<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} .ms-cui-menu {background-color:#ffffff;border:1px rgb(171, 171, 171) solid;font-family:'Segoe UI WPC', 'Segoe UI', Tahoma, 'Microsoft Sans Serif', Verdana, sans-serif;font-size:11pt;color:rgb(51, 51, 51);} .ms-cui-menusection-title {display:none;} .ms-cui-ctl {vertical-align:text-top;text-decoration:none;color:rgb(51, 51, 51);} .ms-cui-ctl-on {background-color:rgb(229, 235, 236);opacity: 0.8;} .ms-cui-img-cont-float {display:inline-block;margin-top:2px} .ms-cui-smenu-inner {padding-top:0px;} .ms-owa-paste-option-icon {margin: 2px 4px 0px 4px;vertical-align:sub;padding-bottom: 2px;display:inline-block;} .ms-rtePasteFlyout-option:hover {background-color:rgb(229, 235, 236) !important;opacity:1 !important;} .ms-rtePasteFlyout-option {padding:8px 4px 8px 4px;outline:none;} .ms-cui-menusection {float:left; width:85px;height:24px;overflow:hidden}.wf {speak:none; font-weight:normal; font-variant:normal; text-transform:none; -webkit-font-smoothing:antialiased; vertical-align:middle; display:inline-block;}.wf-family-owa {font-family:'o365Icons'}@font-face {  font-family:'o365IconsIE8';  src:url('https://r4.res.outlook.com/owa/prem/15.0.908.10/resources/styles/office365icons.ie8.eot?#iefix') format('embedded-opentype'),         url('https://r4.res.outlook.com/owa/prem/15.0.908.10/resources/styles/office365icons.ie8.woff') format('woff'),         url('https://r4.res.outlook.com/owa/prem/15.0.908.10/resources/styles/office365icons.ie8.ttf') format('truetype');  font-weight:normal;  font-style:normal;}@font-face {  font-family:'o365IconsMouse';  src:url('https://r4.res.outlook.com/owa/prem/15.0.908.10/resources/styles/office365icons.mouse.eot?#iefix') format('embedded-opentype'),         url('https://r4.res.outlook.com/owa/prem/15.0.908.10/resources/styles/office365icons.mouse.woff') format('woff'),         url('https://r4.res.outlook.com/owa/prem/15.0.908.10/resources/styles/office365icons.mouse.ttf') format('truetype');  font-weight:normal;  font-style:normal;}.wf-family-owa {font-family:'o365IconsMouse'}.ie8 .wf-family-owa {font-family:'o365IconsIE8'}.ie8 .wf-owa-play-large:before {content:'\e254';}.notIE8 .wf-owa-play-large:before {content:'\e054';}.ie8 .wf-owa-play-large {color:#FFFFFF/*$WFWhiteColor*/;}.notIE8 .wf-owa-play-large {border-color:#FFFFFF/*$WFWhiteColor*/; width:1.4em; height:1.4em; border-width:.1em; border-style:solid; border-radius:.8em; text-align:center; box-sizing:border-box; -moz-box-sizing:border-box; padding:0.1em; color:#FFFFFF/*$WFWhiteColor*/;}.ie8 .wf-size-play-large {width:40px; height:40px; font-size:30px}.notIE8 .wf-size-play-large {width:40px; height:40px; font-size:30px}
<!--
p
        {margin-top:0;
        margin-bottom:0}
.ms-cui-menu
        {background-color:#ffffff;
        border:1px rgb(171,171,171) solid;
        font-family:'Segoe UI WPC','Segoe UI',Tahoma,'Microsoft Sans Serif',Verdana,sans-serif;
        font-size:11pt;
        color:rgb(51,51,51)}
.ms-cui-menusection-title
        {}
.ms-cui-ctl
        {vertical-align:text-top;
        text-decoration:none;
        color:rgb(51,51,51)}
.ms-cui-ctl-on
        {background-color:rgb(229,235,236)}
.ms-cui-img-cont-float
        {display:inline-block;
        margin-top:2px}
.ms-cui-smenu-inner
        {padding-top:0px}
.ms-owa-paste-option-icon
        {margin:2px 4px 0px 4px;
        vertical-align:sub;
        padding-bottom:2px;
        display:inline-block}
.ms-rtePasteFlyout-option
        {padding:8px 4px 8px 4px;
        outline:none}
.ms-cui-menusection
        {float:left;
        width:85px;
        height:24px;
        overflow:hidden}
.wf
        {speak:none;
        font-weight:normal;
        font-variant:normal;
        text-transform:none;
        vertical-align:middle;
        display:inline-block}
.wf-family-owa
        {font-family:'o365Icons'}
@font-face
        {font-family:'o365IconsIE8';
        font-weight:normal;
        font-style:normal}
@font-face
        {font-family:'o365IconsMouse';
        font-weight:normal;
        font-style:normal}
.wf-family-owa
        {font-family:'o365IconsMouse'}
.ie8 .wf-family-owa
        {font-family:'o365IconsIE8'}
.notIE8 .wf-owa-play-large
        {border-color:#FFFFFF;
        width:1.4em;
        height:1.4em;
        border-width:.1em;
        border-style:solid;
        text-align:center;
        padding:0.1em;
        color:#FFFFFF}
.ie8 .wf-size-play-large
        {width:40px;
        height:40px;
        font-size:30px}
.notIE8 .wf-size-play-large
        {width:40px;
        height:40px;
        font-size:30px}
-->
--></style>
</head>
<body dir="ltr">
<div style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<style type="text/css" style="">
<!--
p
        {margin-top:0;
        margin-bottom:0}
.ms-cui-menu
        {background-color:#ffffff;
        border:1px rgb(171,171,171) solid;
        font-family:'Segoe UI WPC','Segoe UI',Tahoma,'Microsoft Sans Serif',Verdana,sans-serif;
        font-size:11pt;
        color:rgb(51,51,51)}
.ms-cui-menusection-title
        {}
.ms-cui-ctl
        {vertical-align:text-top;
        text-decoration:none;
        color:rgb(51,51,51)}
.ms-cui-ctl-on
        {background-color:rgb(229,235,236)}
.ms-cui-img-cont-float
        {display:inline-block;
        margin-top:2px}
.ms-cui-smenu-inner
        {padding-top:0px}
.ms-owa-paste-option-icon
        {margin:2px 4px 0px 4px;
        vertical-align:sub;
        padding-bottom:2px;
        display:inline-block}
.ms-rtePasteFlyout-option
        {padding:8px 4px 8px 4px;
        outline:none}
.ms-cui-menusection
        {float:left;
        width:85px;
        height:24px;
        overflow:hidden}
.wf
        {speak:none;
        font-weight:normal;
        font-variant:normal;
        text-transform:none;
        vertical-align:middle;
        display:inline-block}
.wf-family-owa
        {font-family:'o365Icons'}
@font-face
        {font-family:'o365IconsIE8';
        font-weight:normal;
        font-style:normal}
@font-face
        {font-family:'o365IconsMouse';
        font-weight:normal;
        font-style:normal}
.wf-family-owa
        {font-family:'o365IconsMouse'}
.ie8 .wf-family-owa
        {font-family:'o365IconsIE8'}
.notIE8 .wf-owa-play-large
        {border-color:#FFFFFF;
        width:1.4em;
        height:1.4em;
        border-width:.1em;
        border-style:solid;
        text-align:center;
        padding:0.1em;
        color:#FFFFFF}
.ie8 .wf-size-play-large
        {width:40px;
        height:40px;
        font-size:30px}
.notIE8 .wf-size-play-large
        {width:40px;
        height:40px;
        font-size:30px}
-->
</style>
<div style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<div>​Hello,</div>
<div><br>
</div>
<div>In a previous discussion on this ML [0] and blog article [1], Martin Peres explained why Wayland should distinguish between normal and privileged clients and what the security requirements for Wayland are. After that, I spent some time thinking about how
 to handle the processes of authorisation (authorising clients to use privileged interfaces described by Martin) and authentication (how to provide a safe way for users to type passwords in graphical environments). I wrote another blog article [2] in which
 I speak about the infrastructure needed to implement spoofing-proof auth* user interfaces, and about usability/UX good practice. I'm interested in feedback from this ML.</div>
<div><br>
</div>
<div>My article is relevant to Wayland because it describes the kind of infrastructure that would be needed (section 5 in particular), and some of that infrastructure is under the scope of Wayland compositors. This includes obviously separating the I/O of various
 windows, identifying which process a window belongs to, providing an authorisation API that forces userland apps to ask compositors to access a number of resources, and it should in the long run include a set of UX guidelines describing what desktop environments
 should provide along with their compositor for the security interactions to be manageable by users.</div>
<div><br>
</div>
<div>I'm very keen on hearing from Wayland devs and GNOME/KDE/other compositor devs about these infrastructure needs. Do you agree with the analysis made in the article? Do you see technical challenges that were forgotten? Do you have members of your communities
 interested in experimenting the introduction of capabilities/privileges in userland? If so then please get in touch with me!</div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>[0] http://lists.freedesktop.org/archives/wayland-devel/2014-February/013359.html</div>
<div>[1] http://mupuf.org/blog/2014/02/19/wayland-compositors-why-and-how-to-handle/</div>
<div>[2] http://mupuf.org/blog/2014/03/18/managing-auth-ui-in-linux/</div>
<div>
<div class="BodyFragment"><font size="2"><span style="font-size:10pt">
<div class="PlainText">​--<br>
Steve Dodier-Lazaro<br>
PhD student in Information Security<br>
University College London<br>
Dept. of Computer Science<br>
Malet Place Engineering, 6.07<br>
Gower Street, London WC1E 6BT<br>
OpenPGP : 1B6B1670</div>
</span></font></div>
</div>
</div>
</div>
</body>
</html>