Authorization Dialog

Discussion

Dialog presented by the system when an application or service requests authorization of additional privileges to take a certain action. For example, installing new software may not be allowed automatically within a supervised or managed account.

The details of what is allowed by default should be managed in the User Account system settings panel.

The presented dialog should appear as system modal and presented in the system shell style.

Efforts should be made to make the information request difficult to spoof. Perhaps it could even verify information that is passed to it from an application.

When information is requested from the user it should be immediately clear to the user how to respond correctly.

Goals:

  • Allow privilege escalation framework to make the user prove they are who they claim to be
  • Allow privilege escalation framework to make the user provide addition credentials (eg. Administrator credentials)

Non-goals:

  • Make the user allow/deny specific actions of software components or applications

Should handled the following forms:

  • Currently focused application requires authorization to complete a user initiated action
  • Background application requires authorization to complete some action
  • System component requires authorization to complete a user requested action
  • Command line tool run by the user requires authorization to complete an action
  • Command line tool run unattended requires authorization to complete an action
  • Unattended malware requires authorization to complete some action

Open questions:

  • Might be interesting to only present the system modal when the requesting app is already focused and otherwise show a notification that says app requires authorization and if I click on that then present a modal.

Relevant Art

GNOME 2

http://hal.freedesktop.org/docs/polkit/pkexec-bash.png http://hal.freedesktop.org/docs/polkit/polkit-authentication-agent-example.png http://hal.freedesktop.org/docs/polkit/polkit-authentication-agent-example-wheel.png packagekit-example.png

Guidelines

AuthorizationDialogModal.png user.png admin.png

Comments

See Also

Design/OS/AuthorizationDialog (last edited 2013-12-04 19:16:52 by WilliamJonMcCann)