Usability problems
This section is brainstorming - every feel free to add any and everything that comes to mind. Feel free to comment on on the relative severity of the issues (e.g., #1, #2, medium, low impact problem).
I suspect most of these will be anecdotal, but If we have citable sources, include those.
What are the major usability problems at this time from the user's point of view?
- Obtaining X.509 credentials
- Depends a lot on the group of users. My students at UCSD found the process straightforward. - Igor
- Do we include the time it takes to get the cert as a separate issue? - Igor
- Managing X.509 credentials - forgetting passwords
- Managing VOMS attributes
- Use the right attributes for a particular activity
- Beware not to overwrite a proxy with different attributes that is still being used
- Beware /tmp is not shared across interactive cluster nodes (e.g. lxplus.cern.ch)
- ATLAS: DN (i.e. a plain grid proxy) should be sufficient to read ATLAS data
- Would avoid the need to install the VOMS client + deps on a laptop
- Lack of integration with web site authentication
- Lack of support of service certificates
- Von: I need elaboration on this one, please clarify.
- Lack of internationalization
- the presence of non-ASCII characters in DNs can cause problems
- more...
What are the major usability problems at this time from the administrator's point of view?
- Revocation, managing CRLs
- (Jakob) regarding "Improved revocation" in the write-up: as far as I know, CRLs are updated more often than the expiry period. For instance, files are fetched every day, but CRLs expire only weekly. Perhaps it makes sense to print the a warning not when it's too late and the certificate expired, but already when it's clear that the update was not working (e.g. after 3 days).
- Managing authorization policies
- Expiring host/service certificates
- Difficulty debugging problems
- Different services treat proxies differently
- Libraries
- Multiple incompatible implementations
- Mapping
- Logging
- Different formats and contents
- Banning
- Not possible on certain services
- Different methods on different services
- using GUMS/Argus/... helps
- Testing/debugging/forensics tools
- Available for some scenarios on some services
- more...
Others not included in the above?
- Infrastructure problem - using an authentication framework (X.509) for authorisation purposes (proxies)
- Overhead - X509 handling is expensive and cannot always be mitigated by using bulk methods
- Might X509 be used to obtain some sort of session key that is much cheaper to use instead?
Usability Victories
What are we doing right from a usability perspective?
- Single (at least least infrequent) sign-on - one authentication working many places over a reasonable period of time.
- Is this related to (i.e. antonym) to the "lack of integration with web" problem described above? - Igor
Top Usability Problems and Victories
Here we discuss and see if we can agree on the top 3 or 5 usability problems and victories.
Try to complete this by January 20th.
- Problem 1
- Problem 2
- Problem 3
- Victory 1
- Victory 2
- Victory 3
Consider some possible solutions.
Brainstorm on possible solutions to the above usability problems.
In which cases is it a Usability vs Security issue or can Security be improved with improved Usability?
Final recommendations
--
VonWelch - 05-Dec-2011