Avoid access control

From eg

Contents 1 In general 2 In wikis 3 Some information requires access control 3.1 Specific categories of information that need some kind of access control:

[edit] In general

The Bitfrost specification for OLPC suggests that only anti-theft kill switches, and some key continuity management, should be applied to stop genuinely abusive practices such as stealing educational devices from children to use or to sell.

[edit] In wikis

General purpose access control like gACL is widely used in FOSS to keep the creation and maintenance of who can see what or edit what to a minimum. While these are tempting, any use of any such function simply reduces the number of persons who can review a given page, without necessarily increasing their willingness or ability to contribute. This can prevent critical mass from ever occurring and can certainly kill a corporate wiki dead. So avoid access control except as part of a general policy to support factions that wish to work within one big wiki but to keep specific sensitive information secret - in which case the number of locked pages and hidden pages should be very few.

If reliability of reports is critical, the wiki best practice is to focus instead on who may edit authoritatively on a given topic, so that the soft security function takes over, but no one feels that any particular page is sacred, and anyone can correct errors or spelling.

Part of any strategy to align wiki to mindset that implies hard security is to ensure that wiki pages are accessible and editable only insofar as the mindset of the organization exists. In an open project this will be very permissive, but, most projects aren't so open.

[edit] Some information requires access control

A corporate wiki may be partially or wholly visible to the whole web, and therefore some information may need to be hidden from some people in order to protect privacy of clients or workers, or to protect proprietary information.

Permission categories must be kept to a minimum to facilitate a robust community of sharing and editing.

[edit] Specific categories of information that need some kind of access control:

Sensitive information about clients, talent, suppliers and stakeholders:

There is Federal legislation in Canada regarding privacy that must be complied with.

Some information that must be protected by permissions are – contact information, quotes, job costing, account information, information about upcoming projects that may not be public yet,

Corprate documents that need some kind of access control:

Account and password information. Strategy documents. Sales documents. Supplier pricing. Agreements with company talent.