Bug 204001 - ESC is confusing. Suggestions contained herein
ESC is confusing. Suggestions contained herein
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: esc (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jack Magne
:
Depends On:
Blocks: 181509
  Show dependency treegraph
 
Reported: 2006-08-24 17:54 EDT by Suzanne Hillman
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-24 19:27:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Suzanne Hillman 2006-08-24 17:54:22 EDT
Description of problem:
ESC is very confusing, as it does not tell the user enough about what is going on.

In the main screen, there should be some indication of whether or not one is
actually connected happily to a cert server. 
   If it is not, there should be instructions on how to do this (at the very
least, something about asking one's administrator for help, but since it's
unlikely a non-administrator would be using ESC, that message is likely to be
useless. 
   If it is connected happily, it should say which one one is connected to, and
whether or not any inserted card(s) were enrolled with that server.
      If the inserted cards were not enrolled with this server, it should tell
you this, and that you need to format and enroll the new card (I suspect those
two steps should be one, not two like they are now) in order to use it. (this
assumes the lack of ability to connect to multiple cert servers)

The user of ESC should never sit at the screen in confusion, as I was doing
yesterday, with a card which had been enrolled with a server which no longer was
up and running, which was coming up as enrolled, but not working. It should
_tell_ you what to do next, whether or not the card is a blank one, or just one
set up with a different server.

Version-Release number of selected component (if applicable):
esc-1.0.0-6.fc6

How reproducible:
Always

Steps to Reproduce:
1. Get a card not enrolled with the server whose cert you imported.
2. Insert it after logging in as a local user.
  
Actual results:
Be very confused as to what one needs to do next.

Expected results:
Instructions to let you know that the cert server does not understand your card,
and that it needs formatting and enrolling. Also, information on whether or not
a cert server is known to ESC, and what it's called if it is.

Additional info:
Comment 1 Bob Lord 2006-08-24 18:29:09 EDT
ESC (in the control panel form) will not connect to a server unless you select
one of the server-based options: Format, Reset PIN, Enroll. And it will do so
for a finite amount of time, just until the requested action is completed or
fails. Therefore, it does not make sense to describe any server connections there.

This statement contains a false assumption:
    The user of ESC should never sit at the screen in confusion, 
    as I was doing yesterday, with a card which had been 
    enrolled with a server which no longer was up and running

ESC will not connect to the server except under the conditions I mentioned above. 

The behavior in bug 203846 may have introduced some confusion since it was
causing ESC to phone-home at times other than the ones I listed above.

Armed with that information, does this bug get resolved?  If not, can you be
more specific about what you did, and what you saw on the screen?  Screen shots
are probably required to understand the problem.


Comment 3 Bob Lord 2006-08-24 19:27:44 EDT
Given that this is a deployment problem, can we resolve this bug report?

Or are there other specific issues to address?  If there are, I would propose
that we still close this one, and open others bug reports to detail the specifics.
Comment 6 Bob Lord 2006-08-24 20:12:03 EDT
(In reply to comment #4)
> I agree with Suzanne. ESC is confusing. 
> 
> Suzanne and indeed Zack ( and I to a certain extent ) are all new to ESC so the
> usability feedback is very valuable.

Agreed, but we need to be specific.


> Her point is that the manage keys screen should be more intuitive.

It seems to me that we're throwing up our hands because of some bugs that need
to be fixed.  But once those are fixed, I'm hard pressed to see the usability
problems.  I'm *sure* they exist, but we need to be specific.

If you have no tokens plugged in, ESC clearly says "No keys present".
If you have one or more keys plugged in, ESC lists them, and allows you perform
actions on them.  Options that are not available at that moment (like enrolling
an already enrolled token) are grayed out.

A user will never ever see the TPS URL window.  The only way to see that window
is for someone to give you an uninitialized card. Now, QA engineers will need to
learn about and use that window, but I think we can all get down the learning
curve quickly.  Maybe a concall is in order?


> Her smart card login wasn't working and she was presented with this screen/box.
> Even if it shouldn't have popped up .... even if she got to it through the - now
> broken/not running - top panel icon, she was presented with this screen for the
> first time ever and it should be more clue-full or discoverable.

The text at the top needs to be re-written.  That should clear up a lot of
confusion.

But no average user will ever need to go to this screen unless directed by a
Support Engineer. We can imagine some tech-savvy users poking around, but in
general if you see ESC, something is probably not going well, and it should be
able to help you and the Support Engineer from the company that issued the card
(e.g. your bank).


> What are those diagnostics ? That didn't help her figure out what was wrong with
> smart card login. 

Over time, the log file will have more human readable output.  I've also filed
bug 204012 to make it more clear what this window is for.  


> What is View Certificates for, 

You have certs on your key.  This button shows them to you.



>it asks for a password and
> then displays those certs anyway. 

I think that bug has been filed.  If not, please file it. I know Bob Relyea has
talked to Jack about it.


> Reset pin doesn't work. 

That should work.  If it does not, please file a bug, but also check to make
sure that the TPS server is running. The PIN Reset function requires
communication with the server.  If dev-managed server availability is a problem,
we'll need to consider ways to set up another server that engineers won't fiddle
with.


> Format does but is
> that what she wanted ????? It turns out that yes it was but she had to ask
someone. 

Format is a very serious operation that puts the card into an unenrolled state.
The user can then enroll. 



> Issuer/UNKNOWN/ENROLLED ????????

The screen should have reasonable values like this:
Issuer           Issued To      Status
Veracity Inc.    Robert Lord    Enrolled

ESC will display the values on the card.  If those values are not meaningful,
that's a deployment problem that should be fixed by whoever gave you the card.


> Now most of these problems have been filed as separate bugs at this time.
> 
> But the overall usability of ESC is in question here. 

After you take away the bugs, I don't see any usability problems.  I know there
are some (many?).  But we need to clear these bugs and re-assess.



> I agree with her .... I
> had to ask someone how all this works when I was first confronted with this
> thing too. 

Some observations:
1. Those bugs result in a super-confusing experience.  We'll work though those.
They are making me crazy as well.

2. There are some deployment problems that we clearly need to address in our
little pilot here.  I see some of those issues as well.  Let's huddle to figure
out how we can best do that.

3. Users will not need to see these screens if things are going well. So while
we need to really keep pushing hard on usability, we also need to keep in mind
that the target audience is not your average desktop user.  


Comment 7 Jack Magne 2006-08-25 12:36:03 EDT
I also think we can do some simple things with the UI to help the user.

For instance:

1. Continue to evolve the text on the screen to help the user, possibly adding
some where appropriate. The text at the top, which explains what the page is all
about, especially could be tweaked to better effect.

2. Include some simple tool tips for the UI elements such as buttons. For
instance  , hovering over the "Diagnostics" button could say something like
"Click here to view the smartcard information collected by the system to this
point". Also attempt to add tool tips to the headers  for the visible table rows
containing each key. For example hovering over "Issuer" header could say
something like "This is the institution responsible for issuing each security key".


Comment 8 Suzanne Hillman 2006-08-25 12:59:33 EDT
> > Reset pin doesn't work. 
>
> That should work.  If it does not, please file a bug, but also check to make
sure that the TPS server is running. The PIN Reset function requires
communication with the server.

How I tell, via ESC, if ESC is able to talk to the server? Or if the server is
running, when I'm remote?

> > Issuer/UNKNOWN/ENROLLED ????????

> The screen should have reasonable values like this:
> Issuer           Issued To      Status
> Veracity Inc.    Robert Lord    Enrolled

I've yet to see anything useful in 'Issued To', even after reformatting and
reenrolling. What is supposed to set this?

> ESC will display the values on the card.  If those values are not meaningful,
> that's a deployment problem that should be fixed by whoever gave you the card.

This is not handled by formatting and enrolling?

And, Jack, I thoroughly approve of the tool tips idea!

Note You need to log in before you can comment on or make changes to this bug.