[cap-talk] Some good advice for disruptive technologies
dmbarbour at gmail.com
Sun Jan 9 01:40:10 PST 2011
On Sat, Jan 8, 2011 at 12:23 PM, James A. Donald <jamesd at echeque.com> wrote:
> "exposing capabilities to the user" is seldom a good idea, and
> "educating the user" means our UI is broken - the idea behind OS's
> modelled on capdesk is not to educate the user, but to ensure that the
> OS works as the user naively and innocently expects it to work.
Ka-Ping Yee offers some good principles for UI design :
Path of Least Resistance
Match the most comfortable way to do tasks with
the least granting of authority.
Grant authority to others in accordance with user
actions indicating consent.
Offer the user ways to reduce others' authority to
access the user's resources.
Maintain accurate awareness of others' authority
as relevant to user decisions.
Maintain accurate awareness of the user's own
authority to access resources.
Protect the user's channels to agents that manipulate
authority on the user's behalf.
Enable the user to express safe security policies in
terms that fit the user's task.
Draw distinctions among objects and actions along
boundaries relevant to the task.
Present objects and actions using distinguishable,
Indicate clearly the consequences of decisions that
the user is expected to make.
Capabilities can be leveraged to support a number of these principles,
including Expressiveness, Trusted Path, Self-Awareness, Visibility,
Revocability, Active Authorization, and Path of Least Resistance.
But none of these principles are well served if we just reinvent the
traditional desktop OS atop a capabilities system. We should also
rethink the user experience, develop user interfaces that directly
reflect capabilities held and keep users aware of which they are
sharing. This doesn't need to be obtrusive, but such principles
will certainly affect how applications are expressed and which
widgets would exist by default.
In addition to making users more aware of security issues, we
should leverage the greater composability of capabilities in order
to offer a more flexible user experience - i.e. with support for
service extensibility and application mashups, perhaps some
ability to bookmark and share views, and so on.
We might want to drop an icon representing some facet of a
service and drop that into your little messaging application. The
recipient could then interact with a service on your machine, at
least until you revoke the authority or destroy the service.
I believe our UIs should subtly educate us - turn the 'naive
and innocent' users into something more literate and
computer savvy. Greater flexibility and awareness would
go a long way in that direction.
Capdesk is a nice proof of expressiveness, but was not an
attempt to significantly improve the user experience.
More information about the cap-talk