Well written paper

I just finished reading a well written paper on 10 interactive security design principles as it relates to user interaction within a secure application. I originally got the link as a topic on /. about Secure Interactive Design and found it quite interesting. As usual, id10ts in the /. community have no clue what they are talking about and are quick to judge and make erroneous statements without even spending the time to read the whole paper. But what can you expect from many of the posters there. Don't get me wrong, I love many of the slashdot crowd, but geeks without knowledge are dangerous beasts. *sigh*

Anyways, its well worth the read. You may or may not agree with all principles, but the paper is written in a logical way in how UI design needs to apply more security engineering principles in a more constructive light. I don't fully agree with it as I think to much emphasis is on user's role in the system when truely the model of security needs to take precedence on how user authoritive access controls can be applied. As an example, you can not apply the Bell-LaPadula security model to a user to start with, as the classification of any given object's security within a system determines access control, and not the other way around. In the end it comes to the same point as brought within the paper, but addressed slightly different in how it is applied practically. Even so, I enjoyed reading the paper. Very well done.