Changes between Version 9 and Version 10 of Proposal/ProjectSimpleAccountCreation

Timestamp:

Sep 28, 2011, 1:16:25 PM (13 years ago)

Author:

davea

Comment:

--

Proposal/ProjectSimpleAccountCreation

@@ -1 @@
-= Simplified Project Website Account Creation in BOINC =
-== Introduction ==
-BOINC supports multiple ways to create accounts for any given project.  Creating accounts on a BOINC project via the project website hasn’t received as much attention in previous years as it probably should have.  This revised process is an attempt to better capture volunteers that are visiting a project website via press releases and other forms of advertisement.
+[[PageOutline]]
+= Simplified Account Creation =
 
-At present the current system asks the volunteer to remember the projects URL and then shuffles them off to the BOINC website to download the client software.  Once the software has been downloaded the volunteer has to walk through the project attach wizard and then volunteer must remember the project URL and answer questions about account credentials.
+Currently, to attach to a project not in BOINC's "official list",
+a new volunteer must:
+ * visit the project's web site, note its URL, and follow a "download BOINC" link.
+ * download and install BOINC
+ * type or paste the URL into the Attach Project wizard
+ * enter credentials (email, password)
+ * fill in some additional info on the "complete account creation" web page
 
-With the purposed changes in this document we should be able to support the following scenarios:
- * Automatic attach via anonymous accounts
- * Automatic attach via identifiable accounts
- * Automatic attach via client-created accounts
+The following is proposal for new features in BOINC to support
+several ways of streamlining this process.
 
-Anonymous accounts are accounts which do not contain and personally identifiable information, when a volunteer downloads the client software a set of cookies are deposited onto the host by the project to inform the manager which project it should attach too.
+'''Note: we assume that the project is in BOINC's official-project list
+(although some of the ideas could adapted to remove this restriction).'''
 
-Identifiable accounts are the traditional account scheme used in BOINC, at present we just care about an email address and password.  In this scenario a project can determine which pieces of information it needs to collect before setting the cookie set and begin the process of downloading the client software.  As far as the client software is concerned it is the same as attaching to an anonymous account.
+== Scenarios ==
+We want to support the following scenarios:
 
-Automatic attach via client-created accounts is where the server stores the needed cookie information except the authenticator, the client will then prompt for the email address and password to use for the project and then proceed to create that account before attaching to the project.
+=== Public account ===
 
-== Changes to the Project Website ==
-When a volunteer first visits a project's homepage with a supported browser they are presented with a 'download now' link instead of the current 'create account' link.
-Under the anonymous account scenario and client-created account scenario the process might look like this:
+In this case the volunteer is attached to an existing "public" account.
 
-Clicking on the 'download now' link will cause a set of cookies to be stored on the machine; these cookies will contain the authenticator to use and the current time of the server.  The resulting page should provide basic instructions to launch the BOINC installer on the supported browser.  After 5-10 seconds the webpage should redirect to the BOINC website to download the BOINC installer and pass in the authenticator and return URL which will be used to return the volunteer to the project where they may decide to provide more information (name, country, team, etc) to the project.
+Interface (new users):
+ * Click on Download link
+ * Run installer
+That's it (no Wizard).
 
-Under the identifiable account scenario the process might look like this:
+Interface (existing users):
+ * Click on Volunteer link
+ * A few minutes later, the Manager shows a "confirm" dialog:
+   Do you want to add project X, URL Y.
 
-Clicking on the 'download now' link will cause a popup frame to appear asking for the required information.  After the information has been provided a set of cookies are stored on the machine; this cookie will contain the authenticator to use and the current time of the server.  The resulting page should provide basic instructions to launch the BOINC installer on the supported browser.  After 5-10 seconds the webpage should redirect to the BOINC website to download the BOINC installer and pass in the authenticator and return URL which will be used to return the volunteer to the project where they may decide to provide more information (name, country, team, etc) to the project.
+A weak authenticator is used
+since we don't want the user to be able to edit the account.
 
-== Changes to the BOINC manager ==
-At present the BOINC manager requires either a project_init.xml file or an acct_mgr_url.xml file to engage the cookie detection code and automatic add project process.  We should modify the manager to check for cookies from all the available URLs in the all projects list.  It should behave like this:
+=== Anonymous account ===
+
+In this case an "anonymous" account is created
+(Name: "Anonymous"; email: random string).
+
+Interface: same as Public account.
+
+A strong authenticator is used.
+
+Accessible via "Your account" link on MGR.
+The project must export this GUI URL.
+(make sure this is clearly visible in simple view).
+
+=== Identifiable account ===
+
+Interface:
+ * User fills out a form with email addr, password, user name,
+   and anything else the project wants to collect.
+ * User clicks on either Download (if new user)
+   or Add Project (if existing user).
+ * new user case: run installer
+ * existing user case: the Manager shows a "confirm" dialog:
+   Do you want to add project X, URL Y, user name Z?
+
+== Implementation notes ==
+
+In all cases, the project web server sets a cookie with
+account info prior to downloading BOINC.
+
+=== Client download without going to the BOINC web site ===
+We need to add web RPCs so that project web code
+can find the URL of the appropriate client version to download.
+
+If it can't (i.e. insufficient browser info), it should redirect to the BOINC download page.
+
+=== Manager/client coordination ===
+
+In the new-user case, if the manager doesn't find a cookie on the first pass,
+it should wait until the client has a new all-projec,
+then scan cookies again.
+May need to add a flag to CC_STATUS for this.
+
+=== Changes to the BOINC manager ===
+The manager will do the following,
+on startup and every 10 min or so:
 
 {{{
+        foreach (project and acct mgr in all_projects_list.xml)
+            if exists(project.cookie) and not already attached
+                add project cookie to CookiesFound array
 
-if NumberofAttachedProjects == 0 then
-    if exists(project_init.xml) or exists(acct_mgr_url.xml) then
-        ... do the same stuff as we do now ...
-    else
-        foreach (project in all_projects_list.xml)
-            if exists(project.cookie) then
-                add project cookie to CookiesFound array
-            endif
-        endfor
-
-        sort CookiesFound array by CreationTime
+        sort CookiesFound array by increasing CreationTime
 
         if CookiesFound.Count > 0 then
             if CookiesFound[0].IsProject then
-                launch attach to project wizard in automatic mode
+                if any projects or acct manager already
+                    show confirm dialog
+                attach to project
             endif
             if CookiesFound[0].IsAccountManager then
-                launch attach to account manager wizard in automatic mode
-            endif
-        endif
-    endif
-endif
+                if any projects or acct mgr alread
+                    show confirm dialog
+                attach to acct mgr
+}}}
+If there is an error in the attach, deliver a notice suggesting checking proxy settings.
 
-}}}
-NOTE:  Unless there is an error, the only thing the volunteer might be prompted for is proxy server information.
+=== Server-side PHP code ===
+We need to supply PHP templates for all the above scenarios.
 
-== Implementation Details ==
+=== Proxy settings ===
+
+Add auto proxy setup in manager (at startup, if no projects/acct mgrs).
+If we find proxy,
+ * tell the client (set_proxy GUI RPC)
+ * tell the client to get proj list (may need to add GUI RPC for this).
+
 === Project Cookie Contents ===
 
@@ -65 +119 @@
 || !CreationTime || time_t || time(0) || The current timestamp of the cookie set ||
 
-Notes: If the authenticator is missing but the Action item is defined then it is assumed the manager should prompt for the creation of credentials.
+Notes: If the authenticator is missing but the Action item is defined
+then it is assumed the manager should prompt for the creation of credentials.
 
 Notes: Pre 6.13 clients only react to the Authenticator item.
@@ -78 +133 @@
 || !CreationTime || time_t || time(0) || The current timestamp of the cookie set ||
 
-== Conclusion ==
-In theory this should allow us to capture incoming volunteer traffic from mainstream media regardless of their level of computer expertise.
+== Outstanding Issues ==
 
-== Outstanding Issues ==
-=== What do we do about alpha and beta projects? ===
-Normally alpha and beta projects to not make the all_projects_list.xml file. However, it would be useful to be able to capture new BOINC clients via news articles about alpha and beta projects.
+=== Projects not on the official-project list ===