[EROS-Arch] Re: [E-Lang] Interaction Design for End-User Security
Pascal J. Bourguignon
pjb@imaginet.fr
Sun, 18 Mar 2001 00:03:53 +0100 (CET)
> At 05:01 PM Friday 3/16/01, Ka-Ping Yee wrote:
> >As i'm sure you all realize, the user interface is critical since
> >it communicates intent, and it is only from an interpretation of
> >that intent that a meaningful definition of security is possible.
> >
> >Miriam Walker and i worked together on a paper last semester to
> >describe and apply a set of design principles for usable security.
> >Mark has encouraged me to post it here for review. Here it is:
> >
> > http://www.cs.berkeley.edu/~pingster/sec/project/
> >
> >We're very interested in your thoughts on the topic and look
> >forward to your comments on the paper.
I would add it's needed to discriminate icons as well as windows. The
applications must not be able to change the decoration of the window
set by the system. But in the same way, application must not be able
to control the whole icon. Icons could contain two parts (perhaps
partialy overlaping), one used by the system to discriminate the type
of underlying object (the one represented by the icon), and another
left free to the application.
+---------------+------------------+
| system area : |
| : |
| +---------|------------------+
| | | |
| | | |
| | | |
+.....----------+ |
| | |
| | |
| | |
| | |
| | |
| | |
| | application area |
+-----+----------------------------+
In current GUIs, it's all too easy to masquerade an application as a
document or folder by changing the icon, either the user of the
application itself.
--
____________Pascal_Bourguignon___________ (o_ Software patents are endangering
() Join the ASCII ribbon campaign against //\ the computer industry all around
/\ html email and Microsoft attachments. V_/ the world http://lpf.ai.mit.edu/
1962:"DO 20 I=1.100" 2001:"my($f)=`fortune`;" http://petition.eurolinux.org/