Request for comments on security of authentication/authorisation UIs

[Steve Dodier-Lazaro]

Hello,

Currently on the Wayland ML, a bunch of devs are discussing security issues
[0,1] and the need to restrict userland processes' privileges to e.g., take
screenshots, act as virtual keyboards or read keyboard events for other
apps, etc (basically introducing privileged interfaces that require
explicit user authorisation). We've also been discussing how the
introduction of Wayland allows for redesigning and securing authentication
and authorisation UIs.

This has led me to question the way authorisation and authentication are
currently done, and to write a couple of proposed requirements for both
tasks. I'd be very keen on hearing the opinions of various DE developers
(including of course XFCE :) ) on a blog post I've written [2], that
focuses a lot on the infrastructure needs (both in Wayland and desktop
environments). I'd also like to debate UX aspects of authorisation and
authentication UIs. In XFCE so far we haven't had any need for
authorisation UIs, and been pretty much using polkit for any auth need as
far as I can tell. Given the proposals I made (which really are ideas that
need experimentation and refinement), what would fit within the XFCE way of
doing things? How would you guys implement auth{orisation,entication}
dialogs in XFCE if you had to do it? Can you spot any missing technical
requirements in the post? Anything you disagree with and want me to review?

Thanks,

[0]
http://lists.freedesktop.org/archives/wayland-devel/2014-February/013359.html
[1]
http://mupuf.org/blog/2014/02/19/wayland-compositors-why-and-how-to-handle/
[2] http://mupuf.org/blog/2014/03/18/managing-auth-ui-in-linux/
-- 
Steve Dodier-Lazaro
PhD Student in Information Security
University College London
Free Software Developer
OpenPGP : 1B6B1670
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.xfce.org/pipermail/xfce4-dev/attachments/20140326/9bf98323/attachment.html>