Changes between Version 15 and Version 16 of UserOptInConsent


Ignore:
Timestamp:
Jun 4, 2018, 9:42:01 AM (3 years ago)
Author:
skwang
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UserOptInConsent

    v15 v16  
    55== User Experience ==
    66
    7 When using the main BOINC manager to join a project (Add Project), the user is shown a Terms of Use / Project policy text. S/he must accept the terms of use before the account is created. As part of the account creation process, the date-time of this consent is recorded in the project's database.
     7When using the main BOINC manager to join a project (Add Project), the user is shown a Terms of Use / Project policy text. S/he must accept the terms of use before the account is created. As part of the account creation process, the agreement to the terms of use is recorded in the project's database.
    88
    9 For account managers, AM can download a site's terms of use from `get_project_config.php`. Then present this to a user. It will be the responsibility of an AM to present the text along with a checkbox for the user to opt-in. (It must not be passive.) The `create_account.php` RPC will be modified slightly for AM to set a consent flag. Additionally, the `am_set_info.php` RPC will be modified to allow AM to update the a user's consent information.
     9For account managers (AM), AMs can download a site's terms of use from `get_project_config.php`. Then present this text to a user. It will be the responsibility of an AM to present the text along with a checkbox for the user to agree to. (It must not be passive.) The `create_account.php` RPC will be modified slightly for AM to set a consent flag. Additionally, the `am_set_info.php` RPC will be modified to allow AM to update the a user's consent information.
    1010
    11 For Web registration, the login page can provide the terms of use text. Users will have to accept the terms of use before creating an account.
     11For Web registration, the login page can provide the terms of use text. Users will have to accept the terms of use before creating an account. This agreement will be stored in the project's database.
     12
     13For existing accounts: A project may decide that existing accounts should also agree to a terms of use. This is a separate feature from the user agreement to a terms of use when registering an account. Existing users will have tto agree to a terms of use via a checkbox, and then that agreement is stored in the project's database.
    1214
    1315== Existing code ==
     
    2123`boinccmd` command-line client does not use the [wiki:TermsOfUse] mechanism. Thus when a user creates an account, s/he does not see any terms of use, even if it exists.
    2224
     25Lastly, the terms of use text file must be text. HTML should be supported, although this may be added later.
     26
    2327== Technical Implementation ==
    2428
    2529=== Project config ===
    2630
    27 A new project option will be included in `config.xml` for projects, `enable_record_optin_consent` option. This flag would toggle whether or not the project records the consent of users: basically it would toggle using this new feature. The default is false, or disabled.
     31A new project option will be included in `config.xml` for projects, `enable_login_mustagree_termsofuse` option. This flag will toggle whether or not the project requires **existing** users to agree to the terms of us of the site. Note, a site may toggle the feature where new accounts are required to agree to a terms of use in the OPS page. This config parameter is independent of the OPS page (see below).
    2832
    2933=== Database ===
     
    4246* `consent_type`
    4347  * `consent_id` - consent id, also the primary key.
    44   * `shortname` - consent name, these should be short and in ALLCAPS, e.g., ENROLL, STATSEXPORTS, etc.
     48  * `shortname` - consent name, these should be short and in ALLCAPS, e.g., ENROLL, STATSEXPORTS, etc. There should be no spaces either.
    4549  * `description` - text field describing the consent that user gives (or has given).
     50  * `enabled` - if true, this consent type is enabled. This is toggled in the OPS page for managing consent types.
    4651  * `protected` - if true, this consent type is introduced by BOINC upstream. If false this consent type project-specific, and was added by the project via the ops pages.
     52  * `privacypref` - if true, (and enabled), this consent type will be shows in the preferences page in the privacy section. This allows projects to add consent types which deal with user privacy; and no additional coding is necessary.
    4753
    4854==== Discussion ====
     
    5662* Account Managers should put their name in, e.g. `source` = 'BAM!' or `source` = 'GridRepublic'.
    5763* command-line client uses 'boinccmd'.
    58 * In the case where `source` is not specified (but consent is being used) then a default `source` of 'URL' will be used.
     64* In the case where `source` is not specified (but consent is being used) then a default `source` of 'URL' can be used.
    5965  * 'URL' represents the fact that a user can create an account using the RPC by typing the correct parameters into the URL bar of a browser, or using a command line tool such as curl.
    6066
    6167Re: `consent_type` table
    6268
    63 At first there will be two record in `consent_type`: the main terms-of-use a user consents to when joining the project and a stats-exports consent type. This allows for flexibility - a project may decide to present a user with multiple items to consent to. Each can be recorded in the `consent` table with a different `consent_name`, whose description is stored in the `consent_type` table. The `protected` field indicated a consent type that is introduced by BOINC upstream for all projects.
     69At first there will be two records in `consent_type`: the main terms-of-use a user consents to when joining the project (ENROLL) and a stats-exports consent type (STATSEXPORT). In effect, these are distributed by BOINC upstream. This allows for flexibility - a project may decide to present a user with multiple items to consent to. Each can be recorded in the `consent` table with a different `consent_name`, whose description is stored in the `consent_type` table. The `protected` field indicated a consent type that is introduced by BOINC upstream for all projects.
     70
     71The `enabled` flag is fairly important. By default no consent types are enabled. The project admins may toggle this in the Manage Consent Types OPS page. If the 'ENROLL' type is enabled, users will have to agree to a terms of use when creating an account. (The terms of use file must also exist). Independently, if 'ENROLL' is enabled, and parameter 'enable_login_mustagree_termsofuse' is equal to 1 (TRUE), existing users must agree to the site's terms of use.
     72
     73If 'STATSEXPORTS' type is enabled, users will see a new privacy preference option about statistics exports. They may give consent to this consent type in the user preference pages.
    6474
    6575Re: `consent` table
     
    103113=== Web site ===
    104114
    105 The Web site account registration page will have a new panel that includes the terms of use text. This will be the same text file as [wiki:TermsOfUse]. The text file is processed with PHP's `nl2br()` function in order to format the plain text into text that is readable in HTML. Admins should **not** put HTML tags into the plain text [wiki:TermsOfUse] file.
     115The Web site account registration page will have a new panel that includes the terms of use text. This will be the same text file as [wiki:TermsOfUse]. The text file is processed with PHP's `nl2br()` function in order to format the plain text into text that is readable in HTML. Admins should **not** put HTML tags into the plain text [wiki:TermsOfUse] file. (In the future, we hope to make this HTML compatible.)
    106116
    107117The registration page will have an additional checkbox that requires a user opt-in to the terms of use. If this is not checked, the account will not be created, and an error shown to the user. Only when the checkbox is checked, will an account be created. A new record will be inserted into the `consent` table, in the same manner as the create_account RPC.