Re: [abfab] Comments on draft-smith-abfab-usability-ui-considerations-03
Rhys Smith <Smith@cardiff.ac.uk> Wed, 25 September 2013 17:30 UTC
Return-Path: <Smith@cardiff.ac.uk>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9F0A11E8134 for <abfab@ietfa.amsl.com>; Wed, 25 Sep 2013 10:30:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZLnJySDSsqQD for <abfab@ietfa.amsl.com>; Wed, 25 Sep 2013 10:30:52 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1lp0014.outbound.protection.outlook.com [213.199.154.14]) by ietfa.amsl.com (Postfix) with ESMTP id 89F8A11E812D for <abfab@ietf.org>; Wed, 25 Sep 2013 10:30:51 -0700 (PDT)
Received: from AMSPR02MB022.eurprd02.prod.outlook.com (10.242.81.150) by AMSPR02MB022.eurprd02.prod.outlook.com (10.242.81.150) with Microsoft SMTP Server (TLS) id 15.0.775.9; Wed, 25 Sep 2013 17:30:49 +0000
Received: from AMSPR02MB022.eurprd02.prod.outlook.com ([169.254.8.175]) by AMSPR02MB022.eurprd02.prod.outlook.com ([169.254.8.175]) with mapi id 15.00.0775.005; Wed, 25 Sep 2013 17:30:49 +0000
From: Rhys Smith <Smith@cardiff.ac.uk>
To: Jim Schaad <ietf@augustcellars.com>
Thread-Topic: Comments on draft-smith-abfab-usability-ui-considerations-03
Thread-Index: AQHOgjFZR8V3U9M5d0azBJxFGnjBApnXJY6A
Date: Wed, 25 Sep 2013 17:30:48 +0000
Message-ID: <4AD53B48-7169-49D6-A369-BE8F2585FBC1@cardiff.ac.uk>
References: <03a101ce16a9$ab322f40$01968dc0$@augustcellars.com>
In-Reply-To: <03a101ce16a9$ab322f40$01968dc0$@augustcellars.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [109.145.150.203]
x-forefront-prvs: 098076C36C
x-forefront-antispam-report: SFV:NSPM; SFS:(189002)(199002)(24454002)(252514010)(77096001)(51856001)(47736001)(46102001)(36756003)(74482001)(74662001)(47446002)(54356001)(19580405001)(4396001)(56816003)(81686001)(74366001)(19580395003)(83322001)(82746002)(81816001)(80976001)(49866001)(50986001)(47976001)(74706001)(76796001)(76786001)(76482001)(79102001)(56776001)(81342001)(33656001)(69226001)(74876001)(66066001)(83072001)(63696002)(81542001)(65816001)(53806001)(74502001)(59766001)(31966008)(54316002)(77982001)(80022001)(80792004); DIR:OUT; SFP:; SCL:1; SRVR:AMSPR02MB022; H:AMSPR02MB022.eurprd02.prod.outlook.com; CLIP:109.145.150.203; FPR:; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <19645D646F2C304D9E2D2AB6FD380B76@eurprd02.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cardiff.ac.uk
Cc: "abfab@ietf.org" <abfab@ietf.org>
Subject: Re: [abfab] Comments on draft-smith-abfab-usability-ui-considerations-03
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 17:30:58 -0000
Jim, all, Assume all points addressed in -04 to be submitted shortly, apart from those I have specific comments about below: On 1 Mar 2013, at 19:21, Jim Schaad <ietf@augustcellars.com> wrote: > 6. Section 6.1 - Is the issuing organization always going to be derivable > from the NAI of the user? Under what circumstances would this not be the > case? Actually, I don't think this is needed at all. If we're saying that we MUST store an NAI, then that contains both the username and realm to use for identifying the particular IdP. And then the friendly name for the identity would be the place to store a human-friendly name (e.g. Janet or Cardiff University). > 10 Section 7 - Identity selection by calling application rather than GSS-API Sorry, not sure what part of Section 7 this comment is referring to? > 11 Section 7 - last paragraph - last sentence - should this be an > "automatic" option on some types of authentication failures? Good point. I've removed discussion of it being manual at all in that para, and amended section 7.4 to include the idea of manual and automated disassociation. > 12. Section 7.3 - why should the association only be doable after > authentication? Esp for manual authentications. I think it's advisable that this would be the case as it would make interacting with the user easier if the attempt failed, as it could happen JIT as the user attempts to make the connection. If they'd previously made it and, say, only tried to actually use that service weeks later, it would be less obvious to the user as to what the problem might be, I think… I've changed the language though so as to not rule that out. > 13. Section 7.3.1 - It would be beneficial to list the types of things that > are selections. I don't know that it is necessary to know the realm in all > cases. Do we know what these things would be? Actually, wouldn't it just be the GSS Acceptor Name of the service? > 15. Section 8 - should applications attempt to use multiple names if there > are multiple names associated with the service. Need to discuss possible > privacy implications of this approach in terms of association of multiple > names together. Sorry, not sure what this is referring to in sec 8? or is this suggesting a new topic that should be in the error handling section? Best, Rhys. -- Dr Rhys Smith Identity, Access, and Middleware Specialist Cardiff University & Janet - the UK's research and education network email: smith@cardiff.ac.uk / rhys.smith@ja.net GPG: 0xDE2F024C