- From: Maritza Johnson <maritzaj@cs.columbia.edu>
- Date: Sun, 31 Dec 2006 00:43:54 -0500
- To: W3 Work Group <public-wsc-wg@w3.org>
- Message-Id: <D4CADBC3-08D2-4E99-B20B-6C27FA0CB303@cs.columbia.edu>
A list of design principles extracted from the shared bookmarks in the wiki. General Design Principles: - Dialogues should not contain information which is irrelevant or rarely needed. - The user should be able to conveniently access more information as required by their level of experience. - The cues should be displayed consistently in location and across sites and browsers in an attempt to prevent spoofing and confusion of the user. - False positive warnings rapidly dilute warning usability. - False positives and negatives should be kept to a minimum to avoid degrading the user's level of confidence in the security cue. - The system should speak the user's language, with words, phrases and concepts familiar to the user, rather than system-oriented terms. Follow real-world conventions, making information appear in a natural and logical order. - Provide explanations, justifying the advice or information given. - Integrated security aligns security with user actions and tasks so that the most common tasks and repetitive actions are secure by default. Provides information about security state and context in a form that is useful and understandable to the user, in a non- obtrusive fashion. - When possible, safe staging should be used. Safe staging is “a user interface design that allows the user freedom to decide when to progress to the next stage, and encourages progression by establishing a context in which it is a conceptually attractive path of least resistance.” - Metaphor tailoring starts with a conceptual model specification of the security related functionality, enumerates the risks of usability failures in that model, and uses those risks to explicitly drive visual metaphors. - If a feature or cue is included in the design with the intention of improving some aspect of usability (learnability, better functionality through more information ...) it must be clear to the user the feature is available, and the action or process expected of the user must be clear by the way the feature is presented. - The visual cues presented to the user must represent the state/ action of the system in a way that is consistent with the actual state/action of the system to allow the user to create an accurate conceptual model. - The user must be aware of the task they are to perform. - The user must be able to figure out how to perform the task. - The user should be given feedback when the state of the security of a page is changed. Characteristics of the average user (is this what was meat by the assumptions section?) - Security is always a secondary goal, it is never the main focus of a user. - Users lack the knowledge that would help them make security decisions on the internet. This includes being unaware of security protocols and concepts, the meaning of current security cues, and the difference between the web content and the browser chrome. - A user has only a single locus of attention, a feature or an object in the physical world or an idea about which you are intently and actively thinking - Users can be visually deceived. - Users have bounded attention. - Users ignore warning signs, or reason them away. - Users rely on the content of a web page to make security decisions. - Users ignore warning signs, or reason them away. Can anyone think of any I've left out? Any suggestions for modifying the ones listed? - Maritza http://www.cs.columbia.edu/~maritzaj/
Received on Sunday, 31 December 2006 05:44:06 UTC