UsabilityNoRocketSci

=Usability without Rocket Science=

Day 3, Session 2 (10:15 to 11:15), Meeting Location H

Participants

 * Dennis Hamilton


 * Tim Freeman


 * Richard M. Conlan


 * Bob Frankson


 * Charles Andres


 * Kenik Hassel


 * Pamela Dingle

Chronological notes (Charles Andres)

 * [as we free-associated ourselves through the session, Charles recorded the notions that were tossed in as they where lofted onto the white board and around the table.]


 * RP= Relying Party - consumer of ID services


 * user interaction with an RP


 * 'voucher' without knowing your true Identity


 * at the edge of technology


 * have people aware of what is happening, and there are verifiable ceremonies


 * popular use


 * wanting to make it as friction free as possible


 * ceremony (quality of)
 * illusion
 * theatre


 * conceptual dissonance


 * Con Games
 * Nigerian Scam
 * Complex financial labyrinths that people can't fathom, will be fooled


 * TSA
 * security theatre


 * every-day experience


 * Usability is key, but lots of tool makers are not thinking about users

Pamela Dingle

 * runs an RP project


 * Rp is the face of infor cards
 * diverse set of user interfaces
 * need to define a set of expectations for peopple
 * make it easy for people to adopt best practices
 * make info cards real


 * The Pamela Project
 * open php frameworks, media wiki, expand to Drupal,
 * components that are easy to use from both admin and user perspective
 * what does it mean to see an information card (not cart)
 * how to make it easy to be invited into new paradigm

Kenik Hassel

 * Microsoft emerging businesses


 * prior usability
 * last 2 days -- what's happening
 * the tech savvy people are having problems getting this
 * tech has to be ready for joe sixpack

Charles Andres

 * Parity


 * make user-centric identity principles usable to everyone;


 * make the internet a much more rich experience designed for people, not plumbers, (or only faucet designers)

Bob Frankston



 * Multics


 * The more you reveal, the easier it is to be scammed


 * if you think you have a workable solution, you don't.


 * microsoft is a mechanism not an app solutions


 * spreadsheets are great ways to fool people

Rich Conlan

 * Google


 * Human computer i/f,
 * security,
 * better passwords
 * made a password selector with smiley face feedback mapped to happier:more secure
 * it did result in people choosing more-secure password forms


 * issues:
 * firewalls that prompt
 * bad SSL search

Tim Freeman

 * MedicAlert


 * usability and access management


 * 10-50K members access accts on-line; elderly, sick, alzheimers -- can't remember a username.


 * people in distress

Dennis Hamilton

 * Find a layer above diversity of protocols
 * reliable implementations
 * Doc Searls has the best sound bites to communicate the issues and where we need to go.

Noodling

 * Mistakes will be made


 * Card like interfaces couldn't happen too soon.


 * Can cards allow 'agents' to work on your behalf without you?


 * liability


 * unintended irreversable consequences

Reviewing the Ceremonial Stages

 * Registration - how to use a card


 * Authentication - how to subsequently use it efficiently


 * Condition handling -- geeky error messages - "Your certificate has expired"


 * quality of the info - actionable for the actor/reader


 * Choreography -- your dance must be in sync with your partner


 * mapping claim data - is data in the card relevant to the RP


 * trust is not transitive


 * faux authoritative -- please don't bug me that my address has changed just because I use 2 different cards that point at 2 different addresses.


 * What is the pragmatic aspect
 * social contexts
 * neighbors
 * nepotism -- more trustworthy (or the devil you know)


 * don't confuse intractable social problems with what can be solved with technology


 * Trust no one
 * Trust but verify


 * adhoc community effort -- work to influence everyone to get a common experience


 * consistent i/f as a differentiator


 * branding is often used to ensure standards and confidence


 * get together for specific protocols
 * write the info messages
 * notifications that can be sent to a user
 * similar messages from sites within a similar context
 * cultural issues


 * should the browser be the interpretive sum of the messages?
 * 404 - 'this is 'don't bother your pretty little head problem'


 * Read Allen Cooper "About Face" - how to write actionable messages designed for the user and the context.


 * GE: 'make the error message as obtruse as possible to protect security"


 * When you sign up for a site, and the site tells you 'this name is in use' may tell who is on the site.


 * Last 4 digits of the phone number


 * feeding into popular (mis)conceptions generate fear -- it's the user's fault.


 * attention into property
 * knowledge into property
 * identity into property
 * distinction needed between hijack and a breach
 * need to tell people how to be smart


 * dif rules for who is responsible for fraudulant credit card changes
 * US: bank has responsibility
 * not worldwide
 * leads to different responses and responsibilities


 * why an RP has to store all info to recreate the transaction to audit that a transaction happened. This could be abstracted if there is a trusted party.