me
UI Design review: Course structure section
by Sven Laux - Wednesday, 26 March 2014, 9:46 PM
 

Hi,

The initial designs for the course structure section of the authoring tool are done.

There are further user stories to add later on. However, I would like to ask for feedback. Please have a look at the designs here and leave your comments using the 'Comments' feature. There is a really handy 'arrow' tool, which allows you to point at the item on the screen you are referring to.

Please note, there isn't much annotation yet - these are simply user story click-throughs. We'll try and add more explanations during later sprints.

There is a front page, which links to:

  • the relevant requirements for this section
  • the key page (with example data)
  • the user stories, we have developed for the section (this won't be a complete list yet)

The development of the v0.1 scope will start on Tuesday 18th (i.e. very shortly). It's also worth noting that the designs include requirements way beyond the v0.1 scope. We wanted to make sure the designs would be able to accommodate future functionality without breaking the UI.

Thanks and I look forward to your feedback!
Sven

(Edited by Admin User - original submission Saturday, 15 March 2014, 10:14 AM)

Picture of Nicola Bamford
Re: Course structure designs review
by Nicola Bamford - Saturday, 15 March 2014, 3:22 PM
 

Hi Sven,

Have just gone through the mocks and added my comments.

Overall I think the mocks show a really clean, easy to use authoring tool.

Really looking forward to seeing the tool's diagnostic feature in action - and also looking to see how this looks across multiple devices.

Nicola

Picture of Dan Gray
Re: UI Design review: Course structure section
by Dan Gray - Thursday, 27 March 2014, 9:57 AM
 

Hi Sven

The designs are looking great. Everything looks really clear and easy to follow. Had a look from a security perspective and found the following.

I think the login process should have a maximum number of failed logins before the account login is locked. To prevent brute force attacks. The account could be unlocked by going through the reset password process or after a period of time (e.g. 1hour). Annoying I know but good security practice.

Have one concern regarding the forgot login data - step 4 a. Giving an error message 'email not found' allows for email enumeration.

The forgotten login endpoint suggests that the application is checking if the email was delivered successfully. If the application can check it also allows for email enumeration. It should have a generic 'Email has been sent' message.  This last one may be me misunderstanding the message.

Dan