[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-active
Subject: Re: UI security topic: UI for private activities
From: Shantanu Tushar Jha <jhahoneyk () gmail ! com>
Date: 2012-01-17 4:39:22
Message-ID: CABQ4Km8YXeTsKrGXX8vXvgzueNFVqxVGNhcrj-weWVQT_uMAUg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
On Mon, Jan 16, 2012 at 9:39 PM, Fania Bremmer
<fania.bremmer@basyskom.com>wrote:
> Hi there,
>
> In the last days we had a lot of discussions about the security topic.
> In my team we already had a look how the UI dialogs could look like and in
> last fridays telco we talked about that as well.
>
> So here my current findings presented in a flowchart regarding "private"
> (means encrypted) activities:
> http://share.basyskom.com/**contour/UIDesign/flowchart_**
> PrivateActivities.pdf<http://share.basyskom.com/contour/UIDesign/flowchart_PrivateActivities.pdf>
>
> Asumptions:
> - Mark Activity as private: toggle Button in "Create new activity" and
> "Activity Configuration" Dialog; details see flowchart
>
What about having a password confirmation or "show password" option so the
user can be sure that she typed the correct password while creating the
activity. Chances of typos on the virtual keyboard is even more. Or am I
wrong?
- Open Private Activity in switcher: after tap a pw dialog appears (similar
> to delete dialog); see validation details again in flowchart; currently we
> still have a resize issue here, see https://bugs.kde.org/show_bug.**
> cgi?id=288426 <https://bugs.kde.org/show_bug.cgi?id=288426>
> - Most discussed topic has been the re-encryption of private activities in
> case of shutdown and lockscreen. My suggestion is the following:
> 1- after changing activity: last private activity encrypts again, requires
> again pw if switched back
> 2- after shut down: all private activities encrypt again, pw needed for
> every private activity
> 3a- after manual or automatical screen lock while private activity is
> running: pw dialog in lockscreen is required to open the current private
> activity. Unlock with normal activity running doesnt require any pw, it
> behaves like Plasma Active currently does.
> 3b- there has been the idea that after locking, PA encrypts all private
> activities again and just shows the last "normal" activity as a fallback.
> What I dont like here, that the last normal activity can be completly
> random, so that for the user that wouldnt be a benefit, as he has been just
> working on the private activity.
> 3c- Another option would be that the uncrypted fallback is always the
> introduction activity, which can therefore be never private and can never
> be deleted. This would assure that we have at least one "normal/not
> private" activity in the system we can always fallback to. I dont like this
> option that much neither, because we would introduce some kind of
> homescreen, that we just wanted to get rid off ;)
> - With all these passwords coming now into PA, I suggest having a security
> tab in our settings app with these options:
> - device pw after shut down: toggle on/off; on is default (needs then to
> be entered in first introduction activity)
> - edit pw for device pw
> - device pw after lock screen: toggle on/off; off is default
>
> So, feedback welcome to this subject.
> Fania
>
>
>
>
>
> ______________________________**_________________
> Active mailing list
> Active@kde.org
> https://mail.kde.org/mailman/**listinfo/active<https://mail.kde.org/mailman/listinfo/active>
>
Cheers,
Shantanu
[Attachment #5 (text/html)]
Hi,<br><br><div class="gmail_quote">On Mon, Jan 16, 2012 at 9:39 PM, Fania Bremmer \
<span dir="ltr"><<a \
href="mailto:fania.bremmer@basyskom.com">fania.bremmer@basyskom.com</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"> Hi there,<br>
<br>
In the last days we had a lot of discussions about the security topic.<br>
In my team we already had a look how the UI dialogs could look like and in last \
fridays telco we talked about that as well.<br> <br>
So here my current findings presented in a flowchart regarding "private" \
(means encrypted) activities:<br> <a \
href="http://share.basyskom.com/contour/UIDesign/flowchart_PrivateActivities.pdf" \
target="_blank">http://share.basyskom.com/<u></u>contour/UIDesign/flowchart_<u></u>PrivateActivities.pdf</a><br>
<br>
Asumptions:<br>
- Mark Activity as private: toggle Button in "Create new activity" and \
"Activity Configuration" Dialog; details see \
flowchart<br></blockquote><div><br>What about having a password confirmation or \
"show password" option so the user can be sure that she typed the correct \
password while creating the activity. Chances of typos on the virtual keyboard is \
even more. Or am I wrong?<br> <br></div><blockquote class="gmail_quote" \
style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">
- Open Private Activity in switcher: after tap a pw dialog appears (similar to delete \
dialog); see validation details again in flowchart; currently we still have a resize \
issue here, see <a href="https://bugs.kde.org/show_bug.cgi?id=288426" \
target="_blank">https://bugs.kde.org/show_bug.<u></u>cgi?id=288426</a><br>
- Most discussed topic has been the re-encryption of private activities in case of \
shutdown and lockscreen. My suggestion is the following:<br> 1- after changing \
activity: last private activity encrypts again, requires again pw if switched \
back<br> 2- after shut down: all private activities encrypt again, pw needed for \
every private activity<br> 3a- after manual or automatical screen lock while private \
activity is running: pw dialog in lockscreen is required to open the current private \
activity. Unlock with normal activity running doesnt require any pw, it behaves like \
Plasma Active currently does.<br>
3b- there has been the idea that after locking, PA encrypts all private activities \
again and just shows the last "normal" activity as a fallback. What I dont \
like here, that the last normal activity can be completly random, so that for the \
user that wouldnt be a benefit, as he has been just working on the private \
activity.<br>
3c- Another option would be that the uncrypted fallback is always the introduction \
activity, which can therefore be never private and can never be deleted. This would \
assure that we have at least one "normal/not private" activity in the \
system we can always fallback to. I dont like this option that much neither, because \
we would introduce some kind of homescreen, that we just wanted to get rid off ;)<br>
- With all these passwords coming now into PA, I suggest having a security tab in our \
settings app with these options:<br>
- device pw after shut down: toggle on/off; on is default (needs then to be entered \
in first introduction activity)<br>
- edit pw for device pw<br>
- device pw after lock screen: toggle on/off; off is default<br>
<br>
So, feedback welcome to this subject.<br>
Fania<br>
<br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
Active mailing list<br>
<a href="mailto:Active@kde.org" target="_blank">Active@kde.org</a><br>
<a href="https://mail.kde.org/mailman/listinfo/active" \
target="_blank">https://mail.kde.org/mailman/<u></u>listinfo/active</a><br> \
</blockquote></div><br>Cheers,<br>Shantanu<br>
_______________________________________________
Active mailing list
Active@kde.org
https://mail.kde.org/mailman/listinfo/active
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic