cassproject / cass Goto Github PK

Ran into a case (unable to reproduce) where I received errors after deleting a competency in the CFD tool.

Posting this here so it is documented. May have been an isolated incident. Below is the test case in which this occurred.

Click handler prevents selection of only part of the text. We need to keep the warning that they are navigating away from CASS, however.

Should adapt based on Accept header.

After Downloading CASS and starting the server on my machine I try to access http://localhost:8080/cass/cass.example/profile.html

However, before I even sign in, I get this error TypeError: me.usernameSalt is undefined

Closing this message takes me to the login page, where I try to create an account, only to get Remote Identity not configured. to pop up twice. and then just an empty profile, where all of the buttons prompt me to try and log in again.

I am using Ubuntu 17.10, and therefore had to update tomcat to tomcat8 if that makes any difference.

How do I fix this?

Should return an appropriate HTTP error. (bad parameter, etc)

Copy button is broken
'Add Field' modal could be better
Delete needs a confirm
Add more types to change type list
'Add owner' button
Encryption/reader/privacy fixes

Please conform with the following API definition in order to achieve short URLs and fewer parameters:

/api/toAsn?id= --> /api/asn/ GET (use urlRemainder)
(URLs as Identifiers shouldn't have parameters)
/api/fromAsn --> /api/asn POST/PUT

Code to pull in to accept POST in LevrJS (shouldn't read from OS or URL params)

var file = fileFromDatastream.call(this,"multiPartPostName",null,"false");

When creating mappings between two frameworks that I do not own, I need to put these relations into another framework.

A number of open source licensed files have been copied into the project, but without following the licenses completely. For example, a number of files from forge are included, and you can find the license for forge here: https://github.com/digitalbazaar/forge/blob/master/LICENSE

Many of those files lack any licensing mention at all, such as: https://github.com/cassproject/CASS/blob/c7ad25089e93f10b77122a9df5456f0ec94766a9/src/webapp/cass.manager/forge/cipher.js

Others mention the licensing situation and link to the forge licensing file, but only reference it for themselves: https://github.com/cassproject/CASS/blob/master/src/webapp/cass.manager/forge/forge/ssh.js

However, the terms of the forge licenses aren't covered by just doing the latter, and are even less covered by doing the former. Since the CASS project is attempting to go Apache 2.0 for licensing, only the BSD license is viable. The BSD license requires that, in source code, the source code retain the license and the specific as-is clause. Files of either sort above do not.

Luckily this issue is fairly mild; it just gets more and more painful to fix the longer it goes unfixed.

One other licensing issue worth calling out is the inclusion of the LGPL'd json2xml code ( https://github.com/cassproject/CASS/blob/master/src/webapp/cass.example/js/vendor/json2xml.js ). That code is not compatible with the project's Apache 2.0 license ( http://www.apache.org/legal/resolved.html#category-x ).

There may be other licensing issues throughout, these are just ones that jumped out at me as I was looking through parts of the code. (Additionally, the structure of the code is going to make it difficult to update it as libraries change).

Things like the maximum number of results, etc should be returned as part of the response headers.

The script cassInstallDebian.sh does not upgrade LEVR correctly upon repeat runs. The problem is that the following:

echo Installing LEVR...
rm -rf /var/lib/tomcat7/levr*
mv levr.war /var/lib/tomcat7/webapps/

contains a typo, in that the path for the rm call should be /var/lib/tomcat7/webapps/levr* rather than /var/lib/tomcat7/levr*

• Should we advance assertions to include credential assertions?
• What credential assertion models exist out there?
• Which should we use?

(Turn off PKI permissioning, turn on OAuth2 permissioning)

This is an application specific flag that should only exist in the application code, not in the library

The CASS Upgrade script needs to uninstall OpenJDK and install Oracle Java (after prompting the user).

Extend CSV import to translate from CTDL headers to CASS headers.

this includes previously logged in accounts' contacts

A function in the CASS library that fetches me all competencies in this framework organized (if possible) into a tree would be useful for some end-application developers.

specifically one imported from ASN

The JavaScript libraries for interacting with a CASS endpoint would be more useful if they could be run from within a non-browser JS environment such as Node. This is not currently the case. As the library is currently implemented, there are a couple of things in particular that are blocking this from being possible:

• The scripts all share the global namespace and are not modular, so the only way to load them into node is to concatenate the files together and run that instead
• The code makes use of browser primitives and DOM manipulation (global vars like document and window) as well as JQuery, which based on my limited knowledge does not appear to be very compatible with the Node environment.

see https://github.com/CredentialEngine/CompetencyFrameworks/issues/17

download icons for the JSON (and if possible, Turtle) files next to the URIs that go directly to that data:

When you go back to the search screen, the search parameters aren't re-used and are actually deleted. This might want to wait for the rollout of url parameter class in the ec ui framework

IE blocks the popup.

RDF does not guarantee HTTP based retrieval mechanisms. Therefore, the effective method of creating redirects for HTTP requests to link from a typeless shortId or shortId (/data/ or /data//) to the @id (/data///) as links in data can cause issues.

This makes some CASS data incompatible with other RDF tools.

Currently, assertion processing is scoped to understanding only competency assertions.
It is reasonable to recognize that individuals may be implied to be competent via the assertion of credentials, successful course completion, badges, etc.

Consider either automated processes that create artificial assertions based on rules regarding these other types of learning objects, or being able to interpret those assertions of credentials, badges, etc as assertions of competence of the competencies they assert.

Currently, some types of data that could be supported are:

• In OpenBadges, an assertion may be made about an individual possessing a badge.
• In xAPI, individuals complete learning activities (which include assessments).
• In Caliper, Assessments and Assignables may be completed.
• In CTDL, CredentialAssertions indicate an individual has a credential.

(for horizontal scaling purposes)

Be able to import named graphs of objects as a collection.