago
- Category set to d1_identity_manager
- Assignee set to Ben Leinfelder
#2 Updated by Dave Vieglais about 13 years ago
- Target version changed from Sprint-2011.43-Block.6 to Sprint-2011.44-Block.6
- Position deleted (
6) - Position set to 2
#3 Updated by Ben Leinfelder about 13 years ago
- Status changed from New to Closed
CNs will be the only subject that can retrieve full Person details
