Hey Steve! Thanks for reaching out about this. Speaking from a design point of view, having a more rigorous security model is something that we are extremely interested in at the moment, and this is something that Wayland has an obvious part to play in. There are also other technologies that will be needed, of course, particularly in relation to application sandboxing.
I'm afraid we don't currently have a clear plan for how all the pieces will fit together, but we do have ideas and are looking to develop a concrete plan for the UX in the near future. One relevant area is sharing [1], as the UX mechanism through which it is possible to share data between applications. I think that, in general, we'd like to avoid Android-esque lists of permissions - since people tend not to read these at install time, and you really want to know what apps are trying to do in practice rather than giving blanket permissions upfront. At the same time, we want to avoid dialog overload - we don't want there to be so many authentication dialogs that it becomes annoying. Allan [1] https://wiki.gnome.org/Design/OS/Sharing On Wed, Mar 26, 2014 at 2:56 PM, Dodier-Lazaro, Steve <s.dodier-lazaro...@ucl.ac.uk> wrote: > Hello, > > Currently on the Wayland ML, a bunch of devs are discussing security issues > [0,1] and the need to restrict userland processes' privileges to e.g., take > screenshots, act as virtual keyboards or read keyboard events for other > apps, etc (basically introducing privileged interfaces that require explicit > user authorisation). We've also been discussing how the introduction of > Wayland allows for redesigning and securing authentication and authorisation > UIs. > > This has led me to question the way authorisation and authentication are > currently done, and to write a couple of proposed requirements for both > tasks. I'd be very keen on hearing the opinions of various DE developers on > a blog post I've written [2], that focuses a lot on the infrastructure needs > (both in Wayland and desktop environments). I'd also like to debate UX > aspects of authorisation and authentication UIs. As far as I'm aware GNOME > Shell implements a polkit agent and so relies on the polkit infrastructure > for all its auth needs. Given the proposals I made (which really are ideas > that need experimentation and refinement), what would fit within the GNOME > way of doing things? What's the viewpoint of the UX people in GNOME? Can you > spot any missing technical (security or UX) requirements in the post? > Anything you disagree with and want me to review? > > Thanks, > > [0] > http://lists.freedesktop.org/archives/wayland-devel/2014-February/013359.html > [1] > http://mupuf.org/blog/2014/02/19/wayland-compositors-why-and-how-to-handle/ > [2] http://mupuf.org/blog/2014/03/18/managing-auth-ui-in-linux/ > -- > Steve Dodier-Lazaro > PhD student in Information Security > University College London > Dept. of Computer Science > Malet Place Engineering, 6.07 > Gower Street, London WC1E 6BT > OpenPGP : 1B6B1670 > > _______________________________________________ > desktop-devel-list mailing list > desktop-devel-l...@gnome.org > https://mail.gnome.org/mailman/listinfo/desktop-devel-list _______________________________________________ gnome-shell-list mailing list gnome-shell-list@gnome.org https://mail.gnome.org/mailman/listinfo/gnome-shell-list
