Kevin Koch wrote: > > I’m not sure what level of ‘public’ this question deserves, so I’m > starting with the safest level first. > I see no reason why a design discussion of a publicly distributed proposal would not be public to the extent that the proposal was public.
Sending the reply to kfwdev@mit.edu > > > In the ‘Proposed User Experience for … NIM 2.0’ on pages 3, 4, 5 and > 7, there are screenshots of identities. In the upper right corner of > each identity display is the type of identity – Kerberos V5, > Certificate, Secure Key Storage. > > > > I think this might meet MIT (the customer) needs. But what about > Stanford, whose users never see the word ‘Kerberos?’ > > > > Kevin > You are misunderstanding the objection. Clearly, users at Stanford see the terms "Kerberos v5", "Kerberos v4", "AFS", etc. The credentials they obtain are labeled as "Kerberos v5" or "AFS" credentials. There are configuration options pages and details that they need to be able to intact with. These aren't labeled "SUNetId", they are labeled based upon the identity provider and credential types. In NIM 1.x, there is only a single identity provider so there is no need to distinguish them. In a multiple identity provider model, the user must be able to distinguish which identity provider is in use because credential acquisition behavior associated with each identity provider is expected to be different. I do not consider distinguishing between types to be branding. When a NIM 2.x user wishes to obtain credentials, she selects from a list of pre-defined identities. When the identities are created in the user will not be asked for the "Kerberos Username" or the "SUNetId". Instead as shown in Figure 6, they will be given the choice of selecting between the various installed identity providers in a graphical list by Icon and Name. Selecting the "Kerberos v5" identity provider will prompt them for "Username" and "Realm" but not "Kerberos Username" or "SUNetId". When the user selects the Certificate identity provider, she will have the opportunity to configure a Kerberos v5 credential that should be obtained. In doing so, the user will be prompted for the "Username" and "Realm" but not the "Kerberos Username" or the "SUNetId". In Figure 2, the Identity Provider's Icon is displayed next to the identity name and on the right it specifies the Identity Provider's name. Where we believe the branding opportunity exists is in this dialog where an organization could associate a new Icon with the identity based upon the Kerberos v5 realm or the Certificate's Issuer. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ kfwdev mailing list kfwdev@mit.edu http://mailman.mit.edu/mailman/listinfo/kfwdev