Ratings and reviews implementation

This page is out of date. We are no longer going to use Launchpad to store the ratings and review data.

Plan: implement ratings and reviews in Software Center for Lucid.

Overview

*Ratings and reviews* is a feature targeted for Software Center (SC) in Lucid. It will allow end users to rate and review applications in Lucid, and to view the ratings and reviews submitted by all Ubuntu users. The user will experience both aspects fully within the SC application, with data storage and retrieval using an external service.

Outside of SC, moderators will be able to control the visibility of any review by accessing them through the external service's web ui. Moderation does not occur through the SC ui.

The current design consists of a Django application hosted inside the one.ubuntu.com web service. SC will communicate with this application with simple HTTP POST and GET, utilizing Ubuntu One's (U1) desktop OpenID login and RESTful OAuth service for authentication. The data will be stored in the Django database.

For the purposes of this spec, we'll refer to the web service as reviews.ubuntu.com (r.u.c) although in reality, the service will probably be hosted at one.ubuntu.com/reviews.

Data retrieval

Rating and review data will be collated on the r.u.c server by a cronjob, generating a static XML file every 5 minutes or so (we can optimize for the case where no changes have occurred). Because access to this file is anonymous (i.e. over plain http://) and static, it is highly cachable. This is critical as we expect vastly more downloads of review data than submissions.

Review submission

Reviewers must be authenticated, so their reviews will be submitted to r.u.c over https. Their submissions will be signed so that r.u.c can verify the user id or display name of the submitter. Only one review per applications per submitter will be allowed.

Identifying reviews

Reviews are identified (aside from authentication data) by four pieces of information:

It is recognized that many applications are essentially unchanged between distro releases, such that a review of e.g. gedit in Karmic may be applicable to gedit in Lucid. We need a plan for deciding when and how to utilize reviews from a previous distro release in the next distro release.

Downloading reviews for display

Sheila wants to view the reviews for Emacs, so she starts up SC. SC needs to refresh its cache of reviews so it does an anonymous http GET from

http://one.ubuntu.com/reviews/data.xml

SC then uses this new XML file to parse the reviews for Emacs, for display in the SC ui.

Submitting a review

Sheila wants to review Emacs for Lucid, so she starts up SC. This is Sheila's first review so SC performs a dbus authentication against the U1 desktop service. Sheila enters her credentials and completes the authentication process.

Sheila then enters her review and 5-star rating of Emacs in Lucid, into the SC ui. When she clicks on the Submit button, SC retrieves her access token out of the gnomekeyring, and uses that to sign via HMAC-SHA1 a request to

https://one.ubuntu.com/reviews/new

In addition, SC creates a signed request against the one.ubuntu.com REST API requesting the user id and/or display name information. It passes this request and the signed review to r.u.c. r.u.c then invokes the request on behalf of the end user, retrieving some JSON data containing the reviewer's user name (or display name). r.u.c now has an authenticated review that it checks for uniqueness, and stores in its database keyed by the four pieces of information described above.

Moderation

Moderation will occur through the r.u.c web interface, though details are TBD. We will require a Launchpad login for moderators, along with membership in a restricted team (e.g. ~ubuntu-reviews-moderators, with possible language-specific subteams if necessary).

The U1 server uses python-django-openid-auth to do team mapping against Launchpad teams, and access to certain pages can be restricted via decorators to membership in the moderators team.

XML format

TBD

Concerns

Lucid is an LTS so once we decide on the external API for ratings and reviews, we've baked that in until the next LTS. To any extent possible, we should isolate the client API that SC utilizes behind an abstract interface, so that we can change the underlying implementation and storage without requiring changes to SC or backward compatibility issues.

RNRDesign (last edited 2010-03-09 20:16:47 by barry)