OpenID in desktop apps
Christopher St John
ckstjohn at gmail.com
Mon Feb 9 01:41:29 UTC 2009
On Sun, Feb 8, 2009 at 5:27 PM, <chris.messina at gmail.com> wrote:
>
> Ultimately, does it matter? And does it really just come down to
> creating better overall experiences, security be damned?
>
Although security and convenience are not quite exactly on
the same axis, it's a truism that increasing one decreases
the other. It's a very old discussion, with some pretty well
understood answers. Ignoring several decades of intense
research seems silly. A couple random search results:
http://tinyurl.com/d9kgj7
"Security Features vs. Convenience in Windows Vista"
http://tinyurl.com/ccpocv
"User perceptions of security, convenience and usability
for ebanking authentication tokens"
Plus, of course, a bunch of operating systems security
research papers that are worth the pain of reading in
detail (Stanford and MIT both have courses on this stuff
with publicly available reading lists)
There's generally no way to answer a question like "does
it matter" without referencing the context and specifying
things like a threat model.
But in this case, without operating system support for a
security sandbox of some sort, it just doesn't matter:
desktop (and I suspect iPhone) apps have such complete
control that they can be as evil as they want to be.
Pretending otherwise inconveniences users of good
apps while not protecting users against bad apps. That's
not an unavoidable tradeoff, it's just a wrong decision.
-cks
--
Christopher St. John
http://praxisbridge.com
More information about the user-experience
mailing list