Re: Request for comments on security of authentication/authorisation UIs

Hey Steve!

Thanks for reaching out about this. Speaking from a design point of
view, having a more rigorous security model is something that we are
extremely interested in at the moment, and this is something that
Wayland has an obvious part to play in. There are also other
technologies that will be needed, of course, particularly in relation
to application sandboxing.

I'm afraid we don't currently have a clear plan for how all the pieces
will fit together, but we do have ideas and are looking to develop a
concrete plan for the UX in the near future. One relevant area is
sharing [1], as the UX mechanism through which it is possible to share
data between applications. I think that, in general, we'd like to
avoid Android-esque lists of permissions - since people tend not to
read these at install time, and you really want to know what apps are
trying to do in practice rather than giving blanket permissions
upfront. At the same time, we want to avoid dialog overload - we don't
want there to be so many authentication dialogs that it becomes



On Wed, Mar 26, 2014 at 2:56 PM, Dodier-Lazaro, Steve
<s dodier-lazaro 12 ucl ac uk> wrote:

Currently on the Wayland ML, a bunch of devs are discussing security issues
[0,1] and the need to restrict userland processes' privileges to e.g., take
screenshots, act as virtual keyboards or read keyboard events for other
apps, etc (basically introducing privileged interfaces that require explicit
user authorisation). We've also been discussing how the introduction of
Wayland allows for redesigning and securing authentication and authorisation

This has led me to question the way authorisation and authentication are
currently done, and to write a couple of proposed requirements for both
tasks. I'd be very keen on hearing the opinions of various DE developers on
a blog post I've written [2], that focuses a lot on the infrastructure needs
(both in Wayland and desktop environments). I'd also like to debate UX
aspects of authorisation and authentication UIs. As far as I'm aware GNOME
Shell implements a polkit agent and so relies on the polkit infrastructure
for all its auth needs. Given the proposals I made (which really are ideas
that need experimentation and refinement), what would fit within the GNOME
way of doing things? What's the viewpoint of the UX people in GNOME? Can you
spot any missing technical (security or UX) requirements in the post?
Anything you disagree with and want me to review?


Steve Dodier-Lazaro
PhD student in Information Security
University College London
Dept. of Computer Science
Malet Place Engineering, 6.07
Gower Street, London WC1E 6BT
OpenPGP : 1B6B1670

desktop-devel-list mailing list
desktop-devel-list gnome org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]