Xiang Cao and Lee Iverson: Intentional Access Management
July 13, 2006 by PingPeople tend to share files using e-mail instead of file sharing systems. The authors feel that one of the major obstacles to using file sharing features is the difficulty of end-user access control, and so they decided to analyze this problem. They looked at the access control mechanism in the WebDAV standard and found significant usability problems, in particular the difference between the stated privileges that users express by editing ACLs (access control lists), and the effective privileges that actually result from those settings.
They propose instead an “intentional access management” model, where users specify their goals in terms of intentions: “User X needs access to resource Y for some length of time” or “User X must not have access to resource Y”.
The IAM Wizard then analyzes the current state of ACLs and groups in the system and figures out what steps are necessary to get the user’s goals met. (Given the complexity of WebDAV ACLs, this can be an extremely complicated task! It may involve finding existing denials that need to be cancelled in addition to adding entries to grant access. Also, ACLs can be inherited and can refer to groups of users.)
The steps that need to be taken may also have side effects (for example, if one needs to modify the settings for a group in order to get access), and the IAM Wizard informs the user of possible side effects before proceeding.
There were ten participants in their user study, none of whom had previous knowledge of WebDAV ACLs. The participants were much more successful at accomplishing access management tasks using the IAM Wizard, and also expressed higher confidence in their actions. Using the IAM Wizard yielded 100% success in all four of their tasks, whereas in the most difficult task, whose solution required changing a group membership, direct ACL editing was only 10% successful. For one of their tasks, users were highly confident that they had succeeded, but in fact 70% of them had not.