[abfab] Fwd: draft-ietf-abfab-usability-ui-considerations-01 Review
Colton Shields <cshields@getjive.com> Wed, 06 August 2014 16:22 UTC
Return-Path: <cshields@getjive.com>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37D831A00BB for <abfab@ietfa.amsl.com>; Wed, 6 Aug 2014 09:22:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Ihb6fP2uTnN for <abfab@ietfa.amsl.com>; Wed, 6 Aug 2014 09:22:50 -0700 (PDT)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A00E1A0108 for <abfab@ietf.org>; Wed, 6 Aug 2014 09:22:49 -0700 (PDT)
Received: by mail-wi0-f174.google.com with SMTP id d1so9282706wiv.1 for <abfab@ietf.org>; Wed, 06 Aug 2014 09:22:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=getjive.com; s=mail; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Cpr8IkNhbi04rVJX+AnCGC5tmp4J8NBo2tF0Cl7IBu8=; b=ZrDTzO2e1XkLqDuCOzGC8OsOG0Krjo87r/JbsZcdDBkTb7hFqbxmWiA3ZGEzNZI31b Z36imuYCHXmQH+PCLswguYt3kRTLd8iHUcPEcYgkqsda28zOvqGjQmRipLSsuSeV3FAQ TT6/HsOEJ6RtTxkHQUc0dUi2Q36Wx59RbPqvA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=Cpr8IkNhbi04rVJX+AnCGC5tmp4J8NBo2tF0Cl7IBu8=; b=ZUU4JpEurZptvMqfFeiWwct2QaLnCQAI6BdKVkFKTGjkUZ6zcH/CdnzoxAWds39m8f 1SiC8h99/4W4Ye+sTfqU9YwY7KKjEQoykQLARx7LnrNiCsxd+1/gXI8QQF2GxArStb3Y VgygBGC6xyTeivFG11S7ud9Cy6W+X0HY+Sl21MuUN/8S69OysHWJLf+8GEDKVs1o34Q1 w0J4SEeWRt7vptIqR849fGfeE9ctij7zF4VHtJuvZwk133Uo7HVbS4pQTRQUn+RnQLIU rgxxk5djKgulWCacCudNjNioJgnxztngaJsu1QrcpgChIUn6kenbJmW5xFJ8Q7QhHSd5 JY3A==
X-Gm-Message-State: ALoCoQlOVH89z59KtPzo+/r+pO7a4tlTXkEX6WLRnA5fBxfSQqDrybKA0Cjue4WWP3PG5VXA5d8g
MIME-Version: 1.0
X-Received: by 10.180.75.49 with SMTP id z17mr17213357wiv.80.1407342168445; Wed, 06 Aug 2014 09:22:48 -0700 (PDT)
Received: by 10.194.152.37 with HTTP; Wed, 6 Aug 2014 09:22:48 -0700 (PDT)
In-Reply-To: <53E24C5D.10601@getjive.com>
References: <53E24C5D.10601@getjive.com>
Date: Wed, 06 Aug 2014 10:22:48 -0600
Message-ID: <CAGqGa+Oig8C9ZhYy6QKZ9d2S193HEPb+YoO2LHugghOWte6P9Q@mail.gmail.com>
From: Colton Shields <cshields@getjive.com>
To: abfab@ietf.org
Content-Type: multipart/alternative; boundary="f46d04389533072b4404fff86212"
Archived-At: http://mailarchive.ietf.org/arch/msg/abfab/Y40Zy-YLUYWrcmNo089I532tOAc
Subject: [abfab] Fwd: draft-ietf-abfab-usability-ui-considerations-01 Review
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Aug 2014 16:22:55 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 draft-ietf-abfab-usability-ui-considerations-01 Review >From reading the draft I feel like I understand the majority of the language and what this draft is trying to accomplish. I did not find any fundamental flaws with the draft. My comments are minor text changes. Below are my comments. Section 3 Considerations - ------------------------ Could be useful to have examples of each terminology, and what they look like. Helps readers get context. In Section 5.1 last sentence of Paragraph 1 it mentions that a NAI looks like an email address. It would be nice to have examples at the beginning of the document so readers can wrap their brains around what NAI and other terminology mean specific to this document. GSS-API is used several times in the document but is never explained or defined. Add it to section 3 as bullet point of the terminology of the document, or the first time it is used, define it. Section 3 Last Paragraph - ------------------------ "Trust anchor: An authoritative source of verification of a particular ABFAB service or Identity Provider, used to allow authentication of a server using X.509 [RFC5280]. Typically a commercial CA to allow authentication via chain of trust, or a preconfigured non-commercial certificate (e.g. self-signed)." I am unaware of what 'CA' is referring to. I assume it means a 'Certificate Authority' but I am making that assumption from context. Replace 'CA' with 'Certificate Authority (CA)', or whatever CA represents. Section 4 Paragraph 1 Last Sentence - ----------------------------------- "The simplest way to achieve the desired effect would be a process that simply takes the credentials from the currently logged in user" Remove 'simply'. It is already known that this is the simplest way. Section 5.1 Last Paragraph First Sentence - ---------------------------------------- " Beyond terminology, careful thought needs to be given to the paradigm to use when presenting identity to users, as identities and services are abstract concepts that some users may not find is easily understandable." Turn into two separate sentences: "Beyond terminology, careful thought needs to be given to the paradigm to use when presenting identity to users." "Identities and services are abstract concepts that some users may not find easy to understand." Section 5.1 Last Paragraph Last Sentence - ---------------------------------------- "Implementers may wish to keep such abstract concepts, or may wish to examine attempts to map to real world paradigms, e.g. the idea of using "Identity Cards" that are held in the user's "Wallet", as used by Microsoft Cardspace." Unsure of what this sentence is trying to say. Seems like a run on. Section 5.2 Last Sentence - ------------------------- "But for simplicity just the word "service" probably usually suffice." Remove 'probably' or 'usually'. Use one or the other but not both. Section 6 Second Sentence - ------------------------- "This section first looks at what information associated with an identity will need to managed" add 'be' to the sentence above to look like the following: "This section first looks at what information associated with an identity will need to 'be' managed" Section 6.1 Paragraph 5 - ----------------------- Unsure of what EAP means. Define in line, or define in Section 3. Section 6.2 Paragraph 1 Last sentence - ------------------------------------- Mac and Linux options are listed. Maybe list a Windows option if there is one. (I personally don't like Windows, so if you don't add this I won't be mad :) ) Section 6.3.1 Last Paragraph - ----------------------------- "An Identity Selector that allows for manual addition of identity information SHOULD try to ensure that trust anchor information is gathered and checked in a secure a manner as possible - where users have to enter and confirm all trust anchor information, or be required to explicitly agree to an insecure configuration if this is not done properly." Needs to be reworded. Especially this part 'gathered and checked in a secure a manner as possible' Possible option 'gathered and checked in a secure manner' Section 7.1.1 Numbered List 1 - ----------------------------- "such as its GSS Acceptor Name." Unaware of what GSS Acceptor Name means. Define in line or in Section 3. Spelling considerations: - ------------------------ Section 6.1 Paragraph 6 Middle of the paragraph Replace 'make' with 'makes' "any implementer is free to use whatever make sense in their implementation and conforms to good HCI/UX guidelines." Great draft, looks good, keep up the good work! - --Colton -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJT4kxdAAoJEKWz5R7vDXT7V+4H/RAVgs/TRfDtWMF0jmpQMuNZ B1v3etyH6+ZUXijy3a69RsjKg10QMuACNEbLLzOj8ItxbnIv/qzoIo2BlwLzaqxG pGEs6+U/mNmUXcU6bHyV5s/6tjiSLy1IDl/Yp+enV/20rq8Z/QGo5BbXnHK+BVar zEQAJYyikWANNG7WqaaxYj/klhtpWu7tFDylJynwkjL6cILCL/UKWIwP0gazYJLj OzXaEhQ5AMTeypenFoiZKMnnmmOeTYtUOREDIqXy3iMDnHYSGb5CxQwcyWEwDjbV GZ3IbaHkjWvWAwNNvmK9ayI0k9es20SqG5wERcx0JPUDEujqBmx+EzcJ++4n18Y= =fKq/ -----END PGP SIGNATURE-----
- [abfab] Fwd: draft-ietf-abfab-usability-ui-consid… Colton Shields