Giters

regen-network / regen-web

:seedling: Website and marketplace application

Home Page:https://app.regen.network

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Understanding our third-party signing requirements

blushi opened this issue · comments

commented

Possible ways to do this:

  1. Could have a secret signable link, similar to the secret link for sharing a post
  2. Or, just send them the link, use the collab/member permissions to allow them to sign. Prompt them to fill in name and photo when signing if they don't have it, or remind them to do so. Ideally you would have a view to see all the posts that you've signed/could sign. So and so has requested that you sign this post. "Manage signatures" in the profile dropdown somewhere. What the user should see is which projects they have project-wide signing permissions on. All posts that I've been requested to sign, all the things that I have signed, all the things you have permission to sign. Flow to request someone to sign on a specific post.

Notes from Core Design 2/7/24

  • We are not going to see high usage of multiple members from an org all signing and editing docs, probably just one member
  • Just having a docusign link that they can sign a single piece of evidence (post)
  • Registry or project proponent uploading documents and self-signing or requesting on a piece by piece basis a request for signature

- DECISION: Only project collaborators can sign first for MVP, and then the project admin can share a link with that collaborator, if these are signed in then they can sign

Notes from Otter transcript:
Then we should have a designing research task for understanding what our third party signing requirements are. And we can start to explore it. A bit on the design huddle, I could talk a little bit about some ideas, like I said, here right now and then we should have one or two targeted conversations with either registry team members or partners to see where the chips fall. But like one thought that I have is like, Could we get away with just doing like, like, just having it so that project developers can generate a link which is like a page that's like a sign on this thing, sign on this post. And that's an offline link that they generate, that they can then send to anybody. It's there's no real permissions around it because signing is technically something that anyone can do. But no one would be able to stumble upon it through the UI. Right? That's one idea of a way that could be super lightweight, is we literally just have like, you know, post slash sign, URL, which, which always exists, but there's no way for people to just stumble upon it this way. We're never gonna get randos signing if we don't want that. And a project, like developer or an admin can always take that link and send it to their registry or send it to their person.

commented

@erikalogie @clevinson please add description

commented

@aaronc I already asked @clevinson for this, but can one of you add more description to this task please?

commented

Closing in favor of tracking in Jira now