[cap-talk] getting authorization from the user and the great insight

Ka-Ping Yee cap-talk at zesty.ca
Thu Oct 4 19:13:06 EDT 2007 

John Carlson wrote:
> My question is, is every action the user makes authorization?  For
> example, does drawing a line give the system authorization to change
> an image?  Or does opening the image give the user the authorization
> to draw a line?   What draws the line between something that requires
> authorization and what doesn't?  Or is authorization something that
> is inherent in the design?

I'll weigh in here.  Every action the user makes is a command.  In an
ideal design, commands and authorizations are the same thing.

For example, suppose you have a personal assistant who takes care of
things for you.  You say, "Please return these library books for me."
This is a command and also an authorization -- it is reasonable that
this authorizes your assistant to take possession of the library books,
since that is inherently required by the command.

Jed wrote:
> It seems to me that any effort to "harvest" all
> (or even only some not explicitly designated user
> actions) for authorizations is that it would create
> a seriously conflicted and confusing situation with
> regard to how users view their actions.  For example,
> I don't want to have to worry that drawing a line
> from one project icon to another in a project
> management program might inadvertently cause some
> potentially unwanted authorization to happen.

Whether it's a good idea to "harvest" knowledge from user actions
depends on what you mean by "harvest".  In Jed's example, the action
of drawing a line seems arbitrary and unrelated to authorization.
But what is the context of the action?  If the line represents a
relationship that inherently requires an access grant, triggering
authorization doesn't seem so farfetched.  What if the diagram is
a depiction of projects and subprojects, and drawing the line from
X to Y means that the purpose of subproject X is to achieve a
subgoal necessary to project Y?  Then perhaps the team working on
project Y should gain access to the documents in subproject X.

In other words, it all comes down to mental models.  It's not so much
whether "harvesting" is taking place as whether the authorization fits
the user's model of how interactions are being interpreted.


-- ?!ng

More information about the cap-talk mailing list