There is the diffuse idea that the user will ????¬?gure
it out,??? so a reasonable set of controls and a sound process behind
it will do. The ?¬‚aw in that reasoning lies in the fact that
reasonableand soundare ill-de?¬?ned. Apart from the fact that
often those systems are designed by computer scientists, who
abide by a very different de?¬?nition of reasonablethan end users,
the entire idea of relying on the user??™s ability to ????¬?gure it out??? is
extremely dangerous. When the user is expected to recognize to
whom he is disclosing his personal data or which kind of information
will be sent, the margin for interpretation should be reduced
to an absolute minimum. The way of achieving this is
planning for human integration, devising interaction mechanisms
that properly account for the user capabilities, eliminating
ambiguity, and reducing the room for misinterpretations. In
other words, when the user deals with identity management
matters, he should be constrained by a protocol, too.
Following a protocol is not exclusive to machines. Humans can
do it, too, and have done so since forever, every time it is important
to have predictable results. We follow a protocol on election
day when we go to vote, when we clear a security
checkpoint at the airport, when we sign a contract, when the
What works for
machines may not
work for humans
Humans can follow
protocols, too
The Seven Laws of Identity 107
?¬?re alarm goes off in our of?¬?ce building, when we operate a
nuclear plant, when we document a process in the context of
ISO9000, when we apply for an immigrant visa.
Pages:
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192