Re: ISSUE-28: [Policy] Requirement for NO security prompting [Security Policy Framework General]


This issue is whether the user is presented with a single security decision
>> that covers multiple operations, or independent prompts for individual
>> operations. Blanket authorisation for an application to use multiple APIs,
>> as often as required, eliminates run-time prompts but also may leave the
>> user without the context required to make a meaningful security decision.
>> Also, a user may not be prepared to give blanket approval for a certain
>> operation but may instead wish to give permission in specific circumstances
>> on
> is this related to the question of whether the user responds to a security
> decision or whether they indicate what they wish to achieve, that takes into
> account various security decisions? In other words, what is the appropriate
> question to the user - e.g. do you wish to tag photo with location (and do
> what is needed) could be the type of question as opposed to explicit
> security questions.

I was thinking of tlr's post:

So yes, a more meaningful question, or context as to why a specific
permission is being requested, may satisfy the user so that he will give
more wide-ranging permission than he would be happy with otherwise.

Thanks - Paddy

Received on Wednesday, 21 October 2009 13:51:33 UTC