The Great Plains Free-Net Inc., based in Regina Saskatchewan, is a non-profit, volunteer-driven corporation dedicated to providing low and no-cost internet connectivity to residents, community groups and organizations that are not sufficiently served by commercial Internet Service Providers (ISPs).
In particular, the Great Plains Free-Net caters to individuals:
For community groups, the Great Plains Free-Net offers:
Because of the mix of products and services offered to the public, the Great Plains Free-Net (GPFN) needs a User Management System (UMS) to manage its user base. As GPFN is volunteer driven, this system needs to be managed remotely by volunteers. As GPFN exclusively uses a Linux server base, any new system should be implemented in a Linux environment and be Internet and Web enabled.
In general, the UMS needs to provide the following functions:
To date, GPFN has used a software package called Chebucto Suite to perform all User Management functions. The Chebucto Community Network in Halifax, Nova Scotia wrote Chebucto Suite (or Csuite). It uses a collection of about 300 shell scripts and a series of flat file datastores to manage all aspects of a user’s account on the system. Because of the changing nature of the Internet market space, Csuite development is now halted as is system support and maintenance.
Csuite assumes that all users will interact with the system using the Csuite shell or “Cshell”. This Cshell is a restricted, custom compiled version of a lynx web browser. Lynx is a text-only web browser that renders HTML pages without displaying any graphics. The Csuite version of Lynx allows users to use keystrokes to branch off into a file editor, a mail reader (pine), as well as manage or review aspects of their user.
Csuite was written for RedHat Linux 4.1. GPFN is planning to upgrade to RedHat Linux 7.2 for its new server. A number of security concerns, new features, and system libraries predicate the need for this upgrade. However, in initial examination of the Csuite package, it is likely that any attempt to migrate Csuite to this new Linux platform would necessitate a line-by-line review of the existing Csuite code. Such a review would be very costly in terms of volunteer personnel resources and would be very specialized work. As well, GPFN did not use some Csuite features while Csuite could not support other desired features.
At the same time, new technology in existence since Csuite was initially developed means that the backend datastores can use a complete Relational Database System (RDBS) such as MySQL. The application logic can use newer more capable implementation languages. This combination of a RDBS and new implementation languages will result in a robust system that is more flexible to the business needs of GPFN and will require less development effort than that required for the rewrite of Csuite.
GPFN is embarking on a comprehensive modernization strategy. As part of this strategy, GPFN is offering a number of new services and adopting a more member-centric philosophy. One problem with the existing system is that very few volunteers understand or can manage Csuite. Therefore member inquiries, problems or complaints often took a number of days to resolve. This delay resulted in member and volunteer frustration. At the same time, the Csuite package was hard-coded in terms of services and member categories, resulting in a collection of ad-hoc systems, databases and other methods to manage services and membership classes specific to GPFN.
While GPFN wants to maintain the Cshell for use by members and users who have older equipment, a growing number of members do not use Cshell. These members often use GPFN’s PPP connection for graphical web browsing, some POP client to connect to GPFN’s mail servers, or a third party high-speed internet connection to view GPFN’s web resources. For these users, a web-enabled system to allow them to review their account settings and change account parameters (such as passwords) is important.
It is expected that GPFN volunteers would interact with the new system using a graphical web browser. However, there will be users and volunteers who prefer the Lynx browser as their user interface. For this reason, any user interface should be implemented so that it does not make use of a graphics intensive front end. Similarly, the use of imagemaps, Javascript, applets, Shockwave and Flash media is not appropriate.
Because GPFN is a volunteer-driven, non-profit organization, cost containment is always an organizational issue. The UMS must be implemented in as cost-efficient a manner as possible. This necessitates the use of open-source or ther free software and development tools; conversely, GPFN discourages the use of products which require license fees or other costs.
Because GPFN’s environment is exclusively based on Linux, any system must be implemented on the latest release of RedHat Linux. At the same time, because Linux is a constantly evolving operating system, any system should be sufficiently flexible and robust that it can be ported to newer releases of RedHat as those releases become available.
This requirement can be met by attempting to confine operating system specific calls to a single layer within the application environment.
During a Joint Application Development (JAD) session with GPFN board members, volunteers and members, the business model employed by the Free-Net was enunciated and elaborated.
The Free-Net has three basic classes of users. Registered Users are users who have signed up for service but who are not members of the corporation. Registered users are essentially “Free” users. They are not billed for their usage of the system. In return they are entitled to internet access using a GPFN dial-up account but are only offered a Cshell with its component text-only web browser and text based e-mail reader. They have 5 Mb of disk quota in the mail system and 2 Mb of disk quota for personal files and downloads in their home account. They are guaranteed one hour of usage per day.
Individual members have paid a membership fee (currently $24 per annum) to become a member of corporation. The constitution of GPFN allows for the contribution of service or goods-in-kind in lieu of the membership fee. Individual members are entitled to full participation in the governance of the corporation including voice and vote at all public meetings and the opportunity to be elected to the board of directors.
From a system usage perspective, institutional members are entitled to the same access privileges as Registered Users except that they:
Institutional memberships are intended for community groups and organizations comprised of more than one person. As such, the same rights, responsibilities, privileges and opportunities exist to them as for Individual members with the following exceptions:
A number of additional services are available to members only. These services include:
The costs for some of these services are not yet determined but they are all billed on the basis of a calendar year.
As a holdover from the default implementation of Csuite, a number of current GPFN memberships are held as “family” memberships. This is a membership category employed by the Chebucto Community Network but never formally adopted by GPFN. However, a small number of members found an orphaned page on GPFN’s web site and sent in a cheque for $40 for a family membership. GPFN decided to honour this membership option.
During the JAD session, GPFN stakeholders decided that they wanted any new system to have the option of supporting family memberships. Upon further discussion, it was agreed that the new system should have the capability of supporting a number of “aggregator” type accounts. Another example of such an account would be a company or non-profit group who has given a donation to the Free-Net. In exchange for the donation, GPFN would provide memberships at a reduced cost or at no cost to members of that company or group.
Such an “affinity” program would give GPFN a way of forming and cultivating strategic partnerships with other community groups and would necessitate a special pricing option for some members who also belong to the partnering organization.
Since the implementation will use a Web Server connected to the Internet, security is a concern. This concern stems from two sources: how to prevent a “man in the middle attack” whereby a third party will intercept transmissions to and from the application and learn about a user’s password or other personal information, and how to ensure that an individual interacting with the system is entitled to perform such interactions. The former concern involves an issue of privacy, the latter an issue of authenticity.
The “man-in-the-middle” attack is not a present concern. Since GPFN has no plans to conduct on-line financial transactions at this time, there is little reason for a malefactor to attempt to hijack data transmissions from the UMS. At the same time, most users and volunteers will be using GPFN’s own modems to connect to the system further minimizing the chance for intercepting data transmissions. However, the requirement to support SSL encrypted connections may be added in the future.
The issue of user authentication is more pressing. The database should be secured so that only applications on the local host can access the data with write privileges. The application level should be designed so that user authentication is required before accessing the system and once authenticated a user’s credentials are maintained for the duration of the session. Once a session is finished or a time limit expired, these credentials must be revoked.
User authentication is important for both user access and volunteer access to the system. In the former case, it must be absolutely guaranteed that a user will never be able to access another user’s data. Similarly, it must be absolutely guaranteed that only approved GPFN volunteers will have access to the information of any user.
The proposed system will be implemented by volunteers. This reality has a number of constituent consequences:
Links
[1] https://niedermayer.ca/user/login?destination=node/68%23comment-form
[2] https://niedermayer.ca/user/login?destination=node/57%23comment-form
[3] https://niedermayer.ca/user/login?destination=node/58%23comment-form
[4] https://niedermayer.ca/user/login?destination=node/59%23comment-form
[5] https://niedermayer.ca/user/login?destination=node/60%23comment-form
[6] https://niedermayer.ca/user/login?destination=node/61%23comment-form
[7] https://niedermayer.ca/user/login?destination=node/62%23comment-form
[8] https://niedermayer.ca/user/login?destination=node/63%23comment-form
[9] https://niedermayer.ca/user/login?destination=node/64%23comment-form
[10] https://niedermayer.ca/user/login?destination=node/65%23comment-form
[11] https://niedermayer.ca/user/login?destination=node/66%23comment-form
[12] https://niedermayer.ca/user/login?destination=node/67%23comment-form
[13] https://niedermayer.ca/user/login?destination=node/69%23comment-form