Thursday, January 31, 2008

Simple access-control status display

I had a chance to talk to my business partners about computer networking security. One of the participants told me that a secure networks should not be mixed up with the unsecure ones. He said in a trusted operating system environment, you would see a red window and a green window, when you handle the different security levels of the information in the windows. You can't copy-and-paste the pieces between the red and green windows, unless an overriding procedure is accepted, and recorded. While I think you can do something more to assist visually-handicapped people, this simple definition of security models should be incorporated with many Web and other Internet applications as soon as possible.

A few years ago I had a chance to see a presentation of similar ideas [1], which described the difference between Microsoft and Symantec products on telling the security level of the Web pages to the users. I thought Symantec's simple color-based access control looked much better than the IE's massive pairs of (not necessarily trivial) parameters.

Access control is often very complex, but the ideas should easily get through to the users. This simple principle has not been popular yet in the world of computer software and Internet applications.

Related link:
[1]Steven Furnell: Fostering the usability of information security solutions, at OECD-APEC Workshop on Security of Information Systems and Networks, Seoul, Korea, 6 September 2005.