[yast-devel] GUI related questions about registration
Hi, I am just pondering about the design of the "Details of Registration Server" dialog, where the user is able to modify the registration server and to administer needed certificates and I have some questions about it: * Do we want to do configuration of registration server via GUI at all? * Is there more than one certificate issued by the registration server? From my talk with Jens Daniel I got the information, that there will be one registration server so I guess that it will issue one certificate, but you know how it is with guessing :-) * Does acceptance of certificate mean that, a user action is required to accept/install it? * How are "Do you want to accept this certificate?" pop ups handled, which are provided by a browser? Are they suppressed or if enabled would the user accept the certificate by clicking the pop up instead of a button in the webYaST GUI? * Do we want to visualize import/export certificate in the GUI? * Do we want to allow the user to delete a certificate or do we just display a certificate obtained by connecting to registration server? I am asking all these questions to figure out, how important you want to rate these settings. From a nice and simple perspective I would just enter registration credentials and then continue with next dialog. What do you think about that? Looking forward to your comments, Martin --- Martin Schmidkunz User Experience Specialist mschmidkunz@novell.com +49 (0) 911 740 53-346 --- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) --- Novell® Making IT Work As One™
* Martin Schmidkunz
Hi,
I am just pondering about the design of the "Details of Registration Server" dialog, where the user is able to modify the registration server and to administer needed certificates and I have some questions about it: * Do we want to do configuration of registration server via GUI at all? No. I don't see this requested and it also wouldn't match our target audience (unexperienced users).
* Is there more than one certificate issued by the registration server? From my talk with Jens Daniel I got the information, that there will be one registration server so I guess that it will issue one certificate, but you know how it is with guessing :-) Ask Michael Calmer and Thomas Goettlicher, they're handling such issues for SLMS.
I currently see two certificates in the WebYaST architecture. 1. To establish trust between the appliance and the registration server. 2. To establish trust between the appliance and the browser. case 1 would ideally be handled when creating the appliance by pre-installing the certificate on the appliance. If this is not the case, we need an acceptance pop-up in WebYaST. case 2 would be a no-brainer if the vendor installs a 'commercial' certificate, i.e. one with a trust chain already build into the browser. Otherwise, certificate acceptance is done by the browser outside WebYaSTs influence.
* Does acceptance of certificate mean that, a user action is required to accept/install it? I'd say yes for both cases.
* How are "Do you want to accept this certificate?" pop ups handled, which are provided by a browser? You must not influence those. Its up to the user, not the originating website to accept/deny trust.
Are they suppressed or if enabled would the user accept the certificate by clicking the pop up instead of a button in the webYaST GUI?
For case 1 above, the dialog is handled by the browser. For case 2 WebYaST must provision this.
* Do we want to visualize import/export certificate in the GUI? Would we need this ? Whats the usecase here ?
* Do we want to allow the user to delete a certificate or do we just display a certificate obtained by connecting to registration server? The latter. Certification management is not a priority right now.
Hth, Klaus --- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On štvrtok 01 Október 2009 11:13:18 Klaus Kaempf wrote:
* Martin Schmidkunz
[Oct 01. 2009 09:47]: Hi,
I am just pondering about the design of the "Details of Registration Server" dialog, where the user is able to modify the registration server and to administer needed certificates and I have some questions about it: * Do we want to do configuration of registration server via GUI at all?
No. I don't see this requested and it also wouldn't match our target audience (unexperienced users).
Well, SMT is able to handle appliances and that is a valid use cases. Though I'm not sure is having the option available easily is needed. Stano -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
* Stanislav Visnovsky
On štvrtok 01 Október 2009 11:13:18 Klaus Kaempf wrote:
* Martin Schmidkunz
[Oct 01. 2009 09:47]: Hi,
I am just pondering about the design of the "Details of Registration Server" dialog, where the user is able to modify the registration server and to administer needed certificates and I have some questions about it: * Do we want to do configuration of registration server via GUI at all?
No. I don't see this requested and it also wouldn't match our target audience (unexperienced users).
Well, SMT is able to handle appliances and that is a valid use cases.
Having the registration server configurable in a config file ? I fully agree.
Though I'm not sure is having the option available easily is needed.
That's the point. There's no need to expose this via the UI currently. Klaus --- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On pondelok 05 Október 2009 09:21:02 Klaus Kaempf wrote:
* Stanislav Visnovsky
[Oct 04. 2009 21:01]: On štvrtok 01 Október 2009 11:13:18 Klaus Kaempf wrote:
* Martin Schmidkunz
[Oct 01. 2009 09:47]: Hi,
I am just pondering about the design of the "Details of Registration Server" dialog, where the user is able to modify the registration server and to administer needed certificates and I have some questions about it: * Do we want to do configuration of registration server via GUI at all?
No. I don't see this requested and it also wouldn't match our target audience (unexperienced users).
Well, SMT is able to handle appliances and that is a valid use cases.
Having the registration server configurable in a config file ? I fully agree.
Well,, for appliance, we do not have anything like 'installation parameter' to set up registration server. We need other means to provide easy way to adapt this during deployment. Stano -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
Hi, Am Montag, 5. Oktober 2009 22:08:34 schrieb Stanislav Visnovsky:
On pondelok 05 Október 2009 09:21:02 Klaus Kaempf wrote:
* Stanislav Visnovsky
[Oct 04. 2009 21:01]: On štvrtok 01 Október 2009 11:13:18 Klaus Kaempf wrote:
* Martin Schmidkunz
[Oct 01. 2009 09:47]: Hi,
I am just pondering about the design of the "Details of Registration Server" dialog, where the user is able to modify the registration server and to administer needed certificates and I have some questions about it: * Do we want to do configuration of registration server via GUI at all?
No. I don't see this requested and it also wouldn't match our target audience (unexperienced users).
Well, SMT is able to handle appliances and that is a valid use cases.
Having the registration server configurable in a config file ? I fully agree.
Well,, for appliance, we do not have anything like 'installation parameter' to set up registration server. We need other means to provide easy way to adapt this during deployment.
For what is this web yast module? Only for appliances or should it replace (some day) the current (traditional) yast module? If it should replace the traditional yast module, the functionallity to change the registration server URI is required. Customers asked for this and are very happy, that we have this now in SLE11. So creating a new module which remove this feature again, is a step back. And also for the appliance only case we should think about adding this feature. How many customers using an appliance "feel good" to use an editor or an commandline tool to change the registration server URL to use its own SMT server? -- MFG Michael Calmer -------------------------------------------------------------------------- Michael Calmer SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg T: +49 (0) 911 74053 0 F: +49 (0) 911 74053575 - e-mail: Michael.Calmer@suse.com -------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
* Michael Calmer
Having the registration server configurable in a config file ? I fully agree.
Well,, for appliance, we do not have anything like 'installation parameter' to set up registration server. We need other means to provide easy way to adapt this during deployment.
For what is this web yast module? Only for appliances or should it replace (some day) the current (traditional) yast module?
Its solely for appliances. Thats where our current focus is. If and when it will replace the traditional yast module, I cannot say.
If it should replace the traditional yast module, the functionallity to change the registration server URI is required.
Absolutely.
So creating a new module which remove this feature again, is a step back.
Its not being removed, its just not exposed in WebYaST.
And also for the appliance only case we should think about adding this feature.
Agreed. Maybe WebYaST for SLE11 SP1 will add it. For now, lets stick with the needs (and requirements) of appliances. Once the WebYaST registration module is fully functional _and_ there's time left, we can add features. But not any earlier.
How many customers using an appliance "feel good" to use an editor or an commandline tool to change the registration server URL to use its own SMT server?
That's probably a question to product management. Currently, we have limited knowledge about our end users. Klaus --- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
* Stanislav Visnovsky
Having the registration server configurable in a config file ? I fully agree.
Well,, for appliance, we do not have anything like 'installation parameter' to set up registration server. We need other means to provide easy way to adapt this during deployment.
Hmm, maybe I misunderstand you here.
From my POV, the appliance vendor provides a set of configuration values for WebYaST, including the registration server. The end customer should not be bothered by this (and I fail to see the need for it either).
Klaus --- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
* Stanislav Visnovsky
[Oct 05. 2009 22:11]: Having the registration server configurable in a config file ? I fully agree.
Well,, for appliance, we do not have anything like 'installation
Hi, Am Dienstag, 6. Oktober 2009 09:57:43 schrieb Klaus Kaempf: parameter'
to set up registration server. We need other means to provide easy way to adapt this during deployment.
Hmm, maybe I misunderstand you here.
From my POV, the appliance vendor provides a set of configuration values for WebYaST, including the registration server. The end customer should not be bothered by this (and I fail to see the need for it either).
With SLMS, the ISV change the registration URL in suseRegister.conf and the appliance will register to the SLMS server of the ISV. But it is also a valid use case, that the cutomer is running a SMT server. So the customer needs a way to change the registration URL to its SMT server. -- MFG Michael Calmer -------------------------------------------------------------------------- Michael Calmer SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg T: +49 (0) 911 74053 0 F: +49 (0) 911 74053575 - e-mail: Michael.Calmer@suse.com -------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Hi, I just spoke with jdsn and tgoettlicher and the concerning the registration GUI we propose: * user enters just some registration credentials and sends them to the registration server * if the server certificate of the registration server or the certificate issuer is not found on the appliance the user gets an error page stating something like: "Certificate Problems - It is not sure that the server you are trying to contact can be trusted. To protect you from malicious software no update server is registered. Please contact your admin in order to check the certificate configurations." (or if admin is logged in, a link to certificate configuration can be shown). The fix of the error would be that the sys admin enters the certificate in the certificate management module. The proposed way avoids that users install insecure stuff on their machine because they just clicked away another annoying pop up. A proposal of registration module can be found at: http://w3.suse.de/~mschmidkunz/webyast_7/registration.html If used during first run workflow the buttons would be of course in wizard style. The system name should be an editable text entry and should be already filled with current host name. The system name is the name by which the system is represented in the Novell Customer Center. I think it is a nice and useful feature. Nonetheless I have two issues about that: * Should we make it more obvious to the user, what this credential means? e.g. tooltip? * Is it planned, that by "default" registering webYaST machines means that the system appears in the Novell Customer Center? Another issue is that we obviously don`t know exactly which credentials need to be provided to register successfully on a registration server. Therefore it might happen that after sending the form, the form is returned to the user representing previous entries plus new entry fields. This seems quite annoying but it seems to be the only solution since it is not known, which data is needed. Question is: do we want to stick with the solution? Another idea would be that by creating the appliance the registration details are set somehow (e.g. ISV 1 says, that he wants an email- address, a registration code and country to be in the form and ISV 2 would only choose only registration code). What do you think about that? Looking forward to your comments! Cu, Martin --- Martin Schmidkunz User Experience Specialist mschmidkunz@novell.com +49 (0) 911 740 53-346 --- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) --- Novell® Making IT Work As One™ -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
Hi, The outline/first draft of the vendor manual is now available under: http://docserv.suse.de/generated/books/WebYaST/webyast/ch05s02.html It will be updated once a day and I would like to ask you all to have a look at it and let me know what is missing. Many thanks, Florian -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
participants (5)
-
Florian Nadge
-
Klaus Kaempf
-
Martin Schmidkunz
-
Michael Calmer
-
Stanislav Visnovsky