Usability problems

This section is brainstorming - every feel free to add any and everything that comes to mind. Feel free to comment on on the relative severity of the issues (e.g., #1, #2, medium, low impact problem).

I suspect most of these will be anecdotal, but If we have citable sources, include those.

What are the major usability problems at this time from the user's point of view?

  • Obtaining X.509 credentials
    • Depends a lot on the group of users. My students at UCSD found the process straightforward. - Igor
    • Do we include the time it takes to get the cert as a separate issue? - Igor
  • Managing X.509 credentials - forgetting passwords
  • Managing VOMS attributes
    • Use the right attributes for a particular activity
    • Beware not to overwrite a proxy with different attributes that is still being used
    • Beware /tmp is not shared across interactive cluster nodes (e.g.
    • ATLAS: DN (i.e. a plain grid proxy) should be sufficient to read ATLAS data
      • Would avoid the need to install the VOMS client + deps on a laptop
  • Lack of integration with web site authentication
  • Lack of support of service certificates
    • Von: I need elaboration on this one, please clarify.
  • Lack of internationalization
    • the presence of non-ASCII characters in DNs can cause problems
  • more...

What are the major usability problems at this time from the administrator's point of view?

  • Revocation, managing CRLs
    • (Jakob) regarding "Improved revocation" in the write-up: as far as I know, CRLs are updated more often than the expiry period. For instance, files are fetched every day, but CRLs expire only weekly. Perhaps it makes sense to print the a warning not when it's too late and the certificate expired, but already when it's clear that the update was not working (e.g. after 3 days).
  • Managing authorization policies
  • Expiring host/service certificates
  • Difficulty debugging problems
  • Different services treat proxies differently
    • Libraries
      • Multiple incompatible implementations
    • Mapping
    • Logging
      • Different formats and contents
    • Banning
      • Not possible on certain services
      • Different methods on different services
        • using GUMS/Argus/... helps
    • Testing/debugging/forensics tools
      • Available for some scenarios on some services
  • more...

Others not included in the above?

  • Infrastructure problem - using an authentication framework (X.509) for authorisation purposes (proxies)
  • Overhead - X509 handling is expensive and cannot always be mitigated by using bulk methods
    • Might X509 be used to obtain some sort of session key that is much cheaper to use instead?

Usability Victories

What are we doing right from a usability perspective?

  • Single (at least least infrequent) sign-on - one authentication working many places over a reasonable period of time.
    • Is this related to (i.e. antonym) to the "lack of integration with web" problem described above? - Igor

Top Usability Problems and Victories

Here we discuss and see if we can agree on the top 3 or 5 usability problems and victories.

Try to complete this by January 20th.

  • Problem 1
  • Problem 2
  • Problem 3

  • Victory 1
  • Victory 2
  • Victory 3

Consider some possible solutions.

Brainstorm on possible solutions to the above usability problems.

In which cases is it a Usability vs Security issue or can Security be improved with improved Usability?

Final recommendations

-- VonWelch - 05-Dec-2011

Edit | Attach | Watch | Print version | History: r10 < r9 < r8 < r7 < r6 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r10 - 2012-03-22 - JakobBlomer
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback