UsabilityNoRocketSci
From IIW
Contents
Usability without Rocket Science
Day 3, Session 2 (10:15 to 11:15), Meeting Location H
Participants
- Tim Freeman
- Richard M. Conlan
- Bob Frankson
- Charles Andres
- Kenik Hassel
- Pamela Dingle
Chronological notes (Charles Andres)
- [as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]
- RP= Relying Party - consumer of ID services
- user interaction with an RP
- 'voucher' without knowing your true Identity
- at the edge of technology
- have people aware of what is happening, and there are verifiable ceremonies
- popular use
- wanting to make it as friction free as possible
- ceremony (quality of)
- illusion
- theatre
- conceptual dissonance
- Con Games
- Nigerian Scam
- Complex financial labyrinths that people can't fathom, will be fooled
- TSA
- security theatre
- every-day experience
- Usability is key, but lots of tool makers are not thinking about users
Why Are We in This Room
Pamela Dingle
- runs an RP project
- Rp is the face of infor cards
- diverse set of user interfaces
- need to define a set of expectations for peopple
- make it easy for people to adopt best practices
- make info cards real
- The Pamela Project
- open php frameworks, media wiki, expand to Drupal,
- components that are easy to use from both admin and user perspective
- what does it mean to see an information card (not cart)
- how to make it easy to be invited into new paradigm
Kenik Hassel
- Microsoft emerging businesses
- prior usability
- last 2 days -- what's happening
- the tech savvy people are having problems getting this
- tech has to be ready for joe sixpack
Charles Andres
- Parity
- make user-centric identity principles usable to everyone;
- make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)
Bob Frankston
- Multics
- The more you reveal, the easier it is to be scammed
- if you think you have a workable solution, you don't.
- microsoft is a mechanism not an app solutions
- spreadsheets are great ways to fool people
Rich Conlan
- Human computer i/f,
- security,
- better passwords
- made a password selector with smiley face feedback mapped to happier:more secure
- it did result in people choosing more-secure password forms
- issues:
- firewalls that prompt
- bad SSL search
Tim Freeman
- MedicAlert
- usability and access management
- 10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.
- people in distress
Dennis Hamilton
- Find a layer above diversity of protocols
- reliable implementations
- Doc Searls has the best sound bites to communicate the issues and where we need to go.
Noodling
- Mistakes will be made
- Card like interfaces couldn't happen too soon.
- Can cards allow 'agents' to work on your behalf without you?
- liability
- unintended irreversable consequences
Reviewing the Ceremonial Stages
- Registration - how to use a card
- Authentication - how to subsequently use it efficiently
- Condition handling -- geeky error messages - "Your certificate has expired"
- quality of the info - actionable for the actor/reader
- Choreography -- your dance must be in sync with your partner
- mapping claim data - is data in the card relevant to the RP
- trust is not transitive
- faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.
- What is the pragmatic aspect
- social contexts
- neighbors
- nepotism -- more trustworthy (or the devil you know)
- social contexts
- don't confuse intractable social problems with what can be solved with technology
- Trust no one
- Trust but verify
- adhoc community effort -- work to influence everyone to get a common experience
- consistent i/f as a differentiator
- branding is often used to ensure standards and confidence
- get together for specific protocols
- write the info messages
- notifications that can be sent to a user
- similar messages from sites within a similar context
- cultural issues
- should the browser be the interpretive sum of the messages?
- 404 - 'this is 'don't bother your pretty little head problem'
- Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.
- GE: 'make the error message as obtruse as possible to protect security"
- When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.
- Last 4 digits of the phone number
- feeding into popular (mis)conceptions generate fear -- it's the user's fault.
- attention into property
- knowledge into property
- identity into property
- distinction needed between hijack and a breach
- need to tell people how to be smart
- dif rules for who is responsible for fraudulant credit card changes
- US: bank has responsibility
- not worldwide
- leads to different responses and responsibilities
- why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.