W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: [Content Security Policy] Usability?

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Mon, 31 Jan 2011 19:16:27 -0500
Message-ID: <AANLkTimRB2r91sYm7vroZ2=hqdLZrSHD_GeMtvK8vo0o@mail.gmail.com>
To: Terri Oda <terri@zone12.com>
Cc: gaz Heyes <gazheyes@gmail.com>, Brandon Sterne <bsterne@mozilla.com>, public-web-security@w3.org
On Sun, Jan 30, 2011 at 2:03 PM, Terri Oda <terri@zone12.com> wrote:
> Does that sound reasonable?  I'd love suggestions from those more
> experienced in usability study design, but this could be ok for a first pass
> where we grab a few folk and try to see what other questions we should be
> asking.  We can see if people actually do create policy with weird syntax
> because they mis-understand, or whether it's actually fairly easy for new
> users to create policies.

I have no experience with usability study design, but your proposed
study looks like it would take a couple of hours to do.  If we're just
grabbing random acquaintances of ours, as opposed to paying people to
take it, that's a bit much.

Also, I'm dubious about making the first step "read the spec" --
that's not how real-world authors learn things.  Maybe it would make
more sense to just give them an existing policy and ask them to make
particular changes (with access to Google), since almost everyone
learns stuff mostly by copy-paste.
Received on Tuesday, 1 February 2011 00:17:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 1 February 2011 00:17:21 GMT