summaryrefslogtreecommitdiff
path: root/Hurd/RequirementsForUser.mdwn
blob: d23221c3e8c1326cae31895a8db0e6ec5657f398 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
Requirements for the user tell what a computer system should look like from a user's perspective. Here are three of such requirements:

* Awareness
* Security
* Flexibility

# <a name="Requirements"> Requirements </a>

<a name="AwarenessRequirement"></a>

## <a name="Awareness"> Awareness </a>

The user must know what the operations are he can perform in the operating system. He must also know about their consequences and relevant side effects, and what the possible results are. At any point where the system can not make the right decision automatically, the user must have the ability to influence the path chosen.

----

**Awareness means that the user knows what happens.**

----

<a name="SecurityRequirement"></a>

## <a name="Security"> Security </a>

The user must be sure that his actions have predictable consequences, even in the presence of actively hostile influence. If there is a component in the system that the user can not control, the user must be able to contain its impact, either by simply ignoring it (shielding), or by imposing restrictions (confinement).

----

**Security means that the user controls what can happen _to_ his resources.**

----

<a name="FlexibilityRequirement"></a>

## <a name="Flexibility"> Flexibility </a>

The user must have a range of options available that support him to achieve an arbitrary but well-defined goal that can be stated within the legitimate resources the user controls.

----

**Flexibility means that the user controls what can happen _with_ his resources.**

----

# <a name="Relationships"> Relationships </a>

For me, Awareness is a requirement for both, security and flexibility. The options that are presented to the user must be meaningful and clear to him. Otherwise, how is he in a position to make a decision where the system can't? This does not mean that the user must be aware of every detail that goes on, but he must be aware of the higher-level consequences of all actions (and non-actions) that he performs.

I don't know about you, but everytime some dialog box in an application I use for the first time asks me if I want to babble-gabble the froob through the bibskadenga, I just click on the biggest of the buttons presented, or the one with the nicest color, and hope for the best. So, "Awareness" is just a basic usability requirement.

Security ensures that the action the user can undertake never have so dramatic consequences that the user loses control over his session and associated resources, at least not without explicitely and consciously requesting it (note that Awareness is required here).

A flexible system will not achieve these goals simply by restricting the users ability to perform his tasks. It will offer the broadest range of alternatives possible, without compromising the other goals.

----

Adapted from:

* <http://lists.gnu.org/archive/html/l4-hurd/2005-11/msg00242.html>