Other than for power users, I can't think of a user-centric task where adding that extra complexity to an already incredibly complex process helps. If we want to make PKI deployable, we're going to have to be very aggressive at justifying any feature that adds mouse clicks, requires the user to make decisions, or gives the user enough rope to cause Help Desk problems in the future.
I'll do some other UI mockups to help illustrate that point that you don't need to show the nickname in the UI.
-Bob
Bob Relyea wrote:
[EMAIL PROTECTED]">
Bob Lord wrote:In older versions of Communicator, there was a step in the certificate
enrollment process where the user was asked to name his/her newly issued
certificate. Although this gave the user some flexibility, it mostly
casued problems. Users would sometimes choose non-descriptive names
that would cause Help Desk problems down the road. It also added extra
clicks to the certificate issuance process. More clicks meant higher
Help Desk costs. And there was no way to rename the cert, so whatever
you chose stuck with you forever.We eliminated that ability for most cert enrollments (around C4.6 or
so?), and instead chose the nickname for the user (e.g. "Robert Lord's
Verisign ID"). (There are ways to override that default with Javascript
if the CA administrator wants to.)
The inability to rename the certs are now a bigger problem because users never
have the opportunity to override the PSM chosen name for the cert. These
nicknames get transported via PKCS #12 and are stuck forever. If we have some UI
that allows us to rename cert nicknames then the current semantic of letting
PSM/CA administrators pick the nickname at issuance time because a much more
acceptable (in fact prefered) semantic among all our users.In any event, we should be able to be descriptive enough in any
situation that we don't need to let users select nicknames. I'm sure we
can come up with some reasonably good ways to keep the length reasonable
when pressed.
We should do this even when we have the user ability to rename certs nicknames
bob
