[abfab] Fwd: draft-ietf-abfab-usability-ui-considerations-01 Review
Colton Shields <cshields@getjive.com> Wed, 06 August 2014 16:22 UTC
Return-Path: <cshields@getjive.com>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37D831A00BB for <abfab@ietfa.amsl.com>; Wed, 6 Aug 2014 09:22:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Ihb6fP2uTnN for <abfab@ietfa.amsl.com>; Wed, 6 Aug 2014 09:22:50 -0700 (PDT)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A00E1A0108 for <abfab@ietf.org>; Wed, 6 Aug 2014 09:22:49 -0700 (PDT)
Received: by mail-wi0-f174.google.com with SMTP id d1so9282706wiv.1 for <abfab@ietf.org>; Wed, 06 Aug 2014 09:22:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=getjive.com; s=mail; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Cpr8IkNhbi04rVJX+AnCGC5tmp4J8NBo2tF0Cl7IBu8=; b=ZrDTzO2e1XkLqDuCOzGC8OsOG0Krjo87r/JbsZcdDBkTb7hFqbxmWiA3ZGEzNZI31b Z36imuYCHXmQH+PCLswguYt3kRTLd8iHUcPEcYgkqsda28zOvqGjQmRipLSsuSeV3FAQ TT6/HsOEJ6RtTxkHQUc0dUi2Q36Wx59RbPqvA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=Cpr8IkNhbi04rVJX+AnCGC5tmp4J8NBo2tF0Cl7IBu8=; b=ZUU4JpEurZptvMqfFeiWwct2QaLnCQAI6BdKVkFKTGjkUZ6zcH/CdnzoxAWds39m8f 1SiC8h99/4W4Ye+sTfqU9YwY7KKjEQoykQLARx7LnrNiCsxd+1/gXI8QQF2GxArStb3Y VgygBGC6xyTeivFG11S7ud9Cy6W+X0HY+Sl21MuUN/8S69OysHWJLf+8GEDKVs1o34Q1 w0J4SEeWRt7vptIqR849fGfeE9ctij7zF4VHtJuvZwk133Uo7HVbS4pQTRQUn+RnQLIU rgxxk5djKgulWCacCudNjNioJgnxztngaJsu1QrcpgChIUn6kenbJmW5xFJ8Q7QhHSd5 JY3A==
X-Gm-Message-State: ALoCoQlOVH89z59KtPzo+/r+pO7a4tlTXkEX6WLRnA5fBxfSQqDrybKA0Cjue4WWP3PG5VXA5d8g
MIME-Version: 1.0
X-Received: by 10.180.75.49 with SMTP id z17mr17213357wiv.80.1407342168445; Wed, 06 Aug 2014 09:22:48 -0700 (PDT)
Received: by 10.194.152.37 with HTTP; Wed, 6 Aug 2014 09:22:48 -0700 (PDT)
In-Reply-To: <53E24C5D.10601@getjive.com>
References: <53E24C5D.10601@getjive.com>
Date: Wed, 06 Aug 2014 10:22:48 -0600
Message-ID: <CAGqGa+Oig8C9ZhYy6QKZ9d2S193HEPb+YoO2LHugghOWte6P9Q@mail.gmail.com>
From: Colton Shields <cshields@getjive.com>
To: abfab@ietf.org
Content-Type: multipart/alternative; boundary="f46d04389533072b4404fff86212"
Archived-At: http://mailarchive.ietf.org/arch/msg/abfab/Y40Zy-YLUYWrcmNo089I532tOAc
Subject: [abfab] Fwd: draft-ietf-abfab-usability-ui-considerations-01 Review
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Aug 2014 16:22:55 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
draft-ietf-abfab-usability-ui-considerations-01 Review
>From reading the draft I feel like I understand the majority of the
language and what this draft is trying to accomplish. I did not find
any fundamental flaws with the draft. My comments are minor text changes.
Below are my comments.
Section 3 Considerations
- ------------------------
Could be useful to have examples of each terminology, and what they
look like. Helps readers get context. In Section 5.1 last sentence of
Paragraph 1 it mentions that a NAI looks like an email address. It
would be nice to have examples at the beginning of the document so
readers can wrap their brains around what NAI and other terminology
mean specific to this document.
GSS-API is used several times in the document but is never explained
or defined. Add it to section 3 as bullet point of the terminology of
the document, or the first time it is used, define it.
Section 3 Last Paragraph
- ------------------------
"Trust anchor: An authoritative source of verification of a
particular ABFAB service or Identity Provider, used to allow
authentication of a server using X.509 [RFC5280]. Typically a
commercial CA to allow authentication via chain of trust, or a
preconfigured non-commercial certificate (e.g. self-signed)."
I am unaware of what 'CA' is referring to. I assume it means a
'Certificate Authority' but I am making that assumption from context.
Replace 'CA' with 'Certificate Authority (CA)', or whatever CA
represents.
Section 4 Paragraph 1 Last Sentence
- -----------------------------------
"The simplest way to achieve the desired effect would be a process
that simply takes the credentials from the currently logged in user"
Remove 'simply'. It is already known that this is the simplest way.
Section 5.1 Last Paragraph First Sentence
- ----------------------------------------
" Beyond terminology, careful thought needs to be given to the paradigm
to use when presenting identity to users, as identities and services
are abstract concepts that some users may not find is easily
understandable."
Turn into two separate sentences:
"Beyond terminology, careful thought needs to be given to the paradigm
to use when presenting identity to users."
"Identities and services are abstract concepts that some users may not
find easy to understand."
Section 5.1 Last Paragraph Last Sentence
- ----------------------------------------
"Implementers may wish to keep such abstract
concepts, or may wish to examine attempts to map to real world
paradigms, e.g. the idea of using "Identity Cards" that are held in
the user's "Wallet", as used by Microsoft Cardspace."
Unsure of what this sentence is trying to say. Seems like a run on.
Section 5.2 Last Sentence
- -------------------------
"But for simplicity just the word "service" probably usually suffice."
Remove 'probably' or 'usually'. Use one or the other but not both.
Section 6 Second Sentence
- -------------------------
"This section first looks at what information associated with an
identity will need to managed"
add 'be' to the sentence above to look like the following:
"This section first looks at what information associated with an
identity will need to 'be' managed"
Section 6.1 Paragraph 5
- -----------------------
Unsure of what EAP means. Define in line, or define in Section 3.
Section 6.2 Paragraph 1 Last sentence
- -------------------------------------
Mac and Linux options are listed. Maybe list a Windows option if there
is one. (I personally don't like Windows, so if you don't add this I
won't be mad :) )
Section 6.3.1 Last Paragraph
- -----------------------------
"An Identity Selector that allows for manual addition of identity
information SHOULD try to ensure that trust anchor information is
gathered and checked in a secure a manner as possible - where users
have to enter and confirm all trust anchor information, or be
required to explicitly agree to an insecure configuration if this is
not done properly."
Needs to be reworded. Especially this part 'gathered and checked in a
secure a manner as possible'
Possible option
'gathered and checked in a secure manner'
Section 7.1.1 Numbered List 1
- -----------------------------
"such as its GSS Acceptor Name."
Unaware of what GSS Acceptor Name means. Define in line or in Section 3.
Spelling considerations:
- ------------------------
Section 6.1 Paragraph 6 Middle of the paragraph
Replace 'make' with 'makes'
"any implementer is free to use whatever make sense in their
implementation and conforms to good HCI/UX guidelines."
Great draft, looks good, keep up the good work!
- --Colton
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCgAGBQJT4kxdAAoJEKWz5R7vDXT7V+4H/RAVgs/TRfDtWMF0jmpQMuNZ
B1v3etyH6+ZUXijy3a69RsjKg10QMuACNEbLLzOj8ItxbnIv/qzoIo2BlwLzaqxG
pGEs6+U/mNmUXcU6bHyV5s/6tjiSLy1IDl/Yp+enV/20rq8Z/QGo5BbXnHK+BVar
zEQAJYyikWANNG7WqaaxYj/klhtpWu7tFDylJynwkjL6cILCL/UKWIwP0gazYJLj
OzXaEhQ5AMTeypenFoiZKMnnmmOeTYtUOREDIqXy3iMDnHYSGb5CxQwcyWEwDjbV
GZ3IbaHkjWvWAwNNvmK9ayI0k9es20SqG5wERcx0JPUDEujqBmx+EzcJ++4n18Y=
=fKq/
-----END PGP SIGNATURE-----
- [abfab] Fwd: draft-ietf-abfab-usability-ui-consid… Colton Shields