Description of problem: ESC is very confusing, as it does not tell the user enough about what is going on. In the main screen, there should be some indication of whether or not one is actually connected happily to a cert server. If it is not, there should be instructions on how to do this (at the very least, something about asking one's administrator for help, but since it's unlikely a non-administrator would be using ESC, that message is likely to be useless. If it is connected happily, it should say which one one is connected to, and whether or not any inserted card(s) were enrolled with that server. If the inserted cards were not enrolled with this server, it should tell you this, and that you need to format and enroll the new card (I suspect those two steps should be one, not two like they are now) in order to use it. (this assumes the lack of ability to connect to multiple cert servers) The user of ESC should never sit at the screen in confusion, as I was doing yesterday, with a card which had been enrolled with a server which no longer was up and running, which was coming up as enrolled, but not working. It should _tell_ you what to do next, whether or not the card is a blank one, or just one set up with a different server. Version-Release number of selected component (if applicable): esc-1.0.0-6.fc6 How reproducible: Always Steps to Reproduce: 1. Get a card not enrolled with the server whose cert you imported. 2. Insert it after logging in as a local user. Actual results: Be very confused as to what one needs to do next. Expected results: Instructions to let you know that the cert server does not understand your card, and that it needs formatting and enrolling. Also, information on whether or not a cert server is known to ESC, and what it's called if it is. Additional info:
ESC (in the control panel form) will not connect to a server unless you select one of the server-based options: Format, Reset PIN, Enroll. And it will do so for a finite amount of time, just until the requested action is completed or fails. Therefore, it does not make sense to describe any server connections there. This statement contains a false assumption: The user of ESC should never sit at the screen in confusion, as I was doing yesterday, with a card which had been enrolled with a server which no longer was up and running ESC will not connect to the server except under the conditions I mentioned above. The behavior in bug 203846 may have introduced some confusion since it was causing ESC to phone-home at times other than the ones I listed above. Armed with that information, does this bug get resolved? If not, can you be more specific about what you did, and what you saw on the screen? Screen shots are probably required to understand the problem.
Given that this is a deployment problem, can we resolve this bug report? Or are there other specific issues to address? If there are, I would propose that we still close this one, and open others bug reports to detail the specifics.
(In reply to comment #4) > I agree with Suzanne. ESC is confusing. > > Suzanne and indeed Zack ( and I to a certain extent ) are all new to ESC so the > usability feedback is very valuable. Agreed, but we need to be specific. > Her point is that the manage keys screen should be more intuitive. It seems to me that we're throwing up our hands because of some bugs that need to be fixed. But once those are fixed, I'm hard pressed to see the usability problems. I'm *sure* they exist, but we need to be specific. If you have no tokens plugged in, ESC clearly says "No keys present". If you have one or more keys plugged in, ESC lists them, and allows you perform actions on them. Options that are not available at that moment (like enrolling an already enrolled token) are grayed out. A user will never ever see the TPS URL window. The only way to see that window is for someone to give you an uninitialized card. Now, QA engineers will need to learn about and use that window, but I think we can all get down the learning curve quickly. Maybe a concall is in order? > Her smart card login wasn't working and she was presented with this screen/box. > Even if it shouldn't have popped up .... even if she got to it through the - now > broken/not running - top panel icon, she was presented with this screen for the > first time ever and it should be more clue-full or discoverable. The text at the top needs to be re-written. That should clear up a lot of confusion. But no average user will ever need to go to this screen unless directed by a Support Engineer. We can imagine some tech-savvy users poking around, but in general if you see ESC, something is probably not going well, and it should be able to help you and the Support Engineer from the company that issued the card (e.g. your bank). > What are those diagnostics ? That didn't help her figure out what was wrong with > smart card login. Over time, the log file will have more human readable output. I've also filed bug 204012 to make it more clear what this window is for. > What is View Certificates for, You have certs on your key. This button shows them to you. >it asks for a password and > then displays those certs anyway. I think that bug has been filed. If not, please file it. I know Bob Relyea has talked to Jack about it. > Reset pin doesn't work. That should work. If it does not, please file a bug, but also check to make sure that the TPS server is running. The PIN Reset function requires communication with the server. If dev-managed server availability is a problem, we'll need to consider ways to set up another server that engineers won't fiddle with. > Format does but is > that what she wanted ????? It turns out that yes it was but she had to ask someone. Format is a very serious operation that puts the card into an unenrolled state. The user can then enroll. > Issuer/UNKNOWN/ENROLLED ???????? The screen should have reasonable values like this: Issuer Issued To Status Veracity Inc. Robert Lord Enrolled ESC will display the values on the card. If those values are not meaningful, that's a deployment problem that should be fixed by whoever gave you the card. > Now most of these problems have been filed as separate bugs at this time. > > But the overall usability of ESC is in question here. After you take away the bugs, I don't see any usability problems. I know there are some (many?). But we need to clear these bugs and re-assess. > I agree with her .... I > had to ask someone how all this works when I was first confronted with this > thing too. Some observations: 1. Those bugs result in a super-confusing experience. We'll work though those. They are making me crazy as well. 2. There are some deployment problems that we clearly need to address in our little pilot here. I see some of those issues as well. Let's huddle to figure out how we can best do that. 3. Users will not need to see these screens if things are going well. So while we need to really keep pushing hard on usability, we also need to keep in mind that the target audience is not your average desktop user.
I also think we can do some simple things with the UI to help the user. For instance: 1. Continue to evolve the text on the screen to help the user, possibly adding some where appropriate. The text at the top, which explains what the page is all about, especially could be tweaked to better effect. 2. Include some simple tool tips for the UI elements such as buttons. For instance , hovering over the "Diagnostics" button could say something like "Click here to view the smartcard information collected by the system to this point". Also attempt to add tool tips to the headers for the visible table rows containing each key. For example hovering over "Issuer" header could say something like "This is the institution responsible for issuing each security key".
> > Reset pin doesn't work. > > That should work. If it does not, please file a bug, but also check to make sure that the TPS server is running. The PIN Reset function requires communication with the server. How I tell, via ESC, if ESC is able to talk to the server? Or if the server is running, when I'm remote? > > Issuer/UNKNOWN/ENROLLED ???????? > The screen should have reasonable values like this: > Issuer Issued To Status > Veracity Inc. Robert Lord Enrolled I've yet to see anything useful in 'Issued To', even after reformatting and reenrolling. What is supposed to set this? > ESC will display the values on the card. If those values are not meaningful, > that's a deployment problem that should be fixed by whoever gave you the card. This is not handled by formatting and enrolling? And, Jack, I thoroughly approve of the tool tips idea!