[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Revised Matched Values Draft

To: "Lloyd, Alan" <Alan.Lloyd@ca.com>, ietf-ldapext@netscape.com
Subject: RE: Revised Matched Values Draft
From: "David Chadwick" <d.w.chadwick@salford.ac.uk>
Date: Wed, 12 Jul 2000 13:32:35 +0100
Cc: ietf-ldapext@netscape.com
In-reply-to: <11981F9F5649D411BC92009027D0D18C54B238@aspams01.cai.com>
Organization: University of Salford


> David - Yes a case can always be made for something - In fact in my
> early days in manchester (ICL) we designed machines and systems that
> had 600 + User features on their screens - But in operational reality
> mode - in a real survey , it said that the human users only used 15%
> of these features because they did not understand the rest...
> 

I agree. Same goes for Word and other general purpose 
applications. However, different types of clients will need different 
features. I would not expect a PKI LDAP client to be the same as a 
general browse client (and indeed it is not in Netscape for example)

> In these cases with complex filters - one relies on the user to have a
> lot of pre and detailed knowledge.. 

No, it should be the user interface that has the knowledge, not the 
user. So for example, I retrieve an attribute and the interface does 
not understand it, but the interface knows how to construct a search 
to fetch the single schema definition. This could even be done 
automatically without any user intervention. It is not necessarily an 
engineer that uses this feature. Or, I want to fetch an encryption 
certificate to send an email, so, the interface software knows hows 
to construct the search operation, but has a very simplified screen 
display to the user.

Ultimately, you cannot escape from the user interface having to 
know about the directory schema. You client (Dxplorer - still one of 
the best on the market to my mind, and free at that) has the 
complete X.501 schema built into it and can be configured to know 
about more elements. However what it is missing in Dxplorer is 
knowing for example that ordering matching is not applicable to 
telephone numbers or titles. It allows the user to try these out and 
get an error from the server. So an enhanced Dxplorer would know 
that when I am searching for a certificate that certificateExactMatch 
and certificateMatch should be used and bring up an appropriate 
display for this. All the user needs to know is
i) I want to find a certificate
ii) the display shows me the types I can search for
iii) the display optionally asks me about validity periods
iv) the display optionally asks me which CA I am interested in etc. 
etc.

The point is, the user does not need to know the schema, the client 
software does, and it should guide the user through this.

David

***************************************************

David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351  Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page  http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J

***************************************************

References:
- RE: Revised Matched Values Draft
  - From: "Lloyd, Alan" <Alan.Lloyd@ca.com>

Prev by Date: password policy I-D
Next by Date: Re: I-D ACTION:draft-ietf-pkix-ldap-schema-00.txt
Index(es):
- Chronological
- Thread