Hi Kai,
I've been looking at your documents, but I do think this is a case where
a picture is worth a thousand words. Do you have any plans to provide UI
mockups?
On 16/03/10 23:12, Kai Engert wrote:
In short, we'd like to stop the current prompts and implement a better
user interface.
I think that it would be extremely wise to include Mozilla's UI design
community as we look for a solution to these problems. Do you have any
plans to reach out to them? I notice your message was not cross-posted
to mozilla.dev.usability... You mentioned Aza's previous post. Has he
looked at your proposals?
The basic idea is to show an indicator in chrome whenever a site asks
for client authentication, and give the user full control over using a
personal certificate for authentication (or not using one). The
interface should also support persistent configuration, per site. It
should be powerful enough to support complex sites and work with
appearing/disappearing certs which are stored on smartcards.
From reading the documents, it's clear that we do have a difficult
simplicity/power tradeoff to make here. In order to help make it, do we
have any statistics or ideas how common it is to have scenarios like:
- A page whose components and subcomponents together require auth using
more than one client certificate
- A page where the top level does not require a client certificate but
sub-parts do
?
Although we have a good solution in the browser (show an error page,
allow override), the solution in non-browser applications (e.g.
Thunderbird) is inferior.
Why do you say that?
Non-browser applications are very different to browsers. For mail, for
example, you do not add and remove dozens of mail servers on a daily
basis. As long as the software allows you to remember an override, I
don't think there's an issue in using a popup in this case.
Instead, we should
use an error status indicator in the chrome (for one or multiple
failures),
I think the risk is that such an indicator would not be noticed, and the
user would be confused when their application didn't work.
Gerv
I've described both ideas in detail in two documents which I've uploaded here:
http://kuix.de/mozilla/sslauth/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
