Privacy & Security SC collaboration

Hi Lisa and All,

In my work on privacy and security success criteria, I found a new, directly-relevant W3C publication. In my opinion, "Web Authentication: A Web API for accessing scoped credentials<https://www.w3.org/TR/webauthn/>", addresses well the privacy and security issues we have identified.

Thus, I suggest that, rather than develop our own privacy and security success criteria, we work with the Web Authentication Working Group<https://www.w3.org/Webauthn/> as it develops its own. One idea is we could help it consider how to help web authentication interactions be as simple as possible.

Example:
In the working group's use cases for embedded authenticators (1.1. Registration<https://www.w3.org/TR/webauthn/#registration-embedded>), step 2 is:

*      "The phone prompts, "Do you want to register this device with example.com?".
We could suggest to the working group that it always considers using simple language. Perhaps:

*      the user's device could be detected so "device" becomes "phone" or "tablet";

*      "sign up" could replace "register";

*      The "example.com"/name of business could be replaced by the name of the service the user is trying to sign up for.

Thoughts?

John

John Rochford<http://profiles.umassmed.edu/profiles/display/132901>
UMass Medical School/E.K. Shriver Center
Director, INDEX Program
Instructor, Family Medicine & Community Health
www.DisabilityInfo.org
Twitter: @ClearHelper<https://twitter.com/clearhelper>

Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender immediately and destroy or permanently delete all copies of the original message.