Date Added: Oct 2009
Complaints of security interfering with getting work done are commonplace. They often arise when users are distracted from their tasks to make policy decisions. The author has identified what is missing from earlier security interaction designs that lead to these interruptions. Explicitly representing policy decisions in the user interface and pro-viding controls for changing those policies has allowed one to reliably infers users' desired policy decisions from actions they take to get their work done. This paper describes the underlying principles and how they resulted in an interaction design that never interferes with the user's work.