[cap-talk] getting authorization from the user and the great insight
David Hopwood
david.hopwood at industrial-designers.co.uk
Fri Oct 5 13:07:34 EDT 2007
Karp, Alan H wrote:
> Jed wrote:
>>> Whether it's a good idea to "harvest" knowledge from user actions
>>> depends on what you mean by "harvest". In Jed's example, the action
>>> of drawing a line seems arbitrary and unrelated to authorization.
>> Exactly. Let me mention a few more. All the typing of
>> text in this message that I'm typing.
>
> Actually, typing in the window containing the text could be a good way
> to denote that you want to grant write authority to a file previously
> opened read only.
Yuck, no. It's far too easy to press a key accidentally when focus is on
the window. Better to have a "Edit this file" entry in the context menu
(the one obtained by clicking the window icon on the left of the title bar).
There are several other functions that need to be intermediated by the
trusted window system, such as the cut/copy/paste menu entries, and the
"Recent files" list. If they are moved to the context menu, then no
user confirmation is needed. If they are in a menu controlled by the
app, then I can't see any secure way to avoid a redundant confirmation.
--
David Hopwood <david.hopwood at industrial-designers.co.uk>
More information about the cap-talk
mailing list