Suspect that the completeness check fails when common-set node(s) exist in the graph that are not marked as True.

This case can exist when a single select node is encountered, and common-set node(s) exist on the unused outbound paths.

This can be replicated by using the included example graph at: https://github.com/RENCI-NRIG/notary-service/tree/master/lib/ns_workflow/tests and choosing to walk the "Workstation" path instead of the "Server" path at the "ServerOrWorkstation" node.

To achieve better UI design and user experience for the user profile page of Notary Service, several usability evaluation and tests are performed. Based on the heuristic evaluation results and user feedback of the prototyping, updates need to be implemented to fix existing usability issues. As a frontend developer, I will:

• Add a side menu and divide main body into tabs including 'User Profile', 'CILogon Certificate', 'Messages' and 'Identity Attributes';

• Replace dropdown buttons with radio buttons for 'Preferences', and add clear success messages after saving the preference setting;

• Update the message table with three buttons on top to toggle between active/ deleted messages consistently;

• Add tooltips to the table names of table 'Identity: CILogon Claims', 'COmanage membership', and 'Other attributes';

Add COmanage to notary-service

• new Django app comanage (extend user model to include profile based on OIDC_Claims)
• include development SSL certificates
• update Nginx config for SSL
• create dedicated development OIDC Client RP in ImPACT registry

Migrated from Word to GH issue for easier tracking

These are loosely in order of priority determined by @llchristopherson , however, you can and should reshuffle their priority based on feasibility, @mjstealey .

Rename some of the roles:

• Change "Project PI" to "Project PIs and Co-PIs" Change "Project PI" to "Co-PI"
• Change "Project PI Admin" to "Project Management" Change "Project PI Admin" to "Lead PI"
• Change "Project Member" to "Project Staff"
• All other roles keep their names as is.

Alter User Privileges as shown in the table below
First four cells are either major revisions or new features, and are lower priority than all the other stuff.

• X = is true now, has this privilege now.
• Add = not currently a privilege, please add.
• Remove = has this privilege currently, please remove.
• Check when completed

* The PI (Lead PI or Co-PI) should only be able to add their own staff from their own institution.
^ You are currently working to change these functions so they are not done through CoManage.

Data Provider Functionality

• The DP should have a way to view his datasets and associated projects. He should be able to mark datasets as "off" (i.e., not available, invisible, something so that it doesn't appear to others that the dataset is available to them, says "no" in some way). This should be doable for a single project or all projects.

• Please put Templates before Datasets in the navigation bar since the DP will need to interact with that before the Datasets tab. So in other words, Templates should be to the left of Datasets.

Lead PI and Co-PI Dataset and Infrastructure Browsing Ability

• Both PI roles should be able to see a list of available infrastructure on the Infrastructure tab. This should be sorted or presented in some way so the infrastructure s/he is currently using is distinct from the infrastructure s/he is not using.

• Both PI roles should be able to see a list of all datasets in NS (for browsing/shopping purposes). As with Infrastructure, this should be sorted or presented in some way so the datasets s/he is currently using are distinct from the ones s/he is not.

Institutional Governance Functionality

• IGs should be able to unassign themselves from a project. Currently they can't.

• An IG should have a way to distinguish between the projects he is assigned to so he doesn't have to page through them all or remember their names to find the ones that are his (in the eventuality that he might encounter a long list). Perhaps projects can be listed in 2 sections on the page: a section for the projects he is assigned to and a section for all the others. The ones he is assigned to should probably appear first.

Infrastructure Provider and Institutional Governance Functionality

• IP and IG might should see a list of all datasets in the Datasets tab.
• IP and IG might should see a list of all infrastructure in the Infrastructure tab.

General Notes
With all lists of things, the items that the person is currently using should appear first. The items he is not using should appear after. This can be in whatever way @mjstealey and @yaxue1123 want (e.g., tabs, sections on the page, etc.)

• include local SAFE server in docker-compose
• add documentation for key generation making use of Let's Encrypt format (mocked for development and GitHub published files)
• add SAFE related calls to Django safe app
• remove use of is_complete flag from projects_projectworkflowusercompletionbyrole and calculate completeness from neo4j node state every time (slow, but more accurate)

Issues, bugs and other thing that need to be resolved should be made note of in this thread while the notary service is being developed.

Individual developer issues will be derived from the contents of this thread and worked on separately.

Make sure to include any references, documentation or other supporting material that may be useful for better understanding the issue.

• Branding change: Logo update and theme color update across the app;
• Added responsive design to navbar for different screen sizes;
• Applied css style for lists, callout messages, etc. to increase usability aesthetically;
• Added SEO to the html files.

Documentation

• Notary Service UI Style Guide;
• Notary Service UI Update.

update template registry object to persist the Neo4j graph that was validated instead of deleting it

• allows the user to "preview" what a workflow would entail without having to invoke it in a project first

After the update of the UI of User Profile page, continuous updates for the overall UI style are required to achieve consistency. Also, modification of the universal app header and footer is suggested based on the heuristic evaluation result. As a frontend developer, I will:

• Apply the same Bootstrap table style (striped, bordered) and button style (success, danger, warning, info) to all tables and buttons across the application;

• Update the UI of FAQ page: replace the plain JavaScript to toggle hide and show with Bootstrap data-toggle attributes; make the default state of the question to be show; apply the consistent style as "Identity Attribute" tables in the user profile page;

• Replace the old logo picture with the new logo across the application (three places including nav brand, index page and about page). Change the color theme accordingly based on the new color palette generated from the new logo;

• Modify the app header: remove padding and margin; adjust items' logic/ hierarchy across the menu (e.g. add dropdown for "About" and include "Overview" and "FAQ" as dropdown items, move "Profile" and "Logout" to be within the profile popup card); add breakpoints and responsive features as the user's viewport size changes (use hamburger menu when the viewport is comparatively small);

• Modify the app footer: amplify the footer with more content and reasonable size (e.g. add copyright; add related links; add contact and feedback options ...); change the position of footer from fixed in the viewport to fixed to the end of the page to save space for main content and give more space for potential footer content (when the page main body doesn't take up all page space, the footer will show; otherwise the footer will be outside the viewport and at the end of the page for users to scroll down and see.)

refactor for NCE work

Create a datasets app

Dataset (minimal model)

• dataset_identifier as URL
• safe_identifier as SCID
• templates as NSTemplate reference from many-to-many relationship table

NSTemplate (minimal model)

• graphml_definition as file

NSWorkflow (minimal model)

• template as NSTemplate reference
• safe_attestation as ... TBD

Enable workflow traversal that reflects SAFE policy attestation requirements

• using COmanage roles, instantiate nodes onto a workflow graph that represent one or more required tasks for a user to attest to
• define a workflow language that can be used to concisely define node state, completeness or otherwise convey information relative to attestation or rendering
• ensure all required hooks exist as part of the ns_workflow library. workflow manipulation and traversal code should not reside within the Django portion of notary service

Create the project model for notary service that includes

• groups integrated with COmanage

Per work done in #55, updates are needed to bring code into compliance with updated ns_workflow definitions.

web UI

Landing page

Since more than one item can be asserted to at once, it is important to ensure that the user knows exactly what they are making an assertion for.

Will make use of the DEBUG flag for enabling a short cut around the pop-up

Projects stubs should be solely based on COmanage COU values for *-PI:admins entries.

Example
If a COU named CO:COU:nstest-PI:admins exists, then a project should be generated with the nstest label.

• Auto-populate personnel based on COUs for CO:COU:nstest-PI:admins, nstest-PI:members:active nstest-STAFF:members:active COUs
• Only members of CO:COU:nstest-PI:admins can then edit/update the project stub and select a name, description, infrastructure and dataset(s)

Additional projects that make use of the same label (for example, nstest) can only be created by the notary-service administrator

verify graph validation checks conditional branches for valid values

• better manage is_complete flag from projects_projectworkflowusercompletionbyrole table when workflows are updated or deleted removed as part of #63
• re-order underlying data and state calculations when interacting with the project_details page - involves reviewing the POST request and revamping how form attributes are handled/calculated.
• finish wiring up project personnel refresh
• auto-complete any nodes for IP or DP (copy contents) if they've already been completed for an existing workflow (per project / dataset / workflow relationship). This occurs when a project has multiple affiliations since workflows are split by affiliation. Address post MVP
• add affiliation column to the Personnel portion of the project_detail.html render

Per discussion on 6/28/19:

• Ensure all ID checks are based on uid to sub check between LDAP groups (COmanage) and Identity from AuthN (CILogon)
• do next_set check before performing is_complete check in projects/workflows.py
• hide "get access" button until the workflows are completed for that dataset. only visible to PI, STAFF
• For DP in project - replace "get access" with "get report" button (workflow level - owned datasets)
• IG / PI - get report button (workflow level - all datasets)
• submit button for workflows instead of node names
  • Asserting True/check use I Agree
  • SingleSelection, etc. use Submit
• research graph
  • PrintEnvironment - String - textbox
  • SplitPledge1 - String - textbox
  • SplitPledge2 - String - textbox
  • HardcopyDiscardPledge - String - textbox
  • CodeBackupSelectionPledge - MultiSelection - provide 3/4 options to choose from
  • IRBAbidePledge - wording
  • SplitStaffPledge1/2 - wording
• infrastructure graph
  • ServerUsedInOtherProjects - SingleSelection - Yes/No
  • ServerSecurityProtocols - StringList - single textbox with + option
  • WorkstationSecurityProtocols - StringList - single textbox with + option

• add well known endpoint to expose JWT identity cert for Presidio
• add landing pages for COmanage workflow enrollment steps to guide user through process
• UI modifications from #84
• check Affiliation when user logs in after enrollment
• do not show User information in any tabs prior to the User being fully enrolled (check for empty co_person_id)
• send message to user when being added to or removed from a project

Make sure it works for graphs that have no conditional nodes.

Presidio by default will expect to have a user certificate presented to it in addition to a signed JWT. Allow for data providers to host data in Presidio with only signed JWT and not certificates.

• add attribute expect_user_certificate to dataset object (default to True)

additional information that should be included in project registration

• refactor project workflow to properly handle COmanage naming convention (:admins vs -PI:members:active)
• infrastructure (by reference to infrastructure object)
• organizational participation (by reference from organizational relationship - non-editable for MVP)

Transferring to another issue
institutional governance personnel (by reference from organizational relationship - self assign)
infrastructure workflow personnel (by reference from organizational relationship - self assign)

Allow users who have the Infrastructure Provider (-INP:member:active) role to be able to register infrastructure within Notary Service.

• new "infrastructure" tab on UI
• new app for infrastructure with new, edit, detail and delete options
• update project definition to include infrastructure assignment

• Integrate Kafka (Zookeeper) into compose stack
• create user message model
• create Kafka producer/consumer classes around message model (with serializers)
• integrate messages onto site landing page based on user identity
• document message model usage for external apps to push to via REST (may be post MVP) post MVP
• document tools that can be used to interact with messaging interface outside of Django post MVP

Need to be able to create children for specific principals and install principal Id as property, not just encoding it as part of child name (it's inelegant and hard to match).

Enforce roles at the Django level based on a User's role in COmanage

• Valid roles are PI, STAFF, DP, INP, IG
• An additional ADMIN level role will be extracted from the CO:Admins designation in COmanage
• The Django User's role should be selectable via a preference choice that is the aggregate of all discovered roles from COmanage

Work with @vjorlikowski to establish the JWT process for notary service (NS) as it relates to presidio (PRES).

per meeting with @vjorlikowski on 4/15:

• NS to encrypt JWT using private key of SSL cert
• Add well known endpoint to NS for retrieving SSL cert public key (/whoami slug)
• Use postMessage js to invoke iframe to presidio with proper credentials included
  • ref: https://blog.teamtreehouse.com/cross-domain-messaging-with-postmessage
• ImPACT-JWT: - intial jwt via curl http heater

Generate an SELinux definition for CentOS based deployments (Ubuntu/AppArmor not being pursued due to our shop using only CentOS based infrastructure)

Split network definitions to frontend and backend for ease of port definitions and security partitioning

Ensure all permissions are set appropriately per role for user interaction within all sections

Add app to allow user to retrieve CILogon certificate from within NS

• launch from profile page
• byo key or autogen key (4096) for user
• allow export option once generated
• force user to explicitly exit page, at which point the user cert files will be purged from temp storage.

Push v0.1 of ns-jwt as package to https://pypi.org

Use pytest to provide testing and coverage metrics

• apply to base, comanage, lib and users
• modify existing lib/workflow to be package based
• validate test/coverage metrics with Jenkins job on turtles.renci.org

Define a simple workflow visualization for rendering workflows using D3
Reference: https://d3js.org