UsabilityNoRocketSci

From IIW

Usability without Rocket Science

Day 3, Session 2 (10:15 to 11:15), Meeting Location H

Participants

  • Tim Freeman
  • Richard M. Conlan
  • Bob Frankson
  • Charles Andres
  • Kenik Hassel
  • Pamela Dingle

Chronological notes (Charles Andres)

[as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]
  • RP= Relying Party - consumer of ID services
  • user interaction with an RP
  • 'voucher' without knowing your true Identity
  • at the edge of technology
  • have people aware of what is happening, and there are verifiable ceremonies
  • popular use
  • wanting to make it as friction free as possible


  • ceremony (quality of)
    • illusion
    • theatre
  • conceptual dissonance


  • Con Games
    • Nigerian Scam
    • Complex financial labyrinths that people can't fathom, will be fooled
  • TSA
    • security theatre


  • every-day experience
  • Usability is key, but lots of tool makers are not thinking about users

Why Are We in This Room

Pamela Dingle

runs an RP project
  • Rp is the face of infor cards
  • diverse set of user interfaces
  • need to define a set of expectations for peopple
  • make it easy for people to adopt best practices
  • make info cards real
  • The Pamela Project
    • open php frameworks, media wiki, expand to Drupal,
    • components that are easy to use from both admin and user perspective
    • what does it mean to see an information card (not cart)
    • how to make it easy to be invited into new paradigm

Kenik Hassel

Microsoft emerging businesses
  • prior usability
  • last 2 days -- what's happening
  • the tech savvy people are having problems getting this
  • tech has to be ready for joe sixpack

Charles Andres

Parity
  • make user-centric identity principles usable to everyone;
  • make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)

Bob Frankston

Bob Frankston
  • Multics
  • The more you reveal, the easier it is to be scammed
  • if you think you have a workable solution, you don't.
  • microsoft is a mechanism not an app solutions
  • spreadsheets are great ways to fool people

Rich Conlan

Google
  • Human computer i/f,
  • security,
  • better passwords
  • made a password selector with smiley face feedback mapped to happier:more secure
    • it did result in people choosing more-secure password forms
  • issues:
    • firewalls that prompt
    • bad SSL search

Tim Freeman

MedicAlert
  • usability and access management
  • 10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.
  • people in distress

Dennis Hamilton

  • Find a layer above diversity of protocols
  • reliable implementations
  • Doc Searls has the best sound bites to communicate the issues and where we need to go.

Noodling

  • Mistakes will be made
  • Card like interfaces couldn't happen too soon.
  • Can cards allow 'agents' to work on your behalf without you?
  • liability
  • unintended irreversable consequences

Reviewing the Ceremonial Stages

  • Registration - how to use a card
  • Authentication - how to subsequently use it efficiently
  • Condition handling -- geeky error messages - "Your certificate has expired"
  • quality of the info - actionable for the actor/reader
  • Choreography -- your dance must be in sync with your partner


  • mapping claim data - is data in the card relevant to the RP
  • trust is not transitive
  • faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.
  • What is the pragmatic aspect
    • social contexts
      • neighbors
      • nepotism -- more trustworthy (or the devil you know)
  • don't confuse intractable social problems with what can be solved with technology
  • Trust no one
  • Trust but verify
  • adhoc community effort -- work to influence everyone to get a common experience
  • consistent i/f as a differentiator
  • branding is often used to ensure standards and confidence
  • get together for specific protocols
    • write the info messages
    • notifications that can be sent to a user
    • similar messages from sites within a similar context
    • cultural issues
  • should the browser be the interpretive sum of the messages?
  • 404 - 'this is 'don't bother your pretty little head problem'
  • Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.
  • GE: 'make the error message as obtruse as possible to protect security"
  • When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.
  • Last 4 digits of the phone number
  • feeding into popular (mis)conceptions generate fear -- it's the user's fault.
  • attention into property
  • knowledge into property
  • identity into property
  • distinction needed between hijack and a breach
  • need to tell people how to be smart
  • dif rules for who is responsible for fraudulant credit card changes
    • US: bank has responsibility
    • not worldwide
    • leads to different responses and responsibilities
  • why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.