Permissions Management UX and UI Issues
DATE and TIME: Thursday, 26 May 2011 11:00 am - noon
CONVENER: Michael Gettes
SCRIBE: Keith Hazelton
# of ATTENDEES: 15
MAIN ISSUES DISCUSSED
- RolandH: What is your the rules syntax? starting point for admin, prerequisite to building UIs. Rules can be HARD for a human to understand, let alone manage
- SteveC: Gap between theoretical structures (CompSci) and how John Doe thinks of solving a problem he has today;
- PeteS: You need a rules engine that can make decisions. How to explain group memb. plusses/minuses, group math to the distributed permissions managers? Showing the real world result of the policy computation is the hardest part.
- End user's many practical questions:
- How do I find what I want/need
- What does someone else in a similar role have that I don't have?
- Why do I have this permission?
- I have an entitlement to an exchange mailbox, why?
- How did I lose this permission; more likely "Why can't I do this, I could yesterday?"
- What does it mean to have role y, permission x?
- Need to enable users to help themselves get answers to their own questions
- KeithH: You can hurt yourself with XACML policies: incomprehensibility is easily achieved
- Magic GUI would ideally help JohnDoe not hurt himself
- End users need a zero-training UX/UI.
- App-embedded UI should be Customized for App and Process Context
- SteveC: Application embedded UI won't be just a slimmed down version of the full permission management UX/UI/API: E.g., The faculty managing materials access for a given course see only the three groups relevant to their course enrollees
- KeithH: BUT the access policy rule writers need LOTS of training; implies different UIs;
- Luke: UBC: ITIL process underway; defined services (catalog) defined roles within those services; shopping cart model. This is front-end effort that will inform UX/UI design.
- Clemson identifies four views that are needed for complete management of permissions:
- Administration view
- Help desk view
- User self service view
- Audit view
- SteveC: Lot of this belongs in the help desk space. Help desk needs an "act as" capability to diagnose user problems
- MRG definitions:
- Group: A set of entities
- Permission: Who can do what where/when
- Role: A set of permissions;
- Subjects and groups: Entities and collections of entities that can be assigned to roles.
- Entities: People, Groups, Services, other Things for which permissions are relevant
- Authorization: runtime tests of permissions for allow/deny decisions ("the act of testing permissions")
- RolandH: tried to have automated wizard for taking rules into UI designs; Not really successful, in the best case scenario it might yield a loose scaffolding for a UI. People will then have to tailor it to the Business Process context.
- There needs to be one place to go for most everyone for finding out what they can do
- TomZ: Single permission-ing; One place has all the info; how would we characterize all this in terms of workflow? CalPoly had a very nice workflow.
- What Chris Hyzer is doing with UIs in Grouper shows the kind of thing that a platform might want to expose
ACTIVITIES GOING FORWARD / NEXT STEPS
[ACAMPScribe:TomZ]: Mock up a UI...
[ACAMPScribe:All]: Bring selected UX/UI Business Analysis experts at our institutions into the ongoing conversation (SteveC: Their first question is gonna be "What are your requirements?" (knowing laughter from the audience)
[ACAMPScribe:KeithH] Create child wiki pages off the "MACE-Paccman" site. Adopt "Permissions Management UX/UI" as an ongoing Paccman work item and as a regular agenda item for Paccman conference calls. Supplement the "Canonical Use Cases with Solutions" with material from this group's work.
[ACAMPScribe:KeithH] Contact Nils about what Surfnet Conext and COIN offer and about his willingness to participate in these discussions
[ACAMPScribe:All] Email hazelton@wisc.edu if you are interested in participating in ongoing work
[ACAMPScribe:MichaelG] Draft a mini-charter for an effort to develop something like an RFP for a Permissions Management UI/UX Package
______________
If slides are used in the session, please ask presenters to convert their slides to PDF and email them to SteveO@internet2.edu
Thank you!