[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

awareness + flexibility + security

From: Marcus Brinkmann
Subject: awareness + flexibility + security
Date: Tue, 08 Nov 2005 19:00:23 +0100
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI)


this is intended as a first cut to what a computer system should look
like from a user's perspective.  Maybe some of this can be the basis
for some design principles.  I am not as quick as Bas with listing
design goals :) so I apologize for the slowness in which these ideas
are developed.

I think I have identified three requirements for users:

Awareness, Security, Flexibility

Awareness: The user must know what the operations are he can perform
in the operating system.  He must also know about their consequences
and relevant side effects, and what the possible results are.  At any
point where the system can not make the right decision automatically,
the user must have the ability to influence the path chosen.

 | Awareness means that the user knows what happens. |

Security: The user must be sure that his actions have predictable
consequences, even in the presence of actively hostile influence.  If
there is a component in the system that the user can not control, the
user must be able to contain its impact, either by simply ignoring it
(shielding), or by imposing restrictions (confinement).

 | Security means that the user controls what        |
 | can happen _to_ his resources.                    |

Flexibility: The user must have a range of options available that
support him to achieve an arbitrary but well-defined goal that can be
stated within the legitimate resources the user controls.

 | Flexibility means that the user controls what     |
 | can happen _with_ his resources.                  |

For me, Awareness is a requirement for both, security and flexibility.
The options that are presented to the user must be meaningful and
clear to him.  Otherwise, how is he in a position to make a decision
where the system can't?  This does not mean that the user must be
aware of every detail that goes on, but he must be aware of the
higher-level consequences of all actions (and non-actions) that he

I don't know about you, but everytime some dialog box in an
application I use for the first time asks me if I want to
babble-gabble the froob through the bibskadenga, I just click on the
biggest of the buttons presented, or the one with the nicest color,
and hope for the best.  So, "Awareness" is just a basic usability

Security ensures that the action the user can undertake never have so
dramatic consequences that the user loses control over his session and
associated resources, at least not without explicitely and consciously
requesting it (note that Awareness is required here).

A flexible system will not achieve these goals simply by restricting
the users ability to perform his tasks.  It will offer the broadest
range of alternatives possible, without compromising the other goals.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]