Re: control, data, users from Mary Ellen Zurko on 2006-11-02 (public-wsc-wg@w3.org from November 2006)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Thu, 2 Nov 2006 08:35:42 -0500
To: "Mike Beltzner <beltzner" <beltzner@mozilla.com>
Cc: public-wsc-wg@w3c.org
Message-ID: <OFB67BCD45.ED7D6CD4-ON8525721A.0049939C-8525721A.004AAE8D@LocalDomain>

> I work in the field of HCI, and would agree that designs should be 
> tested early and often in front of real users to ensure that 
> assumptions about behaviour are well founded. With so many IBMers in 
> the group, perhaps we can get some donated time from their User 
> Centered Design groups to run some of these user feedback sessions.

You think 2 is "so many"? Count the Citigroup contingent :-). 

More on the contentful stuff in more depth soon (I'm on vacation in Ann 
Arbor to see the RSC). 

Briefly - 

I don't know if we have a UI expert Brad. That's why I brought it up. Once 
all the Introductions are in, we'll know. (Reminder everyone, please do 
introduce yourself). And if we have a gap, we'll fill it. And I agree with 
the subtext from others; I hate the state machine analogy, but I do think 
stating baseline principles or hypotheses, which is where Phil went next, 
will be core to getting concensus and a foundation for our work. The 
concrete problems we'll solve are I believe part of the first charter 
item; the Note on use cases and scenarios to address. 

Mike, do you consider yourself a UI/HCI expert, or dabbler, or gate 
keeper? (I consider myself the last, which is not enough; we'll need at 
least one expert, and need to respect them). 

We need a list of required reading on what's gone on in this area. 
Brustoloni's work on alternative responses to SSL error states jumps out 
from the previous conversation on SSL certs. The Omnivore model of user 
risk assessment jumps out from the discussion of non-safety vs safety 
signals. I'm personally think my ACSAC keynote paper is brilliant, but I'm 
probably biased :-). And of course the O'Reilly Usable Security book is 
great, but it's too long to claim the whole thing is required. 

Like Mike, I think history of interactions has the biggest bang for the 
buck short term in this area. 

Unlike Mike, I'm suspicious of emphasizing consistent terminology. 
Obviously unmotivated inconsistency is a bad thing, but I worry that 
consistency will drive terms and models to a level of abstraction that is 
less usable then contextually motivated terms. 

I'm really pleased with the discussion so far. I'll work at structuring us 
soon, but don't want to cut off early position statements from all.
        Mez

Received on Thursday, 2 November 2006 13:35:57 UTC