W3C home > Mailing lists > Public > public-usable-authentication@w3.org > April 2006

Re: Secure Chrome

From: Daniel Schutzer <dan.schutzer@fstc.org>
Date: Tue Apr 18 11:54:43 2006
Message-ID: <535813322-1145361268-cardhu_blackberry.rim.net-2419-@engine26-cell06>
To: "John Merrells" <merrells@sxip.com>, public-usable-authentication-request@w3.org, "Mike Beltzner" <beltzner@mozilla.com>
Cc: public-usable-authentication@w3.org
I think it might be wiser to keep the user in the secure mode for the entire session, not just the log-on.  When I am
Doing something serious such as transfering money, I don't want bells and whistles, I want fast and safe. And moving me out of safe mode after sign on raises two issues:

1. Possibility of a fraudulent attack after sign on

2. Need to communicate when in the session you leave safe mode
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: John Merrells <merrells@sxip.com>
Date: Mon, 17 Apr 2006 22:44:57 
To:Mike Beltzner <beltzner@mozilla.com>
Cc:public-usable-authentication@w3.org
Subject: Re: Secure Chrome



On 17-Apr-06, at 9:09 PM, Mike Beltzner wrote:

> At the conference we briefly discussed the potential for websites  
> to prompt browsers to enter a secure mode for a given page (using  
> some sort of meta tag, maybe?). The idea being that secure mode  
> would only needed at the point of web authentication or login,  
> after which point the app should be free to take advantage of all  
> sorts of bells and whistles.

I think this is an area that the W3C could make a strong contribution.
We need standard ways of signaling to the user agent that the site
wants to initiate an identity information exchange and standard ways
of signaling to the user what's going on. This conversation is also
currently being played out on the IIW mailing list.

John


Received on Tuesday, 18 April 2006 11:54:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC