- From: Mike Beltzner <beltzner@mozilla.com>
- Date: Thu Nov 02 14:44:00 2006
- To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: public-wsc-wg@w3c.org
Heh, I'll take donations of user feedback resources from wherever they might come. I know that the IBM Toronto Lab for Software Development has a great lab (I helped set it up when I worked there!) that we might be able to use, but I'm sure there are other resources as well. As for being an expert on HCI/UI: I don't have a PhD, but I've been working as a User Experience Designer for the past 7 years or so, and have a lot of contacts both in HCI research and in UI design, which are really two different fields. I feel strong in this particular form of the force, though I caution that I'm not the guy to draw the aesthetically pleasing mockups, I'm the guy to deliver the wireframes and the requirements, and help evaluate the iterations and comment on design proposals. In addition to / paired with a guy like me, what we need is a designer who can iterate around on the suggestions and comments that are distilled down into design requirements and deliver visualizations and mockups of potential designs. In my experience, this pairing has always been the most effective. A list of readings would be helpful, and I can start off a thread with links on that. I know some - but not all - of the references you just pointed out, but I bet Google can help me find the ones I'm missing. One last note about consistent terminology: I would hope that the user-facing terminology and presentations would never, ever, be based on abstract models, and would suggest that's how we got to where we are (ex: concepts like "signing"). I do see your point, though. My fear is that if one browser calls a SSL connection "encrypted" and another calls it "encoded" and yet another calls it "private" (all viable terms!) we'll be making it harder to build a lexicon that users can rely on when considering web security. cheers, mike -----Original Message----- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com> Date: Thu, 2 Nov 2006 08:35:42 To:beltzner@mozilla.com Cc:public-wsc-wg@w3c.org Subject: Re: control, data, users > I work in the field of HCI, and would agree that designs should be > tested early and often in front of real users to ensure that > assumptions about behaviour are well founded. With so many IBMers in > the group, perhaps we can get some donated time from their User > Centered Design groups to run some of these user feedback sessions. You think 2 is "so many"? Count the Citigroup contingent :-). More on the contentful stuff in more depth soon (I'm on vacation in Ann Arbor to see the RSC). Briefly - I don't know if we have a UI expert Brad. That's why I brought it up. Once all the Introductions are in, we'll know. (Reminder everyone, please do introduce yourself). And if we have a gap, we'll fill it. And I agree with the subtext from others; I hate the state machine analogy, but I do think stating baseline principles or hypotheses, which is where Phil went next, will be core to getting concensus and a foundation for our work. The concrete problems we'll solve are I believe part of the first charter item; the Note on use cases and scenarios to address. Mike, do you consider yourself a UI/HCI expert, or dabbler, or gate keeper? (I consider myself the last, which is not enough; we'll need at least one expert, and need to respect them). We need a list of required reading on what's gone on in this area. Brustoloni's work on alternative responses to SSL error states jumps out from the previous conversation on SSL certs. The Omnivore model of user risk assessment jumps out from the discussion of non-safety vs safety signals. I'm personally think my ACSAC keynote paper is brilliant, but I'm probably biased :-). And of course the O'Reilly Usable Security book is great, but it's too long to claim the whole thing is required. Like Mike, I think history of interactions has the biggest bang for the buck short term in this area. Unlike Mike, I'm suspicious of emphasizing consistent terminology. Obviously unmotivated inconsistency is a bad thing, but I worry that consistency will drive terms and models to a level of abstraction that is less usable then contextually motivated terms. I'm really pleased with the discussion so far. I'll work at structuring us soon, but don't want to cut off early position statements from all. Mez
Received on Thursday, 2 November 2006 14:44:00 UTC