[cap-talk] Granting access to web services
Karp, Alan H
alan.karp at hp.com
Mon Feb 15 16:35:39 PST 2010
Mark Seaborn wrote:
* If we can ask multiple choice questions, we are avoiding yes-or-no "Is this OK?" security questions. The user is performing an act of designation, not merely confirmation. This aims to follow the "not one click for security" principle (to use the slogan from the title of the ScoopFS paper). Yes-or-no questions are usually bad because they do not offer the user a genuine choice.
In examining how we did that for SCoopFS, we identified four principles for "Making Policy Decisions Disappear into the User's Workflow," http://www.hpl.hp.com/techreports/2009/HPL-2009-341.html, which will appear as a Work-In-Progress at this year's CHI. The key contribution is to note that you need to make policy decisions appear in the application UI and provide affordances, e.g., buttons, to change those decisions.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20100216/f3e28c23/attachment.html
More information about the cap-talk
mailing list