S60 Open to new features

As I previously promised, here's an outline of a mockup for managing certificates while developing Symbian OS apps. The mockup will be most interesting to those who've already worked with Developer Certificates and have experienced first-hand the current process.

Background: PlatSec is a nice platform feature, but a pain for developers (Related discussion by Antony Pranata and Tommi's Apps Blog; The S60 Multimedia blog has a good overview of the signing process). Although we can't make the pain go away, we set out to draft a plan for how we could ease the pain at least a little bit. We took 2 days in July to analyze the problem -- and since we wanted a concrete proposal rather than yet another strategy slide, we decided to propose in the form of a UI prototype. Two prototypes were created: Certificate Manager and Capability Scanner.

On to the prototype...

---------------------

The intent of the Certificate Manager is to assist developers with certificate management and application signing. Currently we're thinking that Certificate Manager is released as a standalone app AND an Eclipse plug-in, that could then ship with Carbide.c++. Once again, here's a Disclaimer: There is currently no plan or commitment to implementing this functionality, into Carbide.c++ or otherwise. If you think it's important and useful, let us know.




Platform Security Certificate Manager -- Main View

(1) The main view displays the currently imported certificates & keys and their details. The list of keys + certificates is a representation of a physical folder, so syncing with a version control system should be easy. Click the image to zoom.

Create New starts a wizard for creating a new Verisign ACS Publisher ID or Symbian Signed Developer Certificate Request. This is explained in detail below -- Go to (2) and (4).
Import kicks off a wizard for importing keys, certificates, and certificate sets in what is essentially a .zip file. No details in this post, though I may post on this later.
Export allows exporting multiple keys as a certificate/key package (for sharing with another Carbide.c++ user), and the exporting individual keys. No details.
Delete removes the highlighted key/certificate. No details needed, I think.

(2) Create New allows the user to create a new certificate request for a Symbian Signed developer certificate and for a Verisign ACS Publisher ID. Go to (3).





(3) This is probably one of the most debatable parts of the wizard, since it doesn't actually do anything -- not exactly great SW design. However, the problem we observed was that being aware of the necessity of a Verisign ACS Publisher ID was only the first step, and knowing where to go for one was a problem (unless, of course, you've read the documentation, which is assuming a lot). This simply explains why it's needed, and where to go to get it (The verbiage will change on this one to contain more information). Finish --> Back to (2).




Creating a new Symbian Signed Developer Certificate request
There's a pretty well laid out app for creating Developer Certificate requests [download here] already available at www.symbiansigned.com. We approached the design task here as improving on the current wizard by eliminating a few manual steps, and bringing it into the context of the license manager.


(4) Pretty straightforward -- this allows us to describe DevCerts to any newcomers; experienced users will just hit Next to go to (5).




(5) The list shows the keys from the main view. Import opens another dialog that allows you to point to the .key and .cer files of a Verisign ACS Publisher ID or a key generated using the makekeys.exe utility. If you select a key and hit Next, the wizard goes to Capability Selection (7). Create New is (6).





(6) This is essentially a front-end to the makekeys.exe utility; hitting Next will generate the key and it will be visible as a new entry in the list of keys in the previous screen (5).




(7) Here, the user can select the desired capabilities. The red color is used to denote critical capabilities that require a more elaborate request procedure -- this is done in order to dscourage from selecting all options in the case that the user is new and is not aware of the implications of selecting, e.g. TCB capabilities (...The implication is, for most part, that you won't get the capability...) Clicking Next will bring up (8), (9) or (10).




(8) If any of the "red" capabilities are selected, a further reminder of the implications is displayed. It's one of those "Are you Really Really sure?" warning notes but it seems appropriate since it would imply that international flight reservations, lawyers, and long painful meetings are required to actually get the request approved. Continue goes to (10).




(9) Another non-apparent limitation of the platsec process: Certain (not "red") capabilities require that you have a Verisign ACS Publisher ID. Learning this way is easier than reading a document, I think. OK goes back to (7).




(10) The first time you reach this view, it'll be empty. Enter the IMEI code and add a description of the phone... There's a good reason for asking for a phone description, but I wonder if it would throw users at this point?
Import allows you to import a .csv or .xls file that has IMEIs and descriptions on rows, in case you have multiple IMEIs you're requesting. The codes are appended to the view.
Export saves a .csv file with all the IMEIs currently in the table.
Delete removes the selected row.
Next goes to (12).




(11) When you visit this screen again, all your IMEI codes from the previous session will still be there. Yet another limitation of PlatSec Developer Certificate requests is that if you're asking for sensitive features, you can only get one IMEI if you don't have a Verisign ACS Publisher ID. Therefore only one IMEI code can be selected, and other entries are grayed out. Next takes you to (12).
Note also row 20 -- if you enter more than 20 IMEIs, the UI will remind that you'll need device vendor approval. This behavior only makes sense if an ACS key is selected, but this should do for a mockup :-) Next goes to (12).





(12) Hitting Finish opens a "Save As" dialogue to save the request file.




...There. Time for a margarita. Have a fun weekend -- and then, let me know what you think.