Same URL? Same content!

On the web, I am a strong opponent to "2 users do not see the same thing at the same URL". It makes helping people by mail/phone quite difficult/impossible, and it makes people not aware of all the possibilities of systems. It prevents search engines and bookmarking to work.

Things you cannot do should be greyed out, not hidden (or better: should prompt for login).

For instance, we provide on our TWiki a YourHomePage link: this redirects instantly the user to its actual home page, with its proper URL.

I do not understand the need to hide the admin part of things. In the real life, as an airplane passanger I cannot go into the pilot room or flight attendant space, that's life. The solution is not to magically make these place invisible, just to have the clearly labeleld as "off limits"

-- ColasNahaboo - 06 Jan 2006

Colas has a very good point here and I agree 100%

The idea of hiding things on a Wiki makes be ask the basic question: "Why do you want to use a Wiki if you do not intend to use it as a wiki?"

In a big corporation TWiki is never going to be the only web based service you have. I bet you have document storage systems, product management systems, HR systems, purchasing, and traditional content management systems.

A wiki like TWiki has this new way of thinking. Sharing instead of hiding. If you want to hide things why use a Wiki? OK you may have some confidential things that needs to be protected further. TWiki has those features necessary to do this. But you need to know that you need to ask for information and who to ask when you need access rights to edit. And this is what I love about TWiki. You know who has access rights. You know who can give you rights. Many can do it - not just one admin who is not available or need some silly ticket raised to do the job. Many can maintain the rights. Also revoking them when people move on. Things go fast. Things move instead of standing still. A world of oppertunities instead of limitations. And that is the name of the game in a fast moving world.

If you want limitations buy and install a commercial overmanaged CMS and let "Mordac - the preventer of information services" control and manage and prevent.

On userbility. What is the first thing we do when we install Windows XP? Turn off hiding file extensions. Turn off hiding menus. Turn off, turn off.... Customizing menus so deeply hidden features become accessible. If I arrive on a TWiki as a guest and I need to see something I have access to, I navigate to it because I can see it and I am asked to authenticate. That works.

You know those silly websites with some overdesigned flash manu. You have 2-3 entries. You have to click to see sub menues. You navigate around for 10 minutes for something you could have found in 30 seconds if there had been a proper menu where things are visible. Hiding as a user interface method is a fashion trend which has proven to not work well.

-- KennethLavrsen - 06 Jan 2006

What you guys don't see is that you are making the opposite case. Yes users should see thigns differently. That's what you're saying.

Kenneth raises the point of badly designed menus. He looks at it from the POV of not giving the user the information. What about giving the user information that is misleading or frustrating, like a menu item that ends up in an access cotnrol violation. A menu can be badly designed in a numger of ways.

As for the idea of turning off or turning on features in corporate IT - for security, operational reliability and to meet many regualtory requirements businesses such as the financial community MUST operate on a 'need to know' basis. That you may choose what you share menas just that. You choose. You can also, for legitimate business, policy or operational reasons, choose to limit what you share. Would you care to share with me your SSN and credit card numbers and your mother's maiden name?

We're TWiki Geeks and we don't always see things as the naieve user does. (Nor it seems the way business managers or regulatory compliance auditors do!) I've had help desk calls because the user tried to access a restricted (administrative) topic. Some are worried that the Oops page means they've broken something. Some are angry demanding why they have been denied access when they've been told - as Colas says - that the wiki is open.

Well the reality, Colas, is that there are wikis that are open to all users but TWiki isb't one of them. There are topics that are allowed to be acessed only by members of TWikiAdminGroup. Ther are applicaiton wes that can be accessed only by mmenrs of the apropriate project group.

Business is like that. Its why TWiki supports such things. Its the way TWiki works.

The code in DAKAR::TWiki::Store::getListOfWebs() does this. If you don't have permission to access a web then you don't see it on the list of webs.

That's the way TWiki works guys; that the way it has to work in a corporate setting.

(Actually if you see http://develop.twiki.org/~develop/cgi-bin/view/Bugs/Item1260 you'll not that I think there should be a way of making things visible but inactive.)

-- AntonAylward - 07 Jan 2006

Sometimes, hiding is a necessity.

We have pushed TWiki to the point that it's more than a Wiki, is an "Application Platform", and as such it should provide minimun "data security" to be of use to what we call "Corporate Users".

I have an scenario where hiding is needed: We use a TWiki-based bug-tracking system so our customers can report bugs in our application during the acceptance testing. We wanted to gather those bugs in a centralized place to easy development and SCM planning.

Now, having different TWiki installations for that would need an additional effort to gather the ticket from across the installation to a central place. What we did was to have them all in the same installation, and to prevent each client to see each other (even with a wild guess, the oops templates where changed to unauthorized access show as "topic does not exist"). This mean that menu and the homepage present different information for each one.

Why this is need? As all of our customers work in the same field, sometimes in the same country and are, by definition, competing with each other so it's of "strategic importance" that Company A don't know that Company B is planning to implement our product in a country until that fact is made public.

But I "kind of" agree with Colas: The same URL should have the same semantic for all users, even if some content is hidden or presented in a different way.

-- RafaelAlvarez - 07 Jan 2006

We have a content management system where I work. It can hide things so you do not see things listed unless you have read access to it. I have seen many cases where this happens.

• A user arrives to a "folder" that contains documents.
• The user sees maybe 15 documents
• He does not find what he is looking for and assumes it does not exist.
• Another user arrives. Difference is that he has been authenticated earlier while arriving to an area that requiref this.
• He seems 25 documents and finds the document he is hoping to find.

The first user lived a long time with the assumption that some important spec did not exist. It shows how dangerous it is to assume that "need´to know" based information is always good idea.

The above example could have been avoided if the CMS required authentication to see anything. That is actually how I chose to setup out TWiki for that very reason. People are a little annoyed that they have to authenticate but it makes it much easier to protect what has to be protected.

I have another example how difficult it is to get people to accept the wiki way. A new very dedicated TWiki user started creating many new topics in the web of his department. Nothing was secret. Everyone could read and should read. But he automatically added ALLOWTOPICCHANGE to all his topics allowing only himself and a few others edit rights. I addressed it and asked why he used the Wiki for this stuff when he did not use it as a wiki. After some convincing is removed all the ALLOWTOPICCHANGE statements so we all could collaborate on making the information better and up to date.

I have an example of how well a wiki works. We have some human resource pages. Some are managers handbook type pages (I am a manager). I was often looking for information of what I need to do when I hire a new person. I could never find what I needed a quick way.

So I created a TWiki topic. The ManagersStaffFAQ. I left it wide open for editing. What happens? Managers use it (those that know about it). The old employees use is because it contains info that staff often ask the manager for. So they look there and then they do not have to even ask. And they add items to the FAQ. Yes. The wiki way works. Even in a corporate environment. In the traditional corporate thinking only HR is allowed to edit the documents. And only the managers are allowed to see it. And for no other reason than because "that is how we have always done it".

I am not fanatically against being able to hide things but I am worried that it quickly becomes a bad habit to do it based on the doktrine "We have always done it like that" and you end up with a static webmaster syndrome website where people do not share and collaborate. And then you loose the whole idea of what a Wiki is. And I am worried about loosing user friendliness as I already described above with the Windows/Office examples.

-- KennethLavrsen - 07 Jan 2006