Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse-pmc] Re: Request for API addition in extension for security for 3.4


The proposed patch is attached to the bug report:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=230242#c14

The patch actually combines two requests for UI improvement as they have very similar implementation.

Both code change and API change are simple and don't add new risks. The API change consists of adding an optional attribute and an optional list of hints to the password provider extension point.

The list of hints could be extended in future to provide even better UI experience for the users of the Equinox secure storage.

While I don't consider this enhancement as a "must have for 3.4", there is no doubt that it significantly improves user experience then dealing with this part of the product.

Sincerely,
Oleg Besedin



Mike Wilson/Ottawa/IBM

05/06/2008 01:31 PM

To
Kevin McGuire/Ottawa/IBM@IBMCA
cc
eclipse-pmc@xxxxxxxxxxx, Martin Aeschlimann/Zurich/IBM@IBMCH, Oleg Besedin/Ottawa/IBM@IBMCA
Subject
Re: Request for API addition in extension for security for 3.4Link




I'd like to see a patch attached to the bug that shows the required changes.

McQ.


From: Kevin McGuire/Ottawa/IBM
To: eclipse-pmc@xxxxxxxxxxx
Cc: Mike Wilson/Ottawa/IBM@IBMCA, Oleg Besedin/Ottawa/IBM@IBMCA, Martin Aeschlimann/Zurich/IBM@IBMCH
Date: 05/06/08 11:50 AM
Subject: Request for API addition in extension for security for 3.4




Dear PMC,

As part of UI cleanup for the new security work for 3.4, we'd like to request the following API addition:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=230242  [sec] Add hints describing capabilities of the password providers

Explanation:

This is a hint to the UI so that we can avoid a pointless and confusing wizard for password change: if the password provider is the OS, the wizard does nothing of value, but the security UI doesn't know enough about each provider to avoid the wizard in the first place.  Below are screen shots of what the user sees in this case.  The flag would inform the security framework that the provider doesn't prompt for passwords, therefore this wizard has no utility and the triggering action can be disabled. The proposed extension leaves open the future possibilities of other UI hints but only the one is needed for 3.4.

Risk:

The coding changes are easy/straightforward.  There's no risk of breakage.  


Importance:

Presently for OS providers (the majority of real world cases in 3.4), the password prompt just looks like a bug and is likely to be the source of great confusion from the community, as well as support time from us.  In addition it lacks the level of polish we expect from the SDK.  Security is new for 3.4 and adding the flag now inceases the chance that 3rd party providers will annotate their password providers accordingly.

This is what the user sees currently for WinXP OS security provider (the default):









Back to the top