Newbies only - GitHub? really?
179 views
Skip to first unread message
JWHoneycutt
Oct 15, 2016, 8:51:14 PM10/15/16
to TiddlyWiki
The contributors on this site (almost) all suffer from the curse of expertise.
People talk about some characteristic I would like my Wiki to have, and the thread authoritatively links to some GitHub repository. This confuses me.
I have followed instructions and setup my own GitHub repository (was I supposed to independently install Git?). All the tutorials are designed to teach forking, branching, committing, and merging. I don't want any of that.
I just want to acquire the functionality, install the plugin, or whatever it's called.
There's a whole bunch of stuff there: Gitignores, Readmes, Dockers, Gems, and even "instructions" with racing graphics.
For the newbie like me (and you) - all this is useless. GitHub is not my intended destination - I don't want to develop software or "version control collaborate" with anybody (for now) - I just want to load the darned thing and try it out on a new Starter Wiki.
Have you figured this out or can you understand my confusion?
People talk about some characteristic I would like my Wiki to have, and the thread authoritatively links to some GitHub repository. This confuses me.
I have followed instructions and setup my own GitHub repository (was I supposed to independently install Git?). All the tutorials are designed to teach forking, branching, committing, and merging. I don't want any of that.
I just want to acquire the functionality, install the plugin, or whatever it's called.
There's a whole bunch of stuff there: Gitignores, Readmes, Dockers, Gems, and even "instructions" with racing graphics.
For the newbie like me (and you) - all this is useless. GitHub is not my intended destination - I don't want to develop software or "version control collaborate" with anybody (for now) - I just want to load the darned thing and try it out on a new Starter Wiki.
Have you figured this out or can you understand my confusion?
Mark S.
Oct 15, 2016, 10:57:01 PM10/15/16
to TiddlyWiki
GitHub does seem to have a bit of a cult-like following these days.
What task is it that you are trying to accomplish?
Good luck,
Mark
What task is it that you are trying to accomplish?
Good luck,
Mark
JWHoneycutt
Oct 16, 2016, 1:04:43 AM10/16/16
to TiddlyWiki
Mark - Thanks for asking.
I want complete control over my wiki.
I want to make it accessible on the web, and not with a link to my Dropbox, or in a way that has my name all over it.
I want it securely encrypted.
I want to know who is logging in to access it, so that I can verify their identity. (Facebook login confirmation?)
I want to be able to control what portions of the wiki are available, and individually expand what is available over time.
I need to restrict/eliminate the viewer's ability to edit a tiddler.
I need the viewer to be able to provide comments/suggestions for me be able to incorporate into the wiki.
I need to create a separate wiki for each different viewer, if they chose to enter personal information into it.
This is all about medical records - so the controls have HIPAA and legal requirements.
JWHoneycutt
I want complete control over my wiki.
I want to make it accessible on the web, and not with a link to my Dropbox, or in a way that has my name all over it.
I want it securely encrypted.
I want to know who is logging in to access it, so that I can verify their identity. (Facebook login confirmation?)
I want to be able to control what portions of the wiki are available, and individually expand what is available over time.
I need to restrict/eliminate the viewer's ability to edit a tiddler.
I need the viewer to be able to provide comments/suggestions for me be able to incorporate into the wiki.
I need to create a separate wiki for each different viewer, if they chose to enter personal information into it.
This is all about medical records - so the controls have HIPAA and legal requirements.
JWHoneycutt
Jed Carty
Oct 16, 2016, 3:46:29 AM10/16/16
to TiddlyWiki
Generally when someone links to something no github they are linking to something that isn't tiddlywiki as an example of what they would like to see in tiddlywiki. In those cases we can't just give you something to put into your wiki and try it out because it doesn't exist. You can completely ignore git and github and you won't miss anything.
From your list it sounds like you need some dedicated custom software on your own server. What you want isn't simple and pieces of it are going to be pretty complex.
Now, for your list:
You have complete control over any wikis you have. I don't know what else you want here.
Making it accessible to the web requires you to have somewhere to host it. You can try tiddlyspot if you don't like any other web hosting solutions. TiddlyWiki needs to be hosted somewhere to be accessible online, just like any other webpage. That isn't a tiddlywiki problem.
The encryption tiddlywiki has is pretty secure, but I think you are asking for the wrong thing here.
You want to know who is logging into what? TiddlyWiki is a single file application, there is no server to take care of this. Also if you are going to do medical records please ask someone who knows something about security and privacy about facebooks business model before handing them your users medical data.
Letting a user edit one part of a wiki and not another in a secure fashion may be impossible. TiddlyWiki is a single file application and if you give a user write permissions and they know what they are doing than they can change any part of it.
You can have read only wikis, but the note above applies to any edits you want to let users make.
Leaving comments either uses a third party service like the google form commenting system (once again, ask someone who does security and privacy things about googles business model before sharing all the data with them please)
Creating a separate wiki for each user is something that requires you to have a server and your own hosting. It isn't particularly difficult to do but it isn't part of tiddlywiki.
The system that you want is going to have pieces that are far outside of what tiddlywiki is because it is going no require its own server. It sounds like this is something that needs an actual database backend and probably some dedicated developers to make. You may want to look into a CMS like Drupal, but once again, please talk to someone who has a background in security and privacy.
From your list it sounds like you need some dedicated custom software on your own server. What you want isn't simple and pieces of it are going to be pretty complex.
Now, for your list:
You have complete control over any wikis you have. I don't know what else you want here.
Making it accessible to the web requires you to have somewhere to host it. You can try tiddlyspot if you don't like any other web hosting solutions. TiddlyWiki needs to be hosted somewhere to be accessible online, just like any other webpage. That isn't a tiddlywiki problem.
The encryption tiddlywiki has is pretty secure, but I think you are asking for the wrong thing here.
You want to know who is logging into what? TiddlyWiki is a single file application, there is no server to take care of this. Also if you are going to do medical records please ask someone who knows something about security and privacy about facebooks business model before handing them your users medical data.
Letting a user edit one part of a wiki and not another in a secure fashion may be impossible. TiddlyWiki is a single file application and if you give a user write permissions and they know what they are doing than they can change any part of it.
You can have read only wikis, but the note above applies to any edits you want to let users make.
Leaving comments either uses a third party service like the google form commenting system (once again, ask someone who does security and privacy things about googles business model before sharing all the data with them please)
Creating a separate wiki for each user is something that requires you to have a server and your own hosting. It isn't particularly difficult to do but it isn't part of tiddlywiki.
The system that you want is going to have pieces that are far outside of what tiddlywiki is because it is going no require its own server. It sounds like this is something that needs an actual database backend and probably some dedicated developers to make. You may want to look into a CMS like Drupal, but once again, please talk to someone who has a background in security and privacy.
JWHoneycutt
Oct 16, 2016, 7:08:55 AM10/16/16
to TiddlyWiki
Yes, Jed -
Thanks for the thorough reply.
I am not going to share medical or identity information TO Facebook or Google. I want to provide general information in a single HTML file Wiki to everyone.
If an end user chooses to, they can enter their personal identifying information and this information can be used to access THEIR specific medical file from the electronic health record. At that point, I intend for the end user to have created a separate Wiki that the client (alone) can control access to - (it's their sensitive and personal information). My vision is that it is therefore a personalized wiki on a hosted location or downloaded onto their hard disk. The risks associated with this would need to be explained to the end user, just like they are when you access your medical records using the hospital system now. Once the end user has write capability, they are no longer using the general info wiki.
In some well done Wikis - I see a "comment" icon - looks like a bubble. I am hoping to provide this bubble on the general information Wiki - so that subject matter experts can provide useful information about a process that is constantly changing. At the same time, i need to protect the general info wiki from willful sabotage or inadvertent misinformation, since that would damage the credibility of the whole process.
JWHoneycutt
Jed Carty
Oct 16, 2016, 7:33:38 AM10/16/16
to TiddlyWiki
The google forms based commenting that Mat made for twaddle, which is probably what you are talking about with the comment icon on well made wikis, is done by storing comments on google sheets using the google forms api. This is sharing the information with google. And you can't use facebook to track or limit who access the data without sharing the identity data with facebook. I used hashover on my blog wiki thing, but that requires my own hosting space and I wouldn't put too much faith in how secure it is.
You can make a general information wiki that is generally accessible to anyone online and they can download their own copy and enter whatever information they want into it. It would be on their own device and they would have full control of it, but it would only be on that device and they couldn't access it from elsewhere unless they hosted it themselves. And in this case you would still have to have some server-side mechanism to see who accessed it and to have any sort of authentication. If you intend to provide the hosting for the users private wikis than the authentication to be able to access and edit these wikis would need to come from something other than tiddlywiki, or we would need to create tools to do that which would be a rather large task by itself.
It sounds like you may just want to use tiddlywiki as a frontend to whatever service will be used to access the EHR data. That is something tiddlywiki could be used for but there are many other pieces that would need to be created. I am not sure that tiddlywiki is an appropriate tool for what you want to do.
You can make a general information wiki that is generally accessible to anyone online and they can download their own copy and enter whatever information they want into it. It would be on their own device and they would have full control of it, but it would only be on that device and they couldn't access it from elsewhere unless they hosted it themselves. And in this case you would still have to have some server-side mechanism to see who accessed it and to have any sort of authentication. If you intend to provide the hosting for the users private wikis than the authentication to be able to access and edit these wikis would need to come from something other than tiddlywiki, or we would need to create tools to do that which would be a rather large task by itself.
It sounds like you may just want to use tiddlywiki as a frontend to whatever service will be used to access the EHR data. That is something tiddlywiki could be used for but there are many other pieces that would need to be created. I am not sure that tiddlywiki is an appropriate tool for what you want to do.
PMario
Oct 16, 2016, 1:31:45 PM10/16/16
to tiddl...@googlegroups.com
Hi JWHoneycutt,
I needed to modify your original text, and added some numbers, so it's easier for me to reply.
Sorry for the wall of text, that follows. As I wrote the Conclusion, I thought I'd start with it, because it's much shorter than the reply's :)
Conclusion: (also see second post)
Your sentence from the OP (original post) here:
I needed to modify your original text, and added some numbers, so it's easier for me to reply.
Sorry for the wall of text, that follows. As I wrote the Conclusion, I thought I'd start with it, because it's much shorter than the reply's :)
On Sunday, October 16, 2016 at 7:04:43 AM UTC+2, JWHoneycutt wrote:
1) I want complete control over my wiki.
2) I want to make it accessible on the web, and not with a link to my Dropbox, or in a way that has my name all over it.
3) I want it securely encrypted.
4) I want to know who is logging in to access it, so that I can verify their identity. (Facebook login confirmation?)
5) I want to be able to control what portions of the wiki are available, and individually expand what is available over time.
6) I need to restrict/eliminate the viewer's ability to edit a tiddler.
7) I need the viewer to be able to provide comments/suggestions for me be able to incorporate into the wiki.
8) I need to create a separate wiki for each different viewer, if they chose to enter personal information into it.
9) This is all about medical records - so the controls have HIPAA and legal requirements.
Conclusion: (also see second post)
Your sentence from the OP (original post) here:
>There's a whole bunch of stuff there: Gitignores, Readmes, Dockers, Gems, and even "instructions" with racing graphics.
shows me, that you did read and think quite a lot about your problems. The solutions should be easy, but they aren't and that may be frustrating. (just a guess :)
IMO if you treat your point 9), the HIPAA requiremtns, real, it makes everything complicated. So my proposal is:
- Use TiddlyWiki and
- Use encrypted e-mails. ... That's not a joke.
The following reasoning will show, you why "the cloud" may be the wrong thing here.
Or jump to the second post, why I'd go with plain old email :)
== reasoning ===========================
You are touching 9 points, which are a valid desire and seem to be simple. But they are very very challenging because of (but not only) point 9 "medical records" aka "sensitive personal data". For me it also seems, that you mix up several things. ... I'll try to explain some contexts, that I think are important, to understand, what you actually request here.
add 1) I want complete control over my wiki.
That's exactly, what TiddlyWiki is intended to be used for. TiddlyWiki.html is a single file, that lives on your local harddisk and therefore you have "complete control". If your haddisk is transparently encrypted by your operating system, no extra steps are needed. Not even the built in encryption. .. The weak spot here probably is your log in password ;)
add 2) I want to make it accessible on the web, and not with a link to my Dropbox, or in a way that has my name all over it.
If you want to keep 1) "complete control" in tact, you need your own server in your own location. Because that's the only way to have "complete control". period.
If you don't want to have your own server, you ''have to'' trade "control" for "convenience".
IMO because of 9) private data, a free hosting service is ''No'' option here, since:
* There are many "free hosting" companies out there, that let you trade "convenience" for "tacking-data" and "control". They are _NOT_ free. You pay them with your data and the allowance to spam you with adverts. period.
* So you need a paid service that you can trust. Professional hosting services trade money for "convenience". They provide hosting solutions that give you "full control". They just run the hardware for you! Important: know the "terms of service"!!!
The problem here is, that you still need to deal with "Authentication" https://en.wikipedia.org/wiki/Authentication and "Authorisation" https://en.wikipedia.org/wiki/Authorization, which isn't simple at all if done right. That's why we tend to trade "convenience" with "control" and "tracking-data" and let 3rd parties do that for us. eg: log in via: twitter, facebook, google, .. (but: there is NO free lunch!)
add 3) I want it securely encrypted.
TiddlyWiki has a built in mechanism, that let's you encrypt the whole content. All tiddlers. The encryption process runs locally in your browser. The library and the mechanism, that is used to encrypt the stuff is considered to be safe at the moment in time.
see: http://tiddlywiki.com/#Encryption,
and: http://tiddlywiki.com/#Stanford%20JavaScript%20Crypto%20Library
The important point here, is the password that you use. If it's weak and guessable, the whole mechanism is also weak. I found a nice article about strong passwords: http://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/
I think this topic is important, since not only you have to remember your passwords. Your clients will have to remember them too!! Also see your point 5) "expand access over time" ...
So to make your workflow acceptable for your users, you may be forced to trade "security" for their "convenience". Which imo is bad thing!
add 4)I want to know who is logging in to access it, so that I can verify their identity. (Facebook login confirmation?)
Guess what: (Facebook, Google, Twitter, ...) will track all your users, whenever they access your content, if you let them do the authentication for you. Do you really want that? Here you trade "your users privacy" for "your convenience". For me that's an ethical problem, if you deal with "sensitive private data"! ... A little thought experiment: "Which illnes do you think I have, when I frequently access a website about flue medicine"?
If you really want to implement a tracking mechanism into your SW, I personally wouldn't want to be your client. There needs to be a better way, to get the information, that you need. Just ask me, and I'll send you a mail!
add 5) I want to be able to control what portions of the wiki are available, and individually expand what is available over time.
There is a plugin, that lets you selectively encrypt / decrypt portions of your TW. .. The downside here is: password management. ... You know, they need to be strong: 12 unguessable characters minimum and your clients have to remember them ;)
add 6) I need to restrict/eliminate the viewer's ability to edit a tiddler.
IMO that's just a theme, that somebody has to create. There are several hacks posted here in the forum. So that should be straight forward, but somebody has to do it.
add 7) I need the viewer to be able to provide comments/suggestions for me be able to incorporate into the wiki.
TiddlyWiki is a wiki and no discussion platform. So imo you need a separated "point to point - encrypted" discussion service here. That's a whole project for itself. I suppose it needs to be encrypted because of 3) and 9).
If you want to keep the discussions on the web and you want them to be secure you'll need something that's called: "perfect forward secrecy" see: https://en.wikipedia.org/wiki/Forward_secrecy. Otherwise you content will be open in the future. ... There is a saying: "The internet doesn't forget" and for most knowledge based info that's correct. see: https://archive.org/index.php .. but for my private data, I'd like it, if it would fade away :) Especially since encryption, we consider safe now, is worthless in the future.
add 8) I need to create a separate wiki for each different viewer, if they chose to enter personal information into it.
That's just a management problem. Especially for passwords used ;)
add 9) This is all about medical records - so the controls have HIPAA and legal requirements.
I found this: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/ and didn't read it. I just searched for one term: "audit". IMO, due to the nature of the whole system you describe auditing always is a "killer feature". TiddlyWiki and all the components I'm thinking of are open source and therefore audit-able. ... but ... nobody did it, because it's expensive.
And in some cases it's not even possible, due to the nature of browsers. ... see: https://tonyarcieri.com/whats-wrong-with-webcrypto and https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/. Those articles are outdated, but I still think we don't have a viable browser based solution yet. This is my opinion. Others may differ.
just some thoughts
have fun!
mario
PS: I barely scratched the surface here. It would be possible to write about the same length for every single point here.
IMO if you treat your point 9), the HIPAA requiremtns, real, it makes everything complicated. So my proposal is:
- Use TiddlyWiki and
- Use encrypted e-mails. ... That's not a joke.
The following reasoning will show, you why "the cloud" may be the wrong thing here.
Or jump to the second post, why I'd go with plain old email :)
== reasoning ===========================
You are touching 9 points, which are a valid desire and seem to be simple. But they are very very challenging because of (but not only) point 9 "medical records" aka "sensitive personal data". For me it also seems, that you mix up several things. ... I'll try to explain some contexts, that I think are important, to understand, what you actually request here.
add 1) I want complete control over my wiki.
That's exactly, what TiddlyWiki is intended to be used for. TiddlyWiki.html is a single file, that lives on your local harddisk and therefore you have "complete control". If your haddisk is transparently encrypted by your operating system, no extra steps are needed. Not even the built in encryption. .. The weak spot here probably is your log in password ;)
add 2) I want to make it accessible on the web, and not with a link to my Dropbox, or in a way that has my name all over it.
If you want to keep 1) "complete control" in tact, you need your own server in your own location. Because that's the only way to have "complete control". period.
If you don't want to have your own server, you ''have to'' trade "control" for "convenience".
IMO because of 9) private data, a free hosting service is ''No'' option here, since:
* There are many "free hosting" companies out there, that let you trade "convenience" for "tacking-data" and "control". They are _NOT_ free. You pay them with your data and the allowance to spam you with adverts. period.
* So you need a paid service that you can trust. Professional hosting services trade money for "convenience". They provide hosting solutions that give you "full control". They just run the hardware for you! Important: know the "terms of service"!!!
The problem here is, that you still need to deal with "Authentication" https://en.wikipedia.org/wiki/Authentication and "Authorisation" https://en.wikipedia.org/wiki/Authorization, which isn't simple at all if done right. That's why we tend to trade "convenience" with "control" and "tracking-data" and let 3rd parties do that for us. eg: log in via: twitter, facebook, google, .. (but: there is NO free lunch!)
add 3) I want it securely encrypted.
TiddlyWiki has a built in mechanism, that let's you encrypt the whole content. All tiddlers. The encryption process runs locally in your browser. The library and the mechanism, that is used to encrypt the stuff is considered to be safe at the moment in time.
see: http://tiddlywiki.com/#Encryption,
and: http://tiddlywiki.com/#Stanford%20JavaScript%20Crypto%20Library
The important point here, is the password that you use. If it's weak and guessable, the whole mechanism is also weak. I found a nice article about strong passwords: http://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/
I think this topic is important, since not only you have to remember your passwords. Your clients will have to remember them too!! Also see your point 5) "expand access over time" ...
So to make your workflow acceptable for your users, you may be forced to trade "security" for their "convenience". Which imo is bad thing!
add 4)I want to know who is logging in to access it, so that I can verify their identity. (Facebook login confirmation?)
Guess what: (Facebook, Google, Twitter, ...) will track all your users, whenever they access your content, if you let them do the authentication for you. Do you really want that? Here you trade "your users privacy" for "your convenience". For me that's an ethical problem, if you deal with "sensitive private data"! ... A little thought experiment: "Which illnes do you think I have, when I frequently access a website about flue medicine"?
If you really want to implement a tracking mechanism into your SW, I personally wouldn't want to be your client. There needs to be a better way, to get the information, that you need. Just ask me, and I'll send you a mail!
add 5) I want to be able to control what portions of the wiki are available, and individually expand what is available over time.
There is a plugin, that lets you selectively encrypt / decrypt portions of your TW. .. The downside here is: password management. ... You know, they need to be strong: 12 unguessable characters minimum and your clients have to remember them ;)
add 6) I need to restrict/eliminate the viewer's ability to edit a tiddler.
IMO that's just a theme, that somebody has to create. There are several hacks posted here in the forum. So that should be straight forward, but somebody has to do it.
add 7) I need the viewer to be able to provide comments/suggestions for me be able to incorporate into the wiki.
TiddlyWiki is a wiki and no discussion platform. So imo you need a separated "point to point - encrypted" discussion service here. That's a whole project for itself. I suppose it needs to be encrypted because of 3) and 9).
If you want to keep the discussions on the web and you want them to be secure you'll need something that's called: "perfect forward secrecy" see: https://en.wikipedia.org/wiki/Forward_secrecy. Otherwise you content will be open in the future. ... There is a saying: "The internet doesn't forget" and for most knowledge based info that's correct. see: https://archive.org/index.php .. but for my private data, I'd like it, if it would fade away :) Especially since encryption, we consider safe now, is worthless in the future.
add 8) I need to create a separate wiki for each different viewer, if they chose to enter personal information into it.
That's just a management problem. Especially for passwords used ;)
add 9) This is all about medical records - so the controls have HIPAA and legal requirements.
I found this: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/ and didn't read it. I just searched for one term: "audit". IMO, due to the nature of the whole system you describe auditing always is a "killer feature". TiddlyWiki and all the components I'm thinking of are open source and therefore audit-able. ... but ... nobody did it, because it's expensive.
And in some cases it's not even possible, due to the nature of browsers. ... see: https://tonyarcieri.com/whats-wrong-with-webcrypto and https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/. Those articles are outdated, but I still think we don't have a viable browser based solution yet. This is my opinion. Others may differ.
just some thoughts
have fun!
mario
PS: I barely scratched the surface here. It would be possible to write about the same length for every single point here.
PMario
Oct 16, 2016, 1:32:57 PM10/16/16
to TiddlyWiki
Proposal: Why an e-mail based workflow could work!
On Sunday, October 16, 2016 at 7:04:43 AM UTC+2, JWHoneycutt wrote:
1) I want complete control over my wiki.
2) I want to make it accessible on the web, and not with a link to my Dropbox, or in a way that has my name all over it.
3) I want it securely encrypted.
4) I want to know who is logging in to access it, so that I can verify their identity. (Facebook login confirmation?)
5) I want to be able to control what portions of the wiki are available, and individually expand what is available over time.
6) I need to restrict/eliminate the viewer's ability to edit a tiddler.
7) I need the viewer to be able to provide comments/suggestions for me be able to incorporate into the wiki.
8) I need to create a separate wiki for each different viewer, if they chose to enter personal information into it.
9) This is all about medical records - so the controls have HIPAA and legal requirements.
add 1) I want complete control over my wiki.
Not only you want this. Your users may want that too! TiddlyWiki's initial design is a locally stored wiki. With everything which is local, you and your users have full control.
add 2) I want to make it accessible on the web, and not with a link to my Dropbox, or in a way that has my name all over it.
As I wrote in my reasoning. As soon as it's on the web, it's public. Encrypted or not, it will be very hard to delete it. Except, if you own the server. And even then, you are bound to local law.
I don't understand your phrase: "or in a way that has my name all over it." Given that you deal with "sensitive private data" I think "trust" is involved. I personally wouldn't trust anyone, that I don't know. ... So this is confusing for me!?!
Anyway: If you send your locally generated TiddlyWiki's per mail, the mail client can use (open)PGP https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP encryption. So only the recipient with the right key can read your mail conversation and the TW content.
It's not needed to trust the e-mail server, but sure it will be a plus. This e-mail server is the only "moving part" here. There are some "throw away email services" If we trust PGP, there is no need ot trust the e-mail server. It would be nice though, if the service would delete all messages after a given time eg. 2 weeks or even less.
I don't understand your phrase: "or in a way that has my name all over it." Given that you deal with "sensitive private data" I think "trust" is involved. I personally wouldn't trust anyone, that I don't know. ... So this is confusing for me!?!
Anyway: If you send your locally generated TiddlyWiki's per mail, the mail client can use (open)PGP https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP encryption. So only the recipient with the right key can read your mail conversation and the TW content.
It's not needed to trust the e-mail server, but sure it will be a plus. This e-mail server is the only "moving part" here. There are some "throw away email services" If we trust PGP, there is no need ot trust the e-mail server. It would be nice though, if the service would delete all messages after a given time eg. 2 weeks or even less.
add 3) I want it securely encrypted.
I personally would let the operating system deal with encrypting/decrypting the Harddisk and use PGP to send stuff via email. PGP is considered secure, if the key length is big enough. ATM 2048 bit if I remember right.
add 4) I want to know who is logging in to access it, so that I can verify their identity. (Facebook login confirmation?)
If you use PGP and emai, both of you are safe, that nobody else can access the content. Your receiver can be sure, it was you that sent it and you can be sure that only the right recipient can open it. No need for logging and leaking information.
add 4) I want to know who is logging in to access it, so that I can verify their identity. (Facebook login confirmation?)
If you use PGP and emai, both of you are safe, that nobody else can access the content. Your receiver can be sure, it was you that sent it and you can be sure that only the right recipient can open it. No need for logging and leaking information.
add 5) I want to be able to control what portions of the wiki are available, and individually expand what is available over time.
TiddlyWiki allows you to export several tiddlers in a so called tiddlers.json file. It contains only those tiddlers, that you exported. You can encrypt this file and your client can drag and drop import it to an existing locally stored TiddlyWiki. So you can make an "incremental update" ... or
Or you can mail them a completely new TW file. ... So no complicated managing overhead needed.
Or you can mail them a completely new TW file. ... So no complicated managing overhead needed.
add 6) I need to restrict/eliminate the viewer's ability to edit a tiddler.
Can be done, but nobody did it yet. Depending on how you send updates see add 5) the solution may look different.
add 7) I need the viewer to be able to provide comments/suggestions for me be able to incorporate into the wiki.
That's what e-mail was invented for. Your client just needs to use PGP too and you can have an "end to end" encrypted conversation. The e-mail client can do all the key management for you. see: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages for a possible workflow. .. There is still a learning curve, but it's definitely less then a cloud based solution.
add 8) I need to create a separate wiki for each different viewer, if they chose to enter personal information into it.
yes.
add 9) This is all about medical records - so the controls have HIPAA and legal requirements.
This may still be a problem, but my proposed workflow has a lot less "moving" components that need to be audited. ...
As always:
just some thoughts
I'm sure, this process can be improved, but I think it's worth to give it a try.
have fun!
Mario Pietsch
As always:
just some thoughts
I'm sure, this process can be improved, but I think it's worth to give it a try.
have fun!
Mario Pietsch
Reply all
Reply to author
Forward
0 new messages