more nextcloud advantages

6db2aee2 · anarcat · b07e7563 · 6db2aee2
Verified Commit 6db2aee2 authored 3 years ago by anarcat
--- a/policy/tpa-rfc-11-svn-retirement.md
+++ b/policy/tpa-rfc-11-svn-retirement.md
@@ -79,7 +79,7 @@ but other platforms may be used as deemed fit by the users. Users are
 strongly encouraged to consult with TPA before picking alternate
 platforms.

-## Access controls
+## Nextcloud access controls

 A key aspect of the SVN replacement is the access controls over the
 sensitive data hosted there. The [current access control
@@ -112,6 +112,45 @@ and could be used to encrypt files before they are sent to the
 server. OpenPGP programs typically suffer from serious usability flaws
 which may make this impractical.

+## Authentication improvements
+
+One major improvement between the legacy SVN authentication system and
+Nextcloud is that the latter supports state of the art two-factor
+authentication (2FA, specifically [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor)) which allows
+authentication with physical security tokens like the
+[Yubikey](https://en.wikipedia.org/wiki/YubiKey).
+
+Another improvement is that Nextcloud delegates the access controls to
+non-technical users: instead of relying solely on sysadmins (which
+have access anyways) to grant access, non-sysadmin users can be
+granted administrator access and respond to authorization requests,
+possibly more swiftly than our busy sysadmins. This also enables more
+transparency and a better representation of the actual business logic
+(e.g. the executive director has the authority) instead of technical
+logic (e.g. the system administrator has the authority).
+
+This also implies that Nextcloud is more transparent than the current
+SVN implementation: it's easy for an administrator to see who has
+access to what in Nextcloud, whereas that required a lengthy, complex,
+and possibly inaccurate audit to figure out the same in SVN.
+
+## Usability improvements
+
+Nextcloud should be easier to use than SVN. While both Nextcloud and
+SVN have desktop applications for Windows, Linux and MacOS, Nextcloud
+also offers iOS (iphone) and Android apps, alongside a much more
+powerful and intuitive web interface that can basically be used
+everywhere.
+
+Nextcloud, like SVN, also supports the WebDAV standard, which allows
+for file transfers across a wide variety of clients and platforms.
+
+## Migration process
+
+SVN users would be responsible for migrating their content out of the
+server. Data that would not be migrated would be lost forever, after
+an extended retirement timeline, detailed below.
+
 ## Timeline

 * November 1st 2021: reminder sent to SVN users to move their data
@@ -126,7 +165,8 @@ which may make this impractical.
 ## Affected users

 It is believe that `sue` is the only remaining user of the SVN
-service. Remains TBD.
+service. Typically, operations people are the last remaining users of
+the data that currently lives solely inside SVN.

 # Approvals