On 2010-03-26 12:04 PST, Kai Engert wrote: > On 26.03.2010 13:44, Gervase Markham wrote: >> I've been looking at your documents, but I do think this is a case where >> a picture is worth a thousand words. Do you have any plans to provide UI >> mockups? > > Hi Gerv, > > thanks a lot for your feedback. I've created a graphical presentation > for the client authentication part: > > http://kuix.de/mozilla/sslauth/cli-v1-pres/ > > Some more explanations: > > There isn't a lot of UI involved, besides some icons and a configuration > dialog with dynamic content (see ASCII screenshot in the client > authentication document, pages 7 and 8). > > (For each icon there'd be a related menu command for accessibility.) > > When an icon is clicked, you'd get a popup menu with the list of related > sites (connection attempt or currently authenticated). > > If there's just one related site, we could jump to the config dialog > directly.
The sequence of events in the dialog is likely, IMO, to give the users the impression that client authentication is a user-initiated act, rather than a server initiated act. It seems to say to the user, "if you want to authenticate to this server with your cert, you select your cert and click here". I gather that the intent is that the browser will (re)initiate an https request to the server(s) in response to that click. But there is no assurance that the server will request client auth when the subsequent requests are sent. I think this is likely to lead to a lot of inquiries/complaints from users, asking "why can't I authenticate to this site whenever I want to?". Also, what are those icons supposed to represent? It looks to me like a book and a light beam, where the book eventually interrupts the light beam, much as objects on a conveyor belt at a supermarket checkout break the light beam which stops the belt. Perhaps that's not what it's showing me, but if it is, that doesn't suggest to me anything having to do with authentication. But this is a minor point. I'm sure that suitable icons can be found. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
