Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Qt Selector Account UI"
(Added I18N requirement, reorganized headings, updated some images.) |
|||
| Line 7: | Line 7: | ||
The selector can optionally connect to an external [[Authentication Service 1.1]] for the purpose of gaining access tokens that it can use to access other selector supporting services such as the [[Attribute Service 1.1]], [[CardSynce Service 1.1]]. | The selector can optionally connect to an external [[Authentication Service 1.1]] for the purpose of gaining access tokens that it can use to access other selector supporting services such as the [[Attribute Service 1.1]], [[CardSynce Service 1.1]]. | ||
| − | == Case 1: User does not have account at authentication service:<br> == | + | == System Requirements == |
| + | |||
| + | *I18N - the system should be internationalized. All text strings and images should be externalized into resource bundles. | ||
| + | *L10N - while localization to multiple languages is not a requirement, initially implementing two languages would be a good way to check that the I18N was working. | ||
| + | |||
| + | == Use Cases == | ||
| + | |||
| + | === Case 1: User does not have account at authentication service:<br> === | ||
*Clicking <u>''Login Now''</u> switches to Case 2. | *Clicking <u>''Login Now''</u> switches to Case 2. | ||
*After Step 1, server sends the OTP password for serialized selector. | *After Step 1, server sends the OTP password for serialized selector. | ||
| − | *<u>''Continue without authorization code''</u> creates the account in the "non-serialized" mode (does not require enrollment of selectors). | + | *<u>''Continue without authorization code''</u> creates the account in the "non-serialized" mode (does not require enrollment of selectors). |
*'''Passphrase''' is used to locally create an encryption key, for instance by means of [http://en.wikipedia.org/wiki/PBKDF2 PBKDF2]. It is not sent to the Auth service. Alternatively, if the '''Password''' is not know to the auth service (i.e., only proof of it is known), then the '''Password''' can be used to locally create an encryption key, and the Passphrase is not necessary. | *'''Passphrase''' is used to locally create an encryption key, for instance by means of [http://en.wikipedia.org/wiki/PBKDF2 PBKDF2]. It is not sent to the Auth service. Alternatively, if the '''Password''' is not know to the auth service (i.e., only proof of it is known), then the '''Password''' can be used to locally create an encryption key, and the Passphrase is not necessary. | ||
| Line 23: | Line 30: | ||
<br> | <br> | ||
| − | == Case 2: User has account at auth service.<br> == | + | === Case 2: User has account at auth service.<br> === |
*Clicking <u>''Sign up for Account''</u> switches to Case 1. | *Clicking <u>''Sign up for Account''</u> switches to Case 1. | ||
| Line 38: | Line 45: | ||
[[Image:Authorize-step2.png]] | [[Image:Authorize-step2.png]] | ||
| − | == Case 3: Selector previously configured<br> == | + | === Case 3: Selector previously configured<br> === |
*If the device is not logged-in, but it does have one or more saved usernames, this should be the screen that is first shown to the user. | *If the device is not logged-in, but it does have one or more saved usernames, this should be the screen that is first shown to the user. | ||
| Line 47: | Line 54: | ||
[[Image:Login.png]]<br> | [[Image:Login.png]]<br> | ||
| − | == Case 4: Forgot Password == | + | === Case 4: Forgot Password === |
*Clicking <u>''Sign up for Account''</u> switches to Case 1. | *Clicking <u>''Sign up for Account''</u> switches to Case 1. | ||
| Line 54: | Line 61: | ||
[[Image:Forgot-password.png]] | [[Image:Forgot-password.png]] | ||
| − | [[Image:Forgot-password-2.png]] | + | [[Image:Forgot-password-2.png]] |
| − | == Case 5: Manage Selectors<br> == | + | === Case 5: Manage Selectors<br> === |
*This is from a logged-in session in the selector. | *This is from a logged-in session in the selector. | ||
| Line 73: | Line 80: | ||
[[Image:Accounts-devices-disabled.png|700px]] | [[Image:Accounts-devices-disabled.png|700px]] | ||
| − | *While the initial account setup collects one email address, this screen allows the user to add/remove additional email addresses. It could be expanded to support other contact points (SMS, voice phone, etc. in the future) | + | *While the initial account setup collects one email address, this screen allows the user to add/remove additional email addresses. It could be expanded to support other contact points (SMS, voice phone, etc. in the future) |
| − | *Status column shows if an email has been entered but not confirmed, confirmed (user entered correct OTP), or bounced (server recieved hard bounce when sending an OTP. | + | *Status column shows if an email has been entered but not confirmed, confirmed (user entered correct OTP), or bounced (server recieved hard bounce when sending an OTP. |
*Entering a new email or clicking '''Send Confirmation Message '''sends a new OTP to the user - for instance, if they have adjusted their SPAM filter after not getting the initial message, or if the initial message expired. Since this process is just proving control of an an email, and not a specific selector, the feedback of this OTP to the Auth service can be via a web page - i.e., just click a link in the email to confirm. Alternatively, we could present a UI in the selector similar to Step 2 of Case 1 or Case 2. | *Entering a new email or clicking '''Send Confirmation Message '''sends a new OTP to the user - for instance, if they have adjusted their SPAM filter after not getting the initial message, or if the initial message expired. Since this process is just proving control of an an email, and not a specific selector, the feedback of this OTP to the Auth service can be via a web page - i.e., just click a link in the email to confirm. Alternatively, we could present a UI in the selector similar to Step 2 of Case 1 or Case 2. | ||
| − | [[Image:Accounts-settings.png|700px]] | + | [[Image:Accounts-settings.png|700px]] |
== See Also == | == See Also == | ||
*[[Qt Selector 1.1 UI]] | *[[Qt Selector 1.1 UI]] | ||
Revision as of 08:14, 27 October 2009
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
This page is to contain mockups and description of the Account Selector UI.
Contents
Background
The selector can optionally connect to an external Authentication Service 1.1 for the purpose of gaining access tokens that it can use to access other selector supporting services such as the Attribute Service 1.1, CardSynce Service 1.1.
System Requirements
- I18N - the system should be internationalized. All text strings and images should be externalized into resource bundles.
- L10N - while localization to multiple languages is not a requirement, initially implementing two languages would be a good way to check that the I18N was working.
Use Cases
Case 1: User does not have account at authentication service:
- Clicking Login Now switches to Case 2.
- After Step 1, server sends the OTP password for serialized selector.
- Continue without authorization code creates the account in the "non-serialized" mode (does not require enrollment of selectors).
- Passphrase is used to locally create an encryption key, for instance by means of PBKDF2. It is not sent to the Auth service. Alternatively, if the Password is not know to the auth service (i.e., only proof of it is known), then the Password can be used to locally create an encryption key, and the Passphrase is not necessary.
- Authorization Code is the OTP sent to the user
- Device Name is a user-chosen name for this device. It would be nice to allow spaces in the names. Device Name must be unique for the user account.
Case 2: User has account at auth service.
- Clicking Sign up for Account switches to Case 1.
- Clicking forgot password? initiates the password reset flow.
- If the selector was downloaded directly from a logged-in session at the Auth service, the Username field would be pre-filled. The password would still need to be entered.
- In this case, if the account is already "serialized", they get the Step 2 screen, below.
- If the account is not "serialized" then there is no step 2 - they just are connected.
Case 3: Selector previously configured
- If the device is not logged-in, but it does have one or more saved usernames, this should be the screen that is first shown to the user.
- Username is a pick list of all usernames that are authorized and "remembered" on this device.
- Clicking Add another username switches to Case 2.
- Clicking forgot password? initiates the password reset flow.
Case 4: Forgot Password
- Clicking Sign up for Account switches to Case 1.
- Upon clicking Next, the server sends an OTP to the all the registered contact points (just email for now, but in the future it could include SMS, phone, etc.).
Case 5: Manage Selectors
- This is from a logged-in session in the selector.
- The My Devices tab shows a list of devices that are authorized to connect to the account.
- Device Name is what the user entered in Step 2 of Case 1 or Case 2.
- If the account is not "serialized", then this screen is shown for the My Devices tab.
- While the initial account setup collects one email address, this screen allows the user to add/remove additional email addresses. It could be expanded to support other contact points (SMS, voice phone, etc. in the future)
- Status column shows if an email has been entered but not confirmed, confirmed (user entered correct OTP), or bounced (server recieved hard bounce when sending an OTP.
- Entering a new email or clicking Send Confirmation Message sends a new OTP to the user - for instance, if they have adjusted their SPAM filter after not getting the initial message, or if the initial message expired. Since this process is just proving control of an an email, and not a specific selector, the feedback of this OTP to the Auth service can be via a web page - i.e., just click a link in the email to confirm. Alternatively, we could present a UI in the selector similar to Step 2 of Case 1 or Case 2.
