What are engagements?
Each Securepub engagement is a collection of Userbase users and databases. One user plays the role of the host and other users play the role of guests. Hosts and guests are members of the engagement.
Engagements also contain databases for topics and bundles. The topic databases identify threads of comments for related content and the bundle databases hold the content being discussed.
╭────────┬───────────────────╮ │ users │ databases │ ├────────┼───────────────────┤ │ host │ topic bundle │ │ guest │ topic bundle │ │ guest │ topic bundle │ │ guest │ topic ... │ │ ... │ topic │ │ │ topic │ │ │ ... │ ╰────────┴───────────────────╯
What is the engagement lifecycle?
A typical engagement consists of two phases:
- setup phase: the host adds bundles, topics, members and obtains invitation links
- engagement phase: members collaborate after receiving their links and joining the engagement.
Setup phase
First the host creates an engagement and updates their profile. At this point the host is the only member and the engagement contains no bundles or topics.
╭────────┬───────────────────╮ │ users │ databases │ ├────────┼───────────────────┤ │▶host │ │ ╰────────┴───────────────────╯
The host adds bundles containing the content they wish to share. Unrestricted bundles can be reviewed at any time. Restricted bundles can only be reviewed by guests who accept their invitations.
╭────────┬───────────────────╮ │ users │ databases │ ├────────┼───────────────────┤ │ host │ ▶bundle │ │ │ ▶bundle │ ╰────────┴───────────────────╯
The host creates some initial topics. Each topic specifies a subject and a URL within the content to be reviewed.
╭────────┬───────────────────╮ │ users │ databases │ ├────────┼───────────────────┤ │ host │ ▶topic bundle │ │ │ ▶topic bundle │ ╰────────┴───────────────────╯
The host adds guests, provides some default values for their profiles and chooses the bundles and topics shared with them.
╭────────┬───────────────────╮ │ users │ databases │ ├────────┼───────────────────┤ │ host │ topic bundle │ │▶guest │ topic bundle │ │▶guest │ │ ╰────────┴───────────────────╯
Adding bundles first simplifies sharing when topics and guests are added later but hosts need not follow this particular order. Members, topics and bundles can be added in any order.
Engagement phase
After reviewing the content they've prepared, the host shares invitation links with the guests once they feel everything is ready.
Guests review topic content, exchange comments and add new topics for discussion after joining.
╭────────┬───────────────────╮ │ users │ databases │ ├────────┼───────────────────┤ │ host │ topic bundle │ │ guest │ topic bundle │ │ guest │ ▶topic │ │ │ ▶topic │ ╰────────┴───────────────────╯
What are invitation links?
Members use invitation links each time they join or return to an engagement. Invitation links are HTTP urls with the structure
https://gl2401.securepub.org/_v1.2401_/join/#{ 3 * 26 characters } └── origin domain ──┘└─── prefix ───┘ └─ engagement ids ──┘
The origin domain and prefix identify the location and version of the Securepub SPA. The engagement ids are three concatenated ULIDs ↗︎ which encode
- the AppID of the engagement
- the RoleID of the member and
- the initial Userbase password of the member
The initial password in the link allows members to automatically login to the associated Userbase user when they follow the link to the Securepub page. Invitation links are insecure until a member secures them by choosing a new username and password. From that point anyone using the link will need to provide the username and password to join the engagement.
Since anyone can use the initial invitation links without a password, hosts should communicate them to members over a means of communication they consider secure.
Where no secure means exists a host may pre-secure a link by taking the extra step of signing in with a member's link and changing their password on their behalf before sharing the link over an insecure channel. The host can then share the password in a separate communication and the member can change their password after they sign in.
Hosts may also consider pre-secureing their links when there is a concern that
-
a member may never join an engagement or that a significant amount of time may pass before they do
-
a link will get added to another database or tracking system where the host may not be able to prevent unauthorized access to it
Hosts may also wish to defer sharing content with members until after they have joined and secured their links.
- their invitation link
- their username and
- their password
There is no recovery option if any of these they are lost.
If a member loses these their best option is to ask the host for another invitation and rejoin as a new member. The host and other members can re-share bundles and topics with the new member. However they won't be able to manage or edit any of their old topics or comments.
If a host loses their link their best option is to setup a new engagement.