W3C home > Mailing lists > Public > public-html@w3.org > August 2007

[HDP] Secure by design

From: Robert Burns <rob@robburns.com>
Date: Wed, 22 Aug 2007 21:27:52 -0500
Message-Id: <D08EC077-8E01-4E33-B99D-D2D59D5A834B@robburns.com>
Cc: joshue.oconnor@cfit.ie, public-html <public-html@w3.org>
To: Lachlan Hunt <lachlan.hunt@lachy.id.au>
Hello Lachlan, Sander, and Josh

On Aug 22, 2007, at 10:59 AM, Lachlan Hunt wrote:

> Joshue O Connor wrote:
>> Lachlan Hunt wrote:
>>> Joshue O Connor claimed:
>>>> For example accessibility and security are two forces (sic) that  
>>>> could be at logger heads. In many ways they are opposing  
>>>> principles. How can we make the web more accessible while still  
>>>> making it more secure? How can they be reconsiled? Which one  
>>>> will get the bums rush when the chips are down?
>>> I'm not sure what he's basing that claim on, I can't imagine how
>>> any security or privacy issue could affect accessibility.
>> Secure PDFs? [1] Off the top of my head, though its not as bad as  
>> it was. However, it is not disingenuous to suggest that there is at
>> least some tension between security needs and accessibility needs.
> PDF Security is actually a form of DRM, which is unrelated to the  
> security that this principle is about.  DRM is bad for everyone.   
> This principle is about ensuring that the spec deals with security  
> holes that could, for example, compromise the security or privacy  
> of a user, particularly when scripting is involved.
>> [1] http://www.afb.org/afbpress/pub.asp?DocID=aw060604

This article is much more about the accessibility problems off PDF in  
general. It is also very steeped in the current state of art in  
screen readers than in the potential accessibility of PDF. If it said  
more about the inherent security versus accessibility issues I missed  
it. I will say that DRM, as hated as it is, is still very much the  
same security we're talking about here. Although security is a part  
of denying access (as the DRM case drives home), we should still seek  
to ensure security even if we know it might be misused (as DRM so  
often is).

On Aug 22, 2007, at 3:29 PM, Sander Tekelenburg wrote:
> t may depend on how one defines "acccessibility"... (In my mind
> "accessibility" is pretty close to "usability", which is commonly  
> recognised
> as something that needs to be balanced against security. Perhaps  
> Joshue was
> thinking in that direction.)
> Trying to think of an obvious example of universality vs security:  
> perhaps
> the issue of (visual-only) "Captchas" would be one?

I think Captchas are an excellent example of where accessibility may  
be neglected in order to provide security. However, it is also a good  
example of security as an after-thought, tacked on to HMTL and HTTP.  
Authors often give up on usability in general to ensure better  
security. The problem illustrated by captchas is tricky. It's used as  
a means to establish trust between two parties: between the website  
and what the website hopes will be a real human being who is there  
for the purposes laid out by the site's administrators. Of course  
real human beings can also spam websites. On the other hand not all  
real human beings can decipher captchas. So it is a very flawed  
mechanism for this establishment of trust. Can HTML do anything to  
improve that or other security accessibility trade-offs? I don't  
know. It may be out of scope. Establishing trust is the trickiest  
part of any security model. It's probably not something we can  
address in HTML, though we could provide some informative prose  
reminding authors of the accessibility problems with tacked-on trust  
mechanisms (e.g., in such cases recommend providing a phone number or  
an email address to send a message to another real human being). This  
to me would be a part of incorporating HTML related security measures  
into a "Secure by design" HTML.

However, security and accessibility do not have to be at odds. I've  
heard it said the three 'As of security are authentication, authority  
and access. So the point there is to grant access to those with the  
authority who are properly authenticated. Another bit problem to  
consider in providing security and improved usability together is  
security for users (not just authors). For example, users may be  
overwhelmed by the volume of requests for information and need a way  
to manage that. They may want to provide some information about  
themselves to some sites and not others. Recommendations such as P3P 
[1] help with this. We may want to consider recommending this and  
similar mechanisms by way of reference in HTML5. P3P helps browse  
users manage trust relations to authenticate authors granting them  
access based on granted authority to resources and information.

Take care,

[1]: <http://www.w3.org/P3P/>
Received on Thursday, 23 August 2007 02:28:39 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:25 UTC