I vis­ited Raw Ideas today and was really quite excited by what I saw. They’re about to move office again so I was pop­ping in to return the keys (I still had them even though I haven’t worked there for sev­eral months now) and gen­er­ally catch up. Tino was work­ing on a tape library appli­ca­tion for archiv­ing DVCPro and Mini DV and HD(V, mostly) footage in a really search­able and gen­er­ally more-manageable-than-shelves-full-of-labels kind of way, and he was pretty keen to show it off. Freakin’ awe­some stuff. Aside from some DHTML gim­micks (fad­ing rollovers, etc., stuff that you think is cool when you’re devel­op­ing it but does noth­ing but irri­tate you once you have to sit down and finally use the appli­ca­tion for five min­utes!) it was great to see he’s using Scrip­tac­u­lous for some gen­uinely use­ful AJAX-based functionality.

Because it’s a library, it’s basi­cally one big search engine. Which means that auto­com­plete is a really handy thing to have, and being able to click on a piece of infor­ma­tion and edit it straight away (so, tak­ing plain text and con­vert­ing it into a textarea or input field for edit­ing imme­di­ately, with­out a sep­a­rate admin view) is absolutely price­less for mov­ing through a library quickly. This is so the way con­tent edit­ing should be head­ing — I’m hop­ing we all get there in the end.

But even more excit­ing than Javascript usabil­ity gim­micks was to see that he’s still using CSS, now more exten­sively and with­out assis­tance, and with kick-arse seman­tics. I looked at the source of his page quickly and the only com­plaint I had was his use of a span for a header instead of an Hx… totally won­der­ful to see a few months after the res­i­dent stan­dards nazi (that would be me) has taken off!

So we threw around ideas about that (includ­ing rip­ping time­code off DV tape and try­ing to set marker points, import­ing EDL’s for use inside the library, automat­ing transcod­ing processes and export­ing H.264 or FLV for pre­views, and a cou­ple of other equally fun things), then even­tu­ally started chat­ting about what I’m doing over here at Youth­works these days.

I think I made him kind of jeal­ous. I’ve seri­ously got one of the best jobs in the web devel­op­ment world right now. I get to come up with stuff that’s gen­uinely use­ful for users (and pro­duc­tive for the Gospel, yada yada — that’s the implicit goal of all of this), entirely in response to their needs, with­out being bur­dened in par­tic­u­lar by his­tory, or legacy sys­tems that need to inte­grate, or any major com­peti­tors — it’s won­der­ful. So we started talk­ing about plat­forms and what­ever and I said I was con­sid­er­ing Django (and got a big tick accord­ingly, which was nice) with an RDBMS (i.e. MySQL, just because that’s pretty much all I have expe­ri­ence with inso­far as DBs go) but then out­lined a bit more about the project and he rec­om­mended an LDAP sys­tem pretty strongly.

LDAP is a directory-based data­base which is strongly heirar­chi­cal and finely gran­u­lated in nature. Which is bloody use­ful when you’ve got a user struc­ture five lay­ers deep:

But, of course, mod­er­a­tors do not “con­tain” lead­ers any more than lead­ers “con­tain” youth. All of these tiers exist inde­pen­dently of one another. They are inter­nally defined by their extrin­sic rela­tions, even though their user expe­ri­ence of the web­site will vary depend­ing on their heirar­chi­cal posi­tion. The lat­ter makes LDAP seem entirely sen­si­ble, but the for­mer def­i­n­i­tion of per­sonal iden­tity (that is, what con­sti­tutes a “self” or inde­pen­dent user entity — a Dis­tin­guished Name, in LDAP-speak) seems to rile against that direc­tory concept.

“Mod­er­a­tor” is, in fact, a prop­erty of “Leader”. That is, it is a qual­ity belong­ing to the user, who belongs to the group “leader”. Users should be unique and belong to an Organ­i­sa­tional Unit (again, in LDAP speak) that reflects their role within the sys­tem. Thus, mod­er­a­tor­ship gen­er­ally will neces­si­tate belong­ing to two OUs: one does not cease to lead within their own group con­text if they are appointed as a sitewide mod­er­a­tor — like­wise, mod­er­a­tors may be appointed who do not have any for­mal role as a leader of a youth group. (This prob­lem may be cir­cum­vented by cre­at­ing such users at a CYIADA Global admin­is­tra­tion level, instead — for exam­ple, I do not lead a youth group in the tar­get demo­graphic, and I vol­un­teer to edit con­tent occa­sion­ally: I am not the web­mas­ter admin­is­tra­tor (hypo­thet­i­cally), but require mod­er­a­tion pow­ers with­out being a leader asso­ci­ated with any group).

Groups, of course pose their own set of stu­pid dif­fi­cul­ties. They appear to have no heirar­chy at all: indeed, even where they could (for exam­ple, a Katoomba Con­ven­tion branch with KYCK, KYLC, KEC, etc. sub-branches, or a CMS branch with Sum­mer School, MMM, etc. sub-branches) this isn’t par­tic­u­larly use­ful (and, con­se­quently, not desirable).

They don’t con­sti­tute OUs, because OUs have already been used to assign roles (prob­a­bly a bas­tardi­s­a­tion of stan­dard X.520 prac­tice, but so much of this will be I don’t par­tic­u­larly care). The only way I could see it work­ing would be by defin­ing mul­ti­ple Organi[s/z]ation com­po­nents, but even then…

I don’t know. My head has been in rela­tional data­base space for so long I want every­one to have a numeric iden­ti­fier link­ing them to another table chock full of organ­i­sa­tion records. It makes me com­fort­able. But then, LDAP would man­age authen­ti­ca­tion and roles, if not asso­ci­a­tion, and appears to gen­er­ally have poten­tial to make life a lot eas­ier. So per­haps there’s some way to con­nect direc­tory and RDBMS happily?

Feed­back more than wel­come. I’m not wor­ried about plat­form specifics, just about the the­o­ret­i­cal archi­tec­ture of such a beast (and my con­cep­tion of LDAP in gen­eral). If you’re read­ing this and know any­thing about OpenL­DAP or AD or RHCS or any other plat­form, or just know about con­nect­ing to exist­ing sources and extend­ing them, please leave a com­ment and make me happy :-)