UI security topic: UI for private activities

Lamarque V. Souza lamarque at kde.org
Tue Jan 17 13:06:04 UTC 2012 

Em Tuesday 17 January 2012, Ivan Čukić escreveu:
> > What about the case where the current activity when booting the system is
> > private. Does the switcher works before opening any activity? If not then
> > we will need a second dialog to ask for the password.
> 
> That is why I wanted the 'locked' state for the activity, and the
> activity switcher for the password dialogue.
> 
> > I would rather leave the private activity open (un-encrypted sounds
> > technically wrong since it is still encrypted) until the user explicitly
> > tells PA to close all private activities or a lock screen happens. If the
> > user needs to momentaneously do something in another activity it is very
> > annoying having to type the password when coming back to the previous
> > activity.
> 
> When the security is concerned, annoying the user is (IMO) a much
> better choice than lowering the security.

	In the scenario I described above asking for the password everytime the 
user switches to a private activity does not secure anything. The user is 
already in front of the tablet all the time, there is no need to ask for the 
password more than once. We should ask for the password only when we detect 
the user has not been in front of the tablet for some time (the lock screen 
quicks in this case), when the user closes all private activities or after a 
cold boot.

	The new shutdowndlg behaviour is suitable for this scenario: when the 
user press the power button the shutdowndlg will countdown from 5s (maybe a 
little more). When the countdown reaches zero it will lock screen and then 
suspend the system to ram (sleep). If the user wants to close all private 
activities and leave the tablet alone for some time he/she just need to press 
the power button and wait some seconds. There are lock and sleep buttons on 
the shutdown dialog, so the user do not even need to wait for the countdown to 
trigger the lock or the sleep actions.

	If the user wants to close the private activities and hand the tablet to 
someone else then he/she must press the power button and press the lock button 
in shutdown dialog to close the activites. Or we can add another way to close 
them all.
 
> > Are we going to use only one password for all private activities or one
> > password per activity?
> 
> password per activity

	Fania told me that today in the morning. Well, let's hope people do not 
complain about that.

-- 
Lamarque V. Souza
KDE's Network Management maintainer
http://planetkde.org/pt-br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/active/attachments/20120117/56a6b05a/attachment.html>

More information about the Active mailing list