Page MenuHomePhabricator

Cross-team review of Geolocation API proposal
Closed, ResolvedPublic

Description

Status as of 2022-08-24

We are ready to move forward with contacting Pelias (@vyuen) and starting the contracting process (@ldelench_wmf). Security review will continue in parallel.

Background/Goal

Now that T305705 is complete and a proposal has been drafted, we will solicit review from:

  • Legal
  • Trust & safety policy
  • Security
  • Site Reliability Engineering (SRE)

Out of scope for this task:

  • Budget approval & any necessary contracting with geolocation provider
  • Implementation of the geolocation API
User stories
  • As a Campaigns team member, I want to ensure that our recommended approach of setting up a proxy to Pelias web service has been reviewed & commented on by Legal, Trust & Safety Policy, Security, and SRE so that I have a more complete understanding of risks & recommended next steps.
  • As a campaign organizer, I would like to be able to easily enter the address of my in-person event.
  • As a campaign participant, I would like to be able to quickly know where the in-person event is taking place.
Considerations
  • Once we start using a geocoding library, there may be backwards compatibility issues with existing events (e.g. someone entered an invalid address or country, or in a format that the library does not recognize), and this could be very problematic. Therefore, we should decide on a geolocation API provider in parallel with our V0 build, even though it will not actually be implemented until V1 (target: October 2022).
Development considerations

MUST HAVE

  • Being able to filter events by country, city, and region.
  • Show only relevant info in the event page bar; e.g., the building name

NICE TO HAVE

  • Provide address autocompletion when creating/updating a registration
  • Show events happening nearby (users would need to opt-in)
  • Show where the event is happening on a map
Acceptance criteria
  • Reviews are complete:
    • Legal - via email
    • T&S Policy - via email
    • Security T309410
    • SRE T312677
Open questions
  • What timeline should we expect for reviews?
    • Legal: done
    • Trust & safety policy: done
    • Security: July-Sept 2022 (in progress)
    • Site Reliability Engineering (SRE): done
Resolved questions
  • Just curious what the technical reasons are for choosing Pelias over MaxMind, for which the WMF already has a license.
    • AIUI, MaxMind only provides geolocation info for IPs, but we don't need data about IPs. Also, we would need some additional features (listed at T305705#7841090) that MaxMind doesn't seem to offer.

Event Timeline

Restricted Application added a subscriber: Aklapper. ยท View Herald TranscriptMay 26 2022, 3:49 PM

Requests for review have been submitted on 27 May:

  • Legal: email
  • Trust & Safety: email
  • Security: T309410
ldelench_wmf changed the status of subtask Restricted Task from Open to Stalled.Jun 13 2022, 2:04 PM

@ldelench_wmf Hey there! Since we will need to begin planning V1, we would find a way to unblock this conversation (which has been stalled). Maybe it is a topic we can discuss in our 1:1 next week. Thanks!

@ifried this is on me! I have it on my to-do this week to finish the proposal so we can send it to folks for a second review. Just missing a few minor details now.

sbassett changed the status of subtask Restricted Task from Stalled to In Progress.Jul 6 2022, 5:55 PM

Reclassifying this task as an epic, so moving out of our sprint board.

ldelench_wmf changed the task status from Open to In Progress.Jul 8 2022, 8:13 PM
ldelench_wmf triaged this task as Medium priority.
ldelench_wmf moved this task from Backlog to Epics - upcoming on the Campaign-Tools board.
ldelench_wmf renamed this task from [Cross-team review] Geolocation API proposal to [EPIC] Cross-team review of Geolocation API proposal.Jul 8 2022, 8:25 PM
ldelench_wmf updated the task description. (Show Details)
vyuen renamed this task from [EPIC] Cross-team review of Geolocation API proposal to Cross-team review of Geolocation API proposal.Aug 24 2022, 4:57 PM
vyuen removed a project: Epic.
vyuen removed a project: Campaign-Registration.

Hey @ifried , do you think we can resolve this one? I think the proposal review is done; though we can expect more followup with security during implementation as part of T290248

Yes, I have marked this as Done. We will need to continue the conversations with the various stakeholders that we are already having, but the actual review process is already in motion. Great work, team!