>>>>> "Maria" == Maria Turk <[log in to unmask]> writes:

    Maria> On 28/06/2011 00:44, Sam Hartman wrote:
    >>>>>>> "Maria" == Maria Turk<[log in to unmask]>  writes:
    Maria> Hi, OK yes, so with regard to removing the service ID card
    Maria> association when there is an error I can see a few usability
    Maria> issues cropping up here.  first off what sort of errors if
    Maria> it's all errors then we risk removing the association when
    Maria> error is temporary which is annoying to the user.  If we are
    Maria> sure that its an error that is permanent then we still have a
    Maria> problem because the user has specifically requested to add
    Maria> this association.  My immediate thoughts are if removing the
    Maria> association is important because we don't want the user to
    Maria> have to go through looking up the service and removing it
    >> 
    >> In the April meeting we discussed and I believed agreed that having
    >> users go and look up a service and remove associations was always the
    >> wrong answer.  I thought we were looking at a mechanism where the user
    >> could enter a mode where they were always prompted but the current
    >> association was the default.
    >> The open question in April was how to signal this to the user.
    >> What was the resolution of that?
    Maria> Yes that's true and it's still not a good answer because there might
    Maria> be an error.  So what I'm suggesting is this.   The user tries to
    Maria> connect to a service via the application and GSS-API for the first
    Maria> time.  The user is presented with a list of ID Cards.  The user
    Maria> selects one of those ID Cards.  The ID Card is then verified and
    Maria> authenticates against the service.  After everything does well and is
    Maria> successful the user is presented with a dialog suggesting everything
    Maria> has gone well and if they would like to always user this ID Card with
    Maria> this service.  This is the case when things go well.  When things
    Maria> don't go well the user never sees the association dialog and so no
    Maria> association occurs.

I have several concerns about this:

1) It doesn't ever end up with an association in the unfortunately
common case where we never find out if things went well or not.

2) It doesn't provide the user with a recovery strategy in the case
where things appeared to go well but where the user doesn't have access

3) It doesn't provide the user with a recovery strategy in the case
where a previous association ends up being incorrect because things have
changed.