Permissions Management UX and UI Issues

DATE and TIME: Thursday, 26 May 2011 11:00 am - noon

CONVENER: Michael Gettes

SCRIBE: Keith Hazelton

# of ATTENDEES: 15

MAIN ISSUES DISCUSSED
  • RolandH: What is your the rules syntax? starting point for admin, prerequisite to building UIs. Rules can be HARD for a human to understand, let alone manage
  • SteveC: Gap between theoretical structures (CompSci) and how John Doe thinks of solving a problem he has today;
  • PeteS: You need a rules engine that can make decisions. How to explain group memb. plusses/minuses, group math to the distributed permissions managers? Showing the real world result of the policy computation is the hardest part.
  • End user's many practical questions:
    • How do I find what I want/need
    • What does someone else in a similar role have that I don't have?
    • Why do I have this permission?
    • I have an entitlement to an exchange mailbox, why?
    • How did I lose this permission; more likely "Why can't I do this, I could yesterday?"
    • What does it mean to have role y, permission x?
  • Need to enable users to help themselves get answers to their own questions
  • KeithH: You can hurt yourself with XACML policies: incomprehensibility is easily achieved
  • Magic GUI would ideally help JohnDoe not hurt himself
  • End users need a zero-training UX/UI.
  • App-embedded UI should be Customized for App and Process Context
  • SteveC: Application embedded UI won't be just a slimmed down version of the full permission management UX/UI/API: E.g., The faculty managing materials access for a given course see only the three groups relevant to their course enrollees
  • KeithH: BUT the access policy rule writers need LOTS of training; implies different UIs;
  • Luke: UBC: ITIL process underway; defined services (catalog) defined roles within those services; shopping cart model. This is front-end effort that will inform UX/UI design.
  • Clemson identifies four views that are needed for complete management of permissions:
    • Administration view
    • Help desk view
    • User self service view
    • Audit view
  • SteveC: Lot of this belongs in the help desk space. Help desk needs an "act as" capability to diagnose user problems
  • MRG definitions:
    • Group: A set of entities
    • Permission: Who can do what where/when
    • Role: A set of permissions;
    • Subjects and groups: Entities and collections of entities that can be assigned to roles.
    • Entities: People, Groups, Services, other Things for which permissions are relevant
    • Authorization: runtime tests of permissions for allow/deny decisions ("the act of testing permissions")
  • RolandH: tried to have automated wizard for taking rules into UI designs; Not really successful, in the best case scenario it might yield a loose scaffolding for a UI. People will then have to tailor it to the Business Process context.
  • There needs to be one place to go for most everyone for finding out what they can do
  • TomZ: Single permission-ing; One place has all the info; how would we characterize all this in terms of workflow? CalPoly had a very nice workflow.
  • What Chris Hyzer is doing with UIs in Grouper shows the kind of thing that a platform might want to expose
ACTIVITIES GOING FORWARD / NEXT STEPS

[ACAMPScribe:TomZ]: Mock up a UI...

[ACAMPScribe:All]: Bring selected UX/UI Business Analysis experts at our institutions into the ongoing conversation (SteveC: Their first question is gonna be "What are your requirements?" (knowing laughter from the audience)

[ACAMPScribe:KeithH] Create child wiki pages off the "MACE-Paccman" site. Adopt "Permissions Management UX/UI" as an ongoing Paccman work item and as a regular agenda item for Paccman conference calls. Supplement the "Canonical Use Cases with Solutions" with material from this group's work.

[ACAMPScribe:KeithH] Contact Nils about what Surfnet Conext and COIN offer and about his willingness to participate in these discussions

[ACAMPScribe:All] Email hazelton@wisc.edu if you are interested in participating in ongoing work

[ACAMPScribe:MichaelG] Draft a mini-charter for an effort to develop something like an RFP for a Permissions Management UI/UX Package

______________

If slides are used in the session, please ask presenters to convert their slides to PDF and email them to SteveO@internet2.edu

Thank you!

  • No labels