CNM Wikiware
CNM Wikiware (hereinafter, the App) is the CNM app that empowers CNM Wiki and, possibly, other publicly-available knowledge bases of Friends Of CNM. The App is both:
- Knowledge management software that utilizes MediaWiki as its engine and is supported by CNM Cloud Platform including MariaDB instances that the App uses as its database management system; and
- A service of the CNM Cloud particularly available at wiki.ksacerts.com.
Business functionality
Besides supporting CNM Wiki, the App serves as a practice tool in the learning that is delivered by Bracka School and related to knowledge management software.
Permitted user roles
- Opplet handles user management for the App (including "create account" and "change other users' rights" functions). Thus, the permitted user roles of the App's users are those Opplet roles that are specifically based on rights of groups granted by MediaWiki. The software-defined rights can be found at MediaWiki's list of groups.
User stories
- As a NetAnyone, I need to be able to:
- Read and/or view contents of any wikipage at clearly understood URLs such as starting with https://wiki.ksacerts.com/
- See the logo at the right upper corner and the name of the resource such as CNM Wiki;
- Feel safe while seeing that the App's resource is verified by the SSL certificate;
- As a Russian-speaking NetAnyone, I need to be able to locate wikipages in Russian, possibly, at URLs starting with https://wiki.ksacerts.com/ru
- As a NetConsumer, I need to be able to add selected wikipages to my watchlist and receive notifications when the watched wikipages are updated to my email.
- As a CertAssociate and/or CertDeveloper, I need to be able to:
- As a CertFellow, I need to:
- Have predefined rights of a sysop established at MediaWiki;
- Be able to upload files up to 20Mb.
- As a OppletBureaucrat, I need to:
- Have predefined rights of a bureaucrat established at MediaWiki;
- As a CloudAdmin, I need to:
- Make sure that CNM Wiki at least gets basic cyber-security features implemented; new threats are monitored and, based on them, the security policy should be defined and, further, re-defined;
- Be able to restore CNM Wiki if the working software collapses. No more than one hour of work is allowed to be lost.
Architecture
The App is a MediaWiki instance that is run on CNM Cloud Platform.
MediaWiki
- Main wikipage: MediaWiki
- The MediaWiki software is chosen as the App engine because its usability, productivity, and reliability. Particularly, MediaWiki:
- Is easy to load (it is a light weight);
- Allows integration with CNM Cloud Platform and, possibly, other CNM apps;
- Is scalable and allows addition of more data as need arises;
- Is easy to navigate with a search function that makes it easy to search what any user wants;
- Is cloud hosted so that it can be accessed anywhere;
- Provides an audit trail that can provide identification of who has entered any new information.
- MediaWiki also has a provision for the future usage of multiple languages. When the time for adding a new language comes, the existing system shall enable this addition without need for additional components to the original system. It will also enable the user to nominate their preferred language when entering their personal information.
Platform
- Main wikipage: CNM Cloud Platform
- CNM Cloud Platform shall provide the App with all resources, including PHP-language support and MariaDB, it needs in order to run smoothly. It also handles user management for the App. Particularly, the platform shall:
- Make sure that the App is available 99.99% of the time for any 24-hour period;
- Doesn't store any confidential information, so such information cannot be accessed by anyone.
Security
Vulnerability alerts
Extensions
File permissions
TLS
PHP
MariaDB
Maintenance scripts
Upload security
Development
History
- The first instance, 1.26.4 version, was installed under supervision of User: Mina Nizhnih.
Further development
In order to constantly develop the App, Friends Of CNM is looking for one or more vendors. This development project has at least two phases:
- To identify Acceptance criteria that shall be met at the end of any further upgrade; and
- To procure those upgrades from one or more vendors.
- RFB has been posted and the following responses are collected so far:
- Define page types, naming conventions, user rights, expected behavior to select a set of useful extensions. Then develop ontologies, templates and forms for pages of various types. Adjust search function to the needs of the project.
- Follow the updates at https://www.mediawiki.org/wiki/Download/ru and after the appearance of a new stable version, reinstall the App.
- Monitor the detection of vulnerabilities and the emergence of solutions to eliminate them, apply them.
- Support SSL certificate of Let's Encrypt (how to do it https://hostiq.ua/wiki/how-to-install-lets-encrypt-ssl/);
- Regularly check the site for viruses using this link - https://www.virustotal.com/en/url/07612517c24492a2b4ecf505640d0c4e5d060149282543f1376dc6079b911641/analysis/1522339359/
- The system shall ensure that there is no interference to the active users when maintenance is being done.If need be, the system shall not be shut down for maintenance more than once in a 24‐hour period.
- The system shall produce a storage capacity warning notification when a particular percentage of storage capacity threshold is crossed with additional notifications issued thereafter at different threshold increments.
- When a new version of the system(application) is released, it shall be possible to upgrade to it from any previous version.
Acceptance criteria
Vulnerability
- SSL certificate