ACTION-660: Input to BP2, on User Awareness and Control from Sullivan, Bryan on 2008-02-14 (public-bpwg@w3.org from February 2008)

From: Sullivan, Bryan <BS3131@att.com>
Date: Thu, 14 Feb 2008 14:31:42 -0800
To: "BPWG-Public" <public-bpwg@w3.org>
Message-ID: <8080D5B5C113E940BA8A461A91BFFFCD05D93FEF@BD01MSXMB015.US.Cingular.Net>

Hi all,

This is one of a series of emails addressing ACTION-660. This thread
will address the requirements and recommendations for User Awareness and
Control in BP2.

Here is the current editor's draft text in the Requirements (2) and Best
Practice Statements (5) sections:
+++++
2.3 User awareness and control 
Applications should ensure the user is aware of sensitive functions,
i.e. that may affect the service experience, and is offered some options
for user control.

5.3 User awareness and control 
Users should be informed if applications will make automatic data
requests that can impact service cost.

Users should be informed of impacts to device memory (for application
code and data) due to installation and use of applications.

Users should be informed about the types of personal information (data
or contextual information, e.g. location) that will be used by the
application, and exchanged over network connections.

Informational notices should be provided during application selection,
install, on first runtime, or first use of sensitive functions.

Informational notices should provide an estimate of the impact so the
user can determine its significance.

Users should be given easy-to-use controls to personalize application
behavior, e.g.
- Configure automatic operations, e.g. content update schedules 
- Manage data memory use 
- Select privacy/security options

If user control over sensitive application functions is not provided,
users should be given the chance to opt-out for the function, or to
terminate the application.

User control preferences should be saved by the application to avoid the
need to reenter them each time the application is used.
+++++

[bryan] These recommendations address how informed the user is over the
consequences of application use, and how much in control they are for
sensitive functions. Providing user information and control is a
balancing act between simplicity of use (e.g. don't overburden the user
with information and control responsibilities) and protection. The
method and timing of notices is less important (overall) that the basic
assurance of them being provided, but the usability impacts will
nonetheless prompt specific method/timing guidelines re "how to do it".
One facet is the ability for applications to gain unprompted access to
network/data API's through the applications being signed by a trusted
authority, which can improve the usability aspects but should not
totally circumvent notice requirements. Some of these recommendations
may require usability-focused guidelines on how to do it, e.g. how to
estimate impact in ways the average user can understand. We welcome
suggestions for other recommendations in this area.

Best regards,
Bryan Sullivan | AT&T

Received on Thursday, 14 February 2008 22:32:41 UTC