Re: control, data, users from Brad Porter on 2006-11-01 (public-wsc-wg@w3.org from November 2006)

From: Brad Porter <brad@tellme.com>
Date: Wed, 01 Nov 2006 10:49:38 -0800
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, public-wsc-wg@w3c.org
Message-ID: <4548EC42.7050400@tellme.com>
Do we have user interface design or usability expertise in the group or 
access to that expertise?  I agree that user acceptance and behavior are 
difficult points for consensus.  I like Phillip's model and would 
suggest it is a fine abstract model to be begin with.  That said, it is 
a very CS-centric model (as much as I've tried, I still find it 
difficult to model my Mom as a finite state machine.)  In my opinion, 
there's still nothing that beats concrete user observation and feedback.

I also wonder if we have a concrete list of states/tasks/problems/UI 
capabilities that we want to focus on first?  As immensely enjoyable as 
abstract framework discussions can be, nothing generates shared 
understanding faster than concrete problems.

--Brad


Hallam-Baker, Phillip wrote:
> Picking up on the comments by Mez.
>  
> Before we do experiments we need a theory. We are not testing the 
> usability of specific browsers, we are testing a theory of usability.
>  
> If we are to have a theory we need to start from a model.
>  
> My model of the user is a finite state machine that is attempting to 
> complete a task. My first theory is that the more states and the more 
> environmental variables we require in the state machine the worse the 
> usability will be. My second theory is that the harder it is for the 
> user to determine which state they are in the harder it will be. In 
> particular if there is a mismatch between the semantics that a signal 
> is assumed to have (this page is safe) and those that it actually has 
> (the transport was encrypted).
>  
> For example we are all familiar with the dialogue box that pops up the 
> first time we navigate from a secure to an insecure page and the box 
> that comes up when a page has mixed secure/insecure content. I believe 
> that both boxes are crutches, security theatre to give the semblance 
> of security while admitting that they are a fraud.
>  
> If the transition matters it should always be apparent to the user 
> which state they are in. Even if the user leave the dialogue boxes on 
> they cannot be expected to remember what they mean. Instead of telling 
> me that there is a mixture of secure and insecure content just don't 
> tell me that the page is 'secure'.
>  
> Hypothesis: Any warning dialogue that contains the clickbox 'do not 
> show this warning again' indicates a broken security design as well as 
> a broken usability design.
>  
> Hypothesis: It is possible to design a user interface that provides 
> the user with the information they need without transitional dialogue 
> boxes.
>  
>
>     ------------------------------------------------------------------------
>     *From:* Mary Ellen Zurko [mailto:Mary_Ellen_Zurko@notesdev.ibm.com]
>     *Sent:* Wednesday, November 01, 2006 9:25 AM
>     *To:* Hallam-Baker, Phillip
>     *Cc:* public-wsc-wg@w3c.org
>     *Subject:* control, data, users
>
>
>     One of the topics I want to bring up here and at the f2f is how
>     we'll deal with the issue of level setting around and agreeing on
>     user acceptance and behavior. It's my belief that this will be one
>     of the biggest difficulties in coming to concensus; how we'll
>     agree about usability and users. It would be optimal if we could
>     do some actual user studies, although that wouldn't cover "users
>     learn" types of arguments. Something to think about, and I
>     appreciate all thoughts on that topic.
>
>     As a side note, I would like to encourage folks to discuss any of
>     the items on the agenda of the f2f beforehand on the email list,
>     particularly if they have input and might not make it.
>
>               Mez
>
>     Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
>     Lotus/WPLC Security Strategy and Patent Innovation Architect
>
>
>
>     *"Hallam-Baker, Phillip" <pbaker@verisign.com>*
>     Sent by: public-wsc-wg-request@w3.org
>
>     10/31/2006 12:28 PM
>
>     	
>     To
>     	Timothy Hahn/Durham/IBM@IBMUS, <public-wsc-wg@w3c.org>
>     cc
>     	
>     Subject
>     	RE: Greetings
>
>
>
>     	
>
>
>
>
>
>     The term 'frustrated by the various "artifacts"' reminded me that
>     there is another important issue here, the insecure clutter that
>     is getting stuffed into browsers without thought for the security
>     issues.
>      
>     For example, favicons have been spreading quickly. But there is no
>     bar to having a favicon that looks like a padlock icon. It is
>     pretty easy to create a favicon that makes a page appear to use SSL.
>      
>     We need to have a clear distinction between control and data.
>     Users should be able to trust the browser to display content in
>     the content window and restrict the chrome area to data that is
>     trustworthy.
>      
>     For years people have been telling me that 'users want' flash
>     animations, etc. that can make whatever use of the user's screen
>     they choose. Now the same people tell me to use Firefox pretty
>     much because of what it does not allow.
>      
>     The control bar on my broswer belongs to me, it should not be
>     possible for a content provider to disable it.
>      
>     We have a 'stop downloading' button. Why can't I click that to
>     stop the execution of Javascript &ct. on a page?
>      
>      
>     Clearly it will take time to get from where we are to where we
>     want to be. But it would be nice if there was at least a clickbox
>     that would enable a single comprehensive set of browser
>     configurations that is secure and repeatable. Ad hoc constraints
>     on javascript are creating as much of a problem as the early spam
>     filters that kicked out 10% false positive. If the set of
>     capabilities was predictable and detectable content providers
>     would be much better off.
>      
>
>     ------------------------------------------------------------------------
>     *From:* public-wsc-wg-request@w3.org
>     [mailto:public-wsc-wg-request@w3.org] *On Behalf Of *Timothy Hahn*
>     Sent:* Tuesday, October 31, 2006 10:10 AM*
>     To:* public-wsc-wg@w3c.org*
>     Subject:* Greetings
>
>
>     Hello!
>
>     My name is Tim Hahn and I am looking forward to working with this
>     group.
>
>     I have been somewhat frustrated by the various "artifacts" which
>     different HTTP clients/browsers use to convey whatever
>     security-related information has been sent from HTTP servers to
>     which the browser is connected.  The current state-of-the-art
>     seems to be more annoying to users than informative, and even for
>     security professionals can be confusing to interpret.
>
>     I have worked for IBM for 16 years as a developer, designer,
>     architect, and strategist.  I have been working on several of
>     IBM's directory and security-related product offerings for over 10
>     years, dating back to Distributed Computing Environment, through
>     LDAP directory services, and currently on authentication, access
>     control, and identity management product offerings.  I have
>     participated in several standards bodies in the past including
>     DMTF and IETF working groups.
>
>     I am looking forward to meeting all of you, either in person in
>     NYC or on the list.
>
>     Regards,
>     Tim Hahn
>
>     Internet: hahnt@us.ibm.com
>     Internal: Timothy Hahn/Durham/IBM@IBMUS
>     phone: 919.224.1565     tie-line: 8/687.1565
>     fax: 919.224.2530
>
Received on Wednesday, 1 November 2006 18:50:15 UTC