[Usability] Re: Gnome-keyring terminology and UI wording

[Alexander Larsson <alexl redhat com>]

On Tue, 2003-12-16 at 17:18, Calum Benson wrote:
> On Tue, 2003-12-16 at 15:28, Alexander Larsson wrote:
> 
> > Hi, i've recently introduced a new module in the gnome desktop, and I'd
> > like some help with deciding on the way it is exposed in the user
> > interface. 
> 
> Hmm, I have a rough idea of what keychains are all about from my
> occasional Mac usage, but I think it would be really helpful if somebody
> could write up a few simple scenarios to illustrate how/why somebody is
> likely to be using them in GNOME, to help this discussion along a
> little.  Maybe my brain has just gone a bit rusty from taking a few days
> off though :)

This apple doc is good reading:
http://developer.apple.com/documentation/Security/Conceptual/keychainServConcepts/02concepts/chapter_2_section_1.html#//apple_ref/doc/uid/TP30000897-CH204

Here are a few scenarios, ranging from trivial to advanced:

1)
* User goes to ftp/smb/ssh/whatever site using nautilus
* a username/password is required to log in, which the user types in
* Since the user wants to use this site a lot today, he checks the 
"remember for this session" checkbox
* User now doesn't have to enter password for this site until he logs
out

2) (epi doesn't support gnome-keyring yet, but i hope it will soon)
* User goes to a web site which requires authentication
* User creates a new user, and makes up a password [not the same as his
normal one, since he doesn't trust the website]
* Then when he logs in he choses "save this password in the keyring" and
now gladly forgets whatever password he choosed.
* The next time he accesses this site, he won't have to enter the
password, since the one stored in the keyring will be used. However, if
the keyring is not unlocked he will have to enter the password for the
keyring.

3) 
* The user in 2) navigates to the webpage using another program, say a
webpage designer. 
* The app detects that there is a password for this site in the keyring
and requests it
* Since the new app wasn't the one that created the password its not in
the ACL for the keyring item. The user is presented with a dialog asking
if its ok for the app to read the password.
* User clicks "always allow" which adds the app to the ACL, and he never
needs to see that dialog again

4) (this isn't implemented atm)
* User uses a webbrowser that remembers filled out forms.
* When buying a book at amazon he has to fill in his visa number in a
form
* Since he often does this he checks the "remember form" checkbox in the
browser. 
* This saves the form data in a secure way using the keyring crypto.
[The exact implementation may vary, one way is to generate a large key
for encrypting the form data and storing the key in the keyring. That
way you'd avoid storing lots of data in the keyring, which it really
isn't set up to handle.]

5) 
* An advanced user has two keyrings set up, the default one has his
normal web passwords and is used for new password, however, he also has
a keyring with some really sensitive passwords he uses for
administrating some machines. These are in a separate keyring, which is
normally always locked.
* However, when he connects to one of these servers (say using the ssh:
method in nautilus) the system will notice that the other keyring has a
password that matches, and will ask for the password
* By typing the password for the other keyring he can now access these
passwords. However, the settings for this keyrings can be set such that
the keyring immediately locks itself after a short timeout, meaning the
decrypted passwords are no longer stored in the computer memory.

6) (manager ui not implemented yet)
* User starts a keyring manager ui to see what passwords are stored, he
can lock or unlock them, remove items, etc. He can also add "note" items
for stuff that he wants to type down for storage in a secret way.



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a scarfaced day-dreaming hairdresser looking for a cure to the poison 
coursing through his veins. She's a beautiful renegade museum curator with 
only herself to blame. They fight crime!