{"id":3232,"date":"2017-10-06T08:41:44","date_gmt":"2017-10-06T06:41:44","guid":{"rendered":"https:\/\/blog.mi.hdm-stuttgart.de\/?p=3232"},"modified":"2023-06-08T17:41:51","modified_gmt":"2023-06-08T15:41:51","slug":"usable-security-users-are-not-your-enemy","status":"publish","type":"post","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/10\/06\/usable-security-users-are-not-your-enemy\/","title":{"rendered":"Usable Security – Users are not your enemy"},"content":{"rendered":"

\"\"<\/p>\n

Introduction<\/h1>\n

Often overlooked, usability turned out to be one of the most important aspects of security. Usable systems enable users to accomplish their goals with increased productivity, less errors and security incidents. And It stills seems to be the exception rather than the rule.<\/p>\n

When it comes to software, many people believe there is an fundamental tradeoff between security and usability. A choice between one of them has to be done. The belief is – make it more secure – and immediately – things become harder to use.<\/p>\n

It\u2019s a never-ending challenge – security and usability experts arguing about which one is more important. And some more people of the engineering and marketing department get involved giving their views and trying to convince the others. Finding the right balance between security and usability is without a doubt a challenging task.<\/p>\n

The serious problem: User experience can suffer as digital products become more secure. In other words: the more secure you make something, the less secure it becomes. Why?
\n
\n <\/p>\n

Humans as the weakest link<\/h1>\n

Many aspects of information security combine both technical and human factors. If a highly secure system is unusable or doesn\u2019t behave in a way the users expect, they will try to circumvent the system, bypass security mechanisms or move entirely to other systems that are less secure but more usable. Problems with usability are a major contributor to many security failures today.<\/p>\n

\n

Secure services must be as easy to use as insecure services or users will gravitate to the insecure alternative.” (Ian Hamilton, Signiant CTO)<\/p>\n<\/blockquote>\n

As Hamilton describes, when security gets in the way people tend to develop (sometimes really clever) hacks and workarounds that defeat security. It\u2019s not because they are eval, it\u2019s due to how humans are made.<\/p>\n

The best example is how users authenticate to systems, particularly using passwords. Passwords have an tension between usability (short, easily memorable passwords) and security (longer, more diverse passwords that are difficult to crack). Guidelines for password selection focus largely on security rather than usability. Getting passwords and sensitive information through social engineering is often not a big deal – just by looking at desks or even by pretending to be someone else and just asking for it.<\/p>\n

As we are not made for remembering long and complex passwords, we write them down in good faith, hide them under the keyboard, paste them on the monitor or use the same password for a bunch of services.<\/p>\n

Passwords are the least expensive mechanism known for securing systems. But complex password requirements reduce security and increase costs.<\/p>\n

If a system\u2019s security features are difficult to access and\/or apply, users will make mistakes or forgot protection at all.<\/p>\n

 <\/p>\n

Some examples<\/h1>\n

As mentioned, when a feature annoys users, they will bypass security mechanisms. We saw this behaviour prominently in Microsofts Vistas User Account Control (UAC).<\/p>\n

 <\/p>\n

Windows Vista UAC<\/h2>\n

\"\"<\/p>\n

 <\/p>\n

As result of the huge security issues in Windows XP Microsoft introduced User Account Control (UAC) in its successor Windows Vista. It is a security feature which helps prevent unauthorized changes to the operating system.<\/p>\n

Interrupting the users workflow every few minutes made lots of users disabling this security mechanism at all – the worst thing that could happen.<\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

UAC is a good thing – when done right. By improving UAC in a way that it didn’t annoy the user that much anymore, Microsoft made this major security mechanism more usable and protective in Windows 7. Microsoft provided better explanation of UAC so even unskilled users were more aware of how important this feature is.<\/p>\n

From that point on users were able to control the amount of popups by a slider. Finding a compromise between security and usability by themselves requires more experienced users though. But most important, this change hat certainly made less users disabling the features completely (no statistics given).<\/p>\n

 <\/p>\n

PGP – Pretty Good Privacy<\/h2>\n

\"\"<\/p>\n

 <\/p>\n

PGP, short for\u00a0Pretty Good Privacy, is an email encryption system\u00a0invented\u00a0by Phil Zimmerman in 1991. Using PGP was (and is still regarding the numbers of users using it) so frustrating and unpleasant for people that they simply won\u2019t use PGP.<\/p>\n

A paper called \u201cWhy Johnny Can\u2019t Encrypt: A Usability Evaluation of PGP 5.0.\u201d pointed out the challenges users were faced using PGP. A study showed that the majority of the participants (experienced users of email) was not able to successfully encrypt a message.<\/p>\n

Several test participants emailed secrets without encryption. The participants chose pass phrases that were similar to standard passwords. Only a third could correctly sign and encrypt a message within 90 minutes. So PGP – at least in terms of usability – has failed cause users simple don’t understand it.<\/p>\n

 <\/p>\n

How can we get better?<\/h1>\n

 <\/p>\n

Learning from each other and closing skill gaps<\/h2>\n

Rarely do security experts have design knowledge (and vice versa). Teams need to understand the basics of the counterpart. The best way to ensure that security is considered by designers is for them to understand the basics of security and authentication. Security engineers generally lack experience in usability engineering. One of the main reasons why application security violations continue to rise, is the fact that many deployed security mechanism are not user friendly, limiting their effectiveness.<\/p>\n

Unless engineers start thinking more about how to make security more usable, progress in securing systems will be limited. They should have an idea about how the implementation of security mechanisms impacts the user interface and the user experience. It needs teams which want to learn from each other and that do not consider the usability vs. security as a tradeoff.<\/p>\n

 <\/p>\n

Security by Design – Integrating UX and Security in the Development Process<\/h2>\n

Software designers often think about usability and security as something to add after they’ve already designed the software architecture or in the worst case after they\u2019ve finished the final product. So they’re not features that are integrated into the product from the beginning. Neither security nor usability should be afterthoughts.<\/p>\n

Usability and security evaluations should be performed at all phases of development and included in software from the very beginning of the design process. Iterative design is one way to do this by analysing users, designing, testing, evaluating, re-designing, re-testing and so on. This cycle is common in software design, but it’s usually focused on software functionality. This helps address a potential conflict and ensure that the security features are useable from the very beginning. At every step involved developers need to keep in mind that people will be interacting with the security.<\/p>\n

It requires good planning and even the business model should pay attention to a balance in security and usability.<\/p>\n

And as already mentioned not often enough do user experience teams work closely with their security counterparts. To reach the goal of better cooperating teams it can be helpful creating cross-functional teams as f.e. Spotify does with their squad framework.<\/p>\n

 <\/p>\n

Strengthen security behind the scenes<\/h2>\n

It seems as an obvious point – improving security technically without touching the user interface at all can help improving the product – not to the disadvantage of usability. It means the security mechanisms could be strengthened behind the scenes and invisibly. For example by improving the underlying security algorithms used to scan attachments, downloads, etc. or by strengthening spam filters.<\/p>\n

 <\/p>\n

Following guidelines for secure interaction design<\/h2>\n

Quite a bit research has been done on the field of usable security. in 2002 Kai-Ping Yee defined a set of guidelines helping accomplish secure interaction design. Secure interaction design deals with how to design a system that’s both secure and usable. It is often cited and even Apple refers to them in their user interface guidelines.<\/p>\n

The design principles identified by Yee:<\/strong><\/p>\n

    \n
  • Path of least resistance<\/strong>
    \nThe most natural way to do a task should also be the safest.<\/li>\n
  • Appropriate boundaries\u2028<\/strong>
    \nThe interface should draw distinctions among objects and actions along boundaries that matter to the user.<\/li>\n
  • Explicit authorization<\/strong>
    \nA user\u2019s authority should only be granted to another actor through an explicit user action understood to imply granting.<\/li>\n
  • Visibility\u2028<\/strong>
    \nThe interface should let the user easily review any active authority relationships that could affect security decisions.<\/li>\n
  • Revocability<\/strong>
    \nThe interface should let the user easily revoke authority that the user has granted, whenever revocation is possible.<\/li>\n
  • Expected ability\u2028<\/strong>
    \nThe interface should not give the user the impression of having authority that the user does not actually have.<\/li>\n
  • Trusted path<\/strong>
    \nThe user\u2019s communication channel to any entity that manipulates authority on the user\u2019s behalf must be unspoofable and free of corruption.\u2028An example for a trusted path that Microsoft Windows provides at its login window is the common key combination Ctrl-Alt-Del that users are required to press. This key sequence causes a non-maskable interrupt that can only be intercepted by the operating system to guarantee that the login window cannot be spoofed by any application.<\/em><\/li>\n
  • Identifiability\u2028<\/strong>
    \nThe interface should ensure that identical objects or actions appear identical and that distinct objects or actions appear different.<\/li>\n
  • Expressiveness<\/strong>
    \nThe interface should provide enough expressive power to let users easily express security policies that fit their goals.<\/li>\n
  • Clarity<\/strong>
    \nThe effect of any authority-manipulating user action should be clearly apparent to the user before the action takes effect.<\/li>\n<\/ul>\n

    Following these guidelines don\u2019t guarantee a usable and secure system for sure. They should be seen as general suggestions. And they don\u2019t address every issue, but they can help preventing common pitfalls and remind of good practices. They can also be used for systematic evaluation of existing user interfaces. Simple changes on a interface\u2019s design can result in much better user security sometimes.<\/p>\n

     <\/p>\n

    Testing<\/h2>\n

    A\/B testing is a method of comparing two versions of a feature and then measuring it against each other to determine which one is more successful. The results can be very enlightening as it can be tested automated on a large base of users and giving feedback about how users interact with a system, how they choose security relevant settings, how they behave in terms of security. Do they bypass security mechanisms? Do they get stuck somewhere in applying security?<\/p>\n

    A number of tools are available for A\/B testing. It can help to have valuable insights into your customers\u2019 thoughts. Accurate A\/B tests can make a huge difference. By using these tests and gathering empirical data, you can figure out exactly which interface works better for users to interact with the system in a secure way.<\/p>\n

     <\/p>\n

    Final Thoughts<\/h1>\n

    For sure, and its proofed so often, improving security and user experience simultaneously is not straightforward and can be time\u00a0consuming.<\/p>\n

    Today\u2019s software providers need to invest in both security and usability. There is no ‘one size that fits all\u2019 approach. Each software has different security requirements, target groups, tasks to fulfill, different expectations and mental models of the users to match.<\/p>\n

    Coming back to the introduction I think that security and usability are not fundamentally contrary\u00a0to each other. In fact, it should be clear that the opposite makes more sense: a more secure system is more controllable, more reliable, and more usable; a more usable system reduces confusion and is more likely to be secure. These problems come up when computers fail to behave in a way that the user expects or understands. Designing secure systems that are good with usability can prevent that from happening.<\/p>\n

    This means we must not expect users to be security experts or to understand all the details of how security mechanisms work. They should be able to complete their tasks safely and securely be relying mainly on knowledge and understanding that they already have.<\/p>\n

    So it is time to make systems more secure, still usable and effective when performing the tasks.<\/p>\n

     <\/p>\n

    Sources<\/h1>\n
      \n
    • Simson Garfinkel, Lorrie Cranor: Security and Usability – Designing Secure Systems that People Can Use<\/em>,\u00a0O’Reilly Media<\/li>\n
    • Ka-Ping Yee,\u00a0Aligning Security and Usability,<\/em> http:\/\/zesty.ca\/pubs\/yee-sid-ieeesp2004.pdf<\/li>\n
    • Cristian Florian,\u00a0Security and Usability: Finding the Right Balance<\/em>,\u00a0https:\/\/techtalk.gfi.com\/security-usability-finding-balance\/<\/li>\n
    • Don Norman,\u00a0When Security Gets in the Way<\/em>,\u00a0http:\/\/www.jnd.org\/dn.mss\/when_security_gets_in_the_way.html<\/li>\n
    • Ian Hamilton,\u00a0Usability as a protection feature<\/em>, SC Magazine, February 2015<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

      Introduction Often overlooked, usability turned out to be one of the most important aspects of security. Usable systems enable users to accomplish their goals with increased productivity, less errors and security incidents. And It stills seems to be the exception rather than the rule. When it comes to software, many people believe there is an […]<\/p>\n","protected":false},"author":584,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[26,651],"tags":[58,29,143],"ppma_author":[740],"class_list":["post-3232","post","type-post","status-publish","format-standard","hentry","category-secure-systems","category-system-designs","tag-secure-systems","tag-usability","tag-usable-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":8704,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2019\/09\/03\/security-and-usability-how-to-design-secure-systems-people-can-use\/","url_meta":{"origin":3232,"position":0},"title":"Security and Usability: How to design secure systems people can use.","author":"Svenja Bussinger","date":"3. September 2019","format":false,"excerpt":"Security hit a high level of importance due to rising technological standards. Unfortunately it leads to a conflict with Usability as Security makes operations harder whereas Usability is supposed to make it easier. Many people are convinced that there is a tradeoff between them. This results in either secure systems\u2026","rel":"","context":"In "Secure Systems"","block_context":{"text":"Secure Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/secure-systems\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/09\/ucd.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/09\/ucd.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/09\/ucd.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/09\/ucd.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/09\/ucd.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2019\/09\/ucd.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":3981,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2018\/08\/16\/usability-and-security\/","url_meta":{"origin":3232,"position":1},"title":"Usability and Security","author":"Christof Kost","date":"16. August 2018","format":false,"excerpt":"Usability and Security - Is a tradeoff necessary? Usability is one of the main reasons for a successful software with user interaction. But often it is worsened by high security standards. Furthermore many use cases need authentication, authorisation and system access where high damage is risked when security possibilities get\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2018\/08\/2018-08-16-12_12_42-NotificerffeationsForm.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2018\/08\/2018-08-16-12_12_42-NotificerffeationsForm.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2018\/08\/2018-08-16-12_12_42-NotificerffeationsForm.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2018\/08\/2018-08-16-12_12_42-NotificerffeationsForm.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2018\/08\/2018-08-16-12_12_42-NotificerffeationsForm.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2018\/08\/2018-08-16-12_12_42-NotificerffeationsForm.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":603,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2016\/05\/25\/603\/","url_meta":{"origin":3232,"position":2},"title":"A Rant about Smart Home Security Usability","author":"Tobias Schneider","date":"25. May 2016","format":false,"excerpt":"(written by Lena Kr\u00e4chan & Tobias Schneider) Introduction Living in today\u2019s age of mobility and internet of things, residents of modern houses can easily interact with their smart homes. A smart home system is the thing to have. You can dim the lights, regulate the temperature, automatically open windows and\u2026","rel":"","context":"In "Secure Systems"","block_context":{"text":"Secure Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/secure-systems\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/05\/smart-home-security.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/05\/smart-home-security.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/05\/smart-home-security.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/05\/smart-home-security.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":10555,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2020\/08\/19\/iot-security-the-current-situation-best-practices-and-how-these-should-be-applied\/","url_meta":{"origin":3232,"position":3},"title":"IoT security \u2013 The current situation, \u201cbest practices\u201d and how these should be applied","author":"lh133","date":"19. August 2020","format":false,"excerpt":"Smart thermostats, lamps, sockets, and many other devices are no longer part of any futuristic movies. These items can be found in most households, at least in parts, whether in Europe, America, or Asia. A trend that affects the entire globe and is currently gaining ground, especially in industrialized countries.\u2026","rel":"","context":"In "Internet of Things"","block_context":{"text":"Internet of Things","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/scalable-systems\/internet-of-things\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/08\/PaperClasses.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/08\/PaperClasses.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/08\/PaperClasses.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2020\/08\/PaperClasses.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":1004,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2016\/07\/21\/rust-fast-and-secure\/","url_meta":{"origin":3232,"position":4},"title":"Rust – fast and secure","author":"Jakob Schaal","date":"21. July 2016","format":false,"excerpt":"Rust, a fairly new programming language promises to be fast and secure. The following blog entry discusses how Rust tries to achieve these two goals. The key concept is that every resource always belongs to exactly one variable. More precisely one lifetime, which is normally automatically created on variable creation.\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/07\/Rust_programming_language_black_logo.svg_.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":3221,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2018\/03\/25\/security-in-a-saas-startup-and-todays-security-issues-with-devops\/","url_meta":{"origin":3232,"position":5},"title":"Security in a SaaS startup and today’s security issues with DevOps","author":"cp054","date":"25. March 2018","format":false,"excerpt":"Motivation Facing security in a company nowadays is a big job: it starts with a backup strategy ensuring the business continuation, plans for recovery after major breakdowns, ensuring physical security (entrance control, lock-pads, safes), screening of potential employees, monitoring servers, applications and workstations, training the employees in security issues and\u2026","rel":"","context":"In "DevOps"","block_context":{"text":"DevOps","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/scalable-systems\/devops\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/figure-3-push-to-public.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/figure-3-push-to-public.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/figure-3-push-to-public.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/09\/figure-3-push-to-public.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_sharing_enabled":true,"authors":[{"term_id":740,"user_id":584,"is_guest":0,"slug":"mw195","display_name":"mw195","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/318df28eed8acb477ff24f9fc27b38506379cfaa988ecdc3a451c707fdbe8130?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/3232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/users\/584"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/comments?post=3232"}],"version-history":[{"count":11,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/3232\/revisions"}],"predecessor-version":[{"id":3250,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/3232\/revisions\/3250"}],"wp:attachment":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/media?parent=3232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/categories?post=3232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/tags?post=3232"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/ppma_author?post=3232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}