Improving a human-computer dialogue
Communications of the ACM
Usability and privacy: a study of Kazaa P2P file-sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Web Privacy with P3p
Personal privacy through understanding and action: five pitfalls for designers
Personal and Ubiquitous Computing
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Improving user-interface dependability through mitigation of human error
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Privacy in information technology: designing to enable privacy policy management in organizations
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Evaluating interfaces for privacy policy rule authoring
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Intentional access management: making access control usable for end-users
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
User interfaces for privacy agents
ACM Transactions on Computer-Human Interaction (TOCHI)
An Organizational View of Pervasive Computing
Social Science Computer Review
Evaluating assistance of natural language policy authoring
Proceedings of the 4th symposium on Usable privacy and security
A methodology for designing information security feedback based on User Interface Patterns
Advances in Engineering Software
A model of triangulating environments for policy authoring
Proceedings of the 15th ACM symposium on Access control models and technologies
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
Analysis of privacy and security policies
IBM Journal of Research and Development
Policy framework for security and privacy management
IBM Journal of Research and Development
Authorization enforcement usability case study
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
International Journal of Information Security and Privacy
| Hi-index | 0.00 |
Policies, sets of rules that govern permission to access resources, have long been used in computer security and online privacy management; however, the usability of authoring methods has received limited treatment from usability experts. With the rise in networked applications, distributed data storage, and pervasive computing, authoring comprehensive and accurate policies is increasingly important, and is increasingly performed by relatively novice and occasional users. Thus, the need for highly usable policy-authoring interfaces across a variety of policy domains is growing. This paper presents a definition of the security and privacy policy-authoring task in general and presents the results of a user study intended to discover some usability challenges that policy authoring presents. The user study employed SPARCLE, an enterprise privacy policy-authoring application. The usability challenges found include supporting object grouping, enforcing consistent terminology, making default policy rules clear, communicating and enforcing rule structure, and preventing rule conflicts. Implications for the design of SPARCLE and of user interfaces in other policy-authoring domains are discussed.