[cap-talk] Some good advice for disruptive technologies

[David Barbour]

On Sat, Jan 8, 2011 at 12:23 PM, James A. Donald <jamesd at echeque.com> wrote:
> "exposing capabilities to the user" is seldom a good idea, and
> "educating the user" means our UI is broken - the idea behind OS's
> modelled on capdesk is not to educate the user, but to ensure that the
> OS works as the user naively and innocently expects it to work.

I disagree.

Ka-Ping Yee offers some good principles for UI design [1]:

Path of Least Resistance
	Match the most comfortable way to do tasks with
	the least granting of authority.

Active Authorization
	Grant authority to others in accordance with user
	actions indicating consent.

Revocability
	Offer the user ways to reduce others' authority to
	access the user's resources.

Visibility
	Maintain accurate awareness of others' authority
	as relevant to user decisions.

Self-Awareness
	Maintain accurate awareness of the user's own
	authority to access resources.

Trusted Path
	Protect the user's channels to agents that manipulate
	authority on the user's behalf.

Expressiveness
	Enable the user to express safe security policies in
	terms that fit the user's task.

Relevant Boundaries
	Draw distinctions among objects and actions along
	boundaries relevant to the task.

Identifiability
	Present objects and actions using distinguishable,
	truthful appearances.

Foresight
	Indicate clearly the consequences of decisions that
	the user is expected to make.

[1] http://people.ischool.berkeley.edu/~ping/sid/

Capabilities can be leveraged to support a number of these principles,
including Expressiveness, Trusted Path, Self-Awareness, Visibility,
Revocability, Active Authorization, and Path of Least Resistance.

But none of these principles are well served if we just reinvent the
traditional desktop OS atop a capabilities system. We should also
rethink the user experience, develop user interfaces that directly
reflect capabilities held and keep users aware of which they are
sharing. This doesn't need to be obtrusive, but such principles
will certainly affect how applications are expressed and which
widgets would exist by default.

In addition to making users more aware of security issues, we
should leverage the greater composability of capabilities in order
to offer a more flexible user experience - i.e. with support for
service extensibility and application mashups, perhaps some
ability to bookmark and share views, and so on.

We might want to drop an icon representing some facet of a
service and drop that into your little messaging application. The
recipient could then interact with a service on your machine, at
least until you revoke the authority or destroy the service.

I believe our UIs should subtly educate us - turn the 'naive
and innocent' users into something more literate and
computer savvy. Greater flexibility and awareness would
go a long way in that direction.

Capdesk is a nice proof of expressiveness, but was not an
attempt to significantly improve the user experience.