Page MenuHomePhabricator
Create Task
Maniphest T312677

[Request for Comment] Campaigns Geolocation API proposal
Closed, ResolvedPublic
Actions

Description

Background

  • The Campaigns team is building an on-wiki event registration tool.
  • Our MVP (target release October 2022) requirements include:
    • If in-person event, there should be space for the organizer to share address/location details.
    • Participants should be able to quickly see the in-person event location, so they can determine whether they can and/or want to attend.
  • Our engineers have aligned on Pelias as the best-available geolocation API provider to help us meet these requirements
    • Associated spike task: T305705
    • Security preview request: T309410

Request

  • Our engineers have recommended that we set up a proxy to Pelias’ web service to avoid sending users’ personal data to a third party, and we would appreciate a review of this proposal from SRE to help us surface risks & have a clearer understanding of requirements.

Primary Contacts on Campaigns team

Code

Related Objects
Search...

Event Timeline

ldelench_wmf created this task.Jul 8 2022, 8:04 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 8 2022, 8:04 PM
ldelench_wmf moved this task from Backlog to Following on the Campaign-Tools board.Jul 8 2022, 8:04 PM
ldelench_wmf added a parent task: T309325: Cross-team review of Geolocation API proposal.
ldelench_wmf mentioned this in T309325: Cross-team review of Geolocation API proposal.Jul 8 2022, 8:08 PM
RhinosF1 subscribed.Jul 8 2022, 8:58 PM
cmelo added a project: Foundational Technology Requests.Jul 19 2022, 7:33 PM
jcrespo added subscribers: Vgutierrez, jcrespo.EditedJul 22 2022, 4:49 PM

I'm adding @Vgutierrez to the ticket as he is on clinic duty this week and he could route to the right person/team.

Joe subscribed.Jul 25 2022, 6:56 AM
Joe added a comment.Jul 25 2022, 8:50 AM

AIUI what we want to do is having MediaWiki make a request to an external service.

This is already possible as MediaWiki will use our url-downloader service that is the only proxy authorized to make requests outside of production.

I would see the necessity of creating a separate service only if:

  • We want to use geolocation services from more places than just MediaWiki
  • We want an api that is vendor-independent so that we only implement a vendor-independent interface in mediawiki

More importantly, it seems that pelias can be installed locally - which means that we have the option of a local installation for the future that would eliminate all the PII concerns - which are rather unclear to me anyways.

Fundamentally, I'd advise to just call the service from the MediaWiki API if the rate of requests we expect is not huge, or eventually to consider installing a local service to expose directly to our clients.

Joe edited projects, added serviceops; removed SRE.Jul 25 2022, 8:50 AM
LSobanski subscribed.Jul 25 2022, 9:42 AM
jijiki moved this task from Incoming 🐫 to 🙈🙉🙊Backlog on the serviceops board.Sep 28 2022, 2:17 PM
sbassett mentioned this in T290248: Security Readiness Review For Campaigns Registration System.Sep 30 2022, 7:58 PM
ldelench_wmf closed this task as Resolved.Oct 3 2022, 5:16 PM
ldelench_wmf claimed this task.

Hi all @Joe @jcrespo, going to resolve this since our contract with Pelias/Geocode Earth has now been approved in Coupa and thus is no longer in "proposal" state.

Please let me know if there are any followup dependencies from SRE that we should document at this point in regards to the geocoding work.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL