W3C home > Mailing lists > Public > public-usable-authentication@w3.org > June 2007

Re: Comments Universal Design review of WSC Draft

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Tue, 19 Jun 2007 12:35:07 -0400
To: Chris Drake <christopher@pobox.com>
Cc: public-usable-authentication@w3.org
Message-ID: <OF61578E8A.4D65F7C2-ON852572FF.005AF085-852572FF.005B1251@LocalDomain>
Thanks Chris. Since the scope derives directly from the charter,  your 
comment does not apply to WSC (which is defined by the charter), but to 
your desire for some other group (WG or otherwise) that would take your 
stated, laudible goal on. 


Chris Drake <christopher@pobox.com> 
Sent by: public-usable-authentication-request@w3.org
06/19/2007 10:54 AM


Comments Universal Design review of WSC Draft


I present just one review comment - the exclusive nature of the scope
renders much of the rest of the document largely pointless.

Victims care about not becoming victims.  They're not interested in
only avoiding becoming a victim in a predefined narrow set of
circumstances.  They just want to be safe.

It *should* be the simple goal of any WSC draft to propose genuine
usable solutions that protect potential victims in as many hostile
situations as possible.

Good: Follow these recommendations, and your users will be safe.

 Bad: Follow these recommendations, and attackers will adjust to
      taking advantage of your users using slightly different
      techniques to before.

There are a lot of experts and smart people on this list.  While I
sympathize with the enormity of the task involved in correcting the
goals and scope of this document, I think it's well worth while, since
this is the last time you'll be able to seriously access these
professionals and their experience in order to produce a work that
could do some serious good to the world.

Kind Regards,
Chris Drake
Received on Tuesday, 19 June 2007 16:35:02 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:16 UTC