Principles are based on scientific sources.
| Name | Expressiveness |
| Sources | (Yee, 2002) |
| Synonyms | None |
| Intent | The interface should provide enough expressive power to describe a safe security policy without undue difficulty; and to allow users to express security policies in terms that fit their goals. |
| Motivation | Sometimes a security policy may be specified explicitly, as in a panel of configuration settings; other times it is implied by the expected consequences of actions in the normal course of performing a task. In both cases, there is a language (consisting of settings or sequences of actions) through which the user expresses a security policy to the system. If the language used to express security preferences does not match the user’s model of the system, then it is hard to set policy in a way that corresponds with intentions. |
| Examples | None |
| Guidelines | None |
| Tags | Self-descriptiveness |
| Log history | [02/14/2016]: Added to repository |
Yee, K.-P., 2002. User interaction design for secure systems, in: Proceedings of the 4th International Conference on Information and Communications Security, ICICS ’02. Springer-Verlag, London, UK, UK, pp. 278–290.