RI revisited, Web standards, AJAX, LDAP and architecture23 Nov 2006
I visited Raw Ideas today and was really quite excited by what I saw. They’re about to move office again so I was popping in to return the keys (I still had them even though I haven’t worked there for several months now) and generally catch up. Tino was working on a tape library application for archiving DVCPro and Mini DV and HD(V, mostly) footage in a really searchable and generally more-manageable-than-shelves-full-of-labels kind of way, and he was pretty keen to show it off. Freakin’ awesome stuff. Aside from some DHTML gimmicks (fading rollovers, etc., stuff that you think is cool when you’re developing it but does nothing but irritate you once you have to sit down and finally use the application for five minutes!) it was great to see he’s using Scriptaculous for some genuinely useful AJAX-based functionality.
Because it’s a library, it’s basically one big search engine. Which means that autocomplete is a really handy thing to have, and being able to click on a piece of information and edit it straight away (so, taking plain text and converting it into a
input field for editing immediately, without a separate admin view) is absolutely priceless for moving through a library quickly. This is so the way content editing should be heading — I’m hoping we all get there in the end.
So we threw around ideas about that (including ripping timecode off DV tape and trying to set marker points, importing EDL’s for use inside the library, automating transcoding processes and exporting H.264 or FLV for previews, and a couple of other equally fun things), then eventually started chatting about what I’m doing over here at Youthworks these days.
I think I made him kind of jealous. I’ve seriously got one of the best jobs in the web development world right now. I get to come up with stuff that’s genuinely useful for users (and productive for the Gospel, yada yada — that’s the implicit goal of all of this), entirely in response to their needs, without being burdened in particular by history, or legacy systems that need to integrate, or any major competitors — it’s wonderful. So we started talking about platforms and whatever and I said I was considering Django (and got a big tick accordingly, which was nice) with an RDBMS (i.e. MySQL, just because that’s pretty much all I have experience with insofar as DBs go) but then outlined a bit more about the project and he recommended an LDAP system pretty strongly.
LDAP is a directory-based database which is strongly heirarchical and finely granulated in nature. Which is bloody useful when you’ve got a user structure five layers deep:
But, of course, moderators do not “contain” leaders any more than leaders “contain” youth. All of these tiers exist independently of one another. They are internally defined by their extrinsic relations, even though their user experience of the website will vary depending on their heirarchical position. The latter makes LDAP seem entirely sensible, but the former definition of personal identity (that is, what constitutes a “self” or independent user entity — a Distinguished Name, in LDAP-speak) seems to rile against that directory concept.
“Moderator” is, in fact, a property of “Leader”. That is, it is a quality belonging to the user, who belongs to the group “leader”. Users should be unique and belong to an Organisational Unit (again, in LDAP speak) that reflects their role within the system. Thus, moderatorship generally will necessitate belonging to two OUs: one does not cease to lead within their own group context if they are appointed as a sitewide moderator — likewise, moderators may be appointed who do not have any formal role as a leader of a youth group. (This problem may be circumvented by creating such users at a CYIADA Global administration level, instead — for example, I do not lead a youth group in the target demographic, and I volunteer to edit content occasionally: I am not the webmaster administrator (hypothetically), but require moderation powers without being a leader associated with any group).
Groups, of course pose their own set of stupid difficulties. They appear to have no heirarchy at all: indeed, even where they could (for example, a Katoomba Convention branch with KYCK, KYLC, KEC, etc. sub-branches, or a CMS branch with Summer School, MMM, etc. sub-branches) this isn’t particularly useful (and, consequently, not desirable).
They don’t constitute OUs, because OUs have already been used to assign roles (probably a bastardisation of standard X.520 practice, but so much of this will be I don’t particularly care). The only way I could see it working would be by defining multiple Organi[s/z]ation components, but even then…
I don’t know. My head has been in relational database space for so long I want everyone to have a numeric identifier linking them to another table chock full of organisation records. It makes me comfortable. But then, LDAP would manage authentication and roles, if not association, and appears to generally have potential to make life a lot easier. So perhaps there’s some way to connect directory and RDBMS happily?
Feedback more than welcome. I’m not worried about platform specifics, just about the theoretical architecture of such a beast (and my conception of LDAP in general). If you’re reading this and know anything about OpenLDAP or AD or RHCS or any other platform, or just know about connecting to existing sources and extending them, please leave a comment and make me happy :-)