W3C home > Mailing lists > Public > public-usable-authentication@w3.org > April 2009

RE: Your comment on WSC-UI

From: <Anna.Zhuang@nokia.com>
Date: Wed, 15 Apr 2009 10:39:29 +0200
To: <tlr@w3.org>
CC: <public-wsc-wg@w3.org>, <public-usable-authentication@w3.org>
Message-ID: <D1E1C1C072023846AC4A55088BAA4B03309C585748@NOK-EUMSG-04.mgdnok.nokia.com>
Hello Thomas,

the comments you are referring to are indeed general. What comes to terms not having definitions or having insuffficient definitions, I think I have provided many detailed comments where the definition was missing or was not explanatory enough. it would be good if WSC-UI doc adds a glossary and moves all definitions there. The general rule is that on the first occurence of a term it needs to be explained. Once all such terms are gathered in the glossary it would be easy to harmonise the terms and their definitions. So to sum up, the second comment you are referring to summarises more detailed complaints.

On the mobile environment. It is generally OK to specify what has to be done as long as the document does not give a strict mandate on how things have to be done, e.g. how prompts should look. Such prescriptions might be hard to achieve in the mobile environment. I am also wondering whether Mobile Web best Practicies WG has reviewed WSC-UI?

Please let me know if you have any further comments.

Best regards,
Anna Zhuang

From: ext Thomas Roessler [mailto:tlr@w3.org]
Sent: 08 April, 2009 18:25
To: Zhuang Anna (Nokia-D-MSW/Tampere)
Cc: WSC WG public; public-usable-authentication@w3.org
Subject: Your comment on WSC-UI

Hi Anna,

thanks for your comment on the WSC-UI last call working draft.  The Web Security Context Working Group has started to consider your comments.   Some of them seem to be relatively generic, and we're wondering whether you could elaborate a bit further.


*** Term mobile is not mentioned at all - nor the UI and interaction constraints that brings. Generally, the document gives an impression that mibile environment has neither been considered nor being addressed at the time of writing the guidelines. E.g. in cases of error/warning conditions the user has to interact (ok so far, but depends on what you define as error/warning). However, limited real-estate of a mobile device is not considered at all. If the guideline wants to define UI elements (how they should look),  the issue is that UI elements that work for the PC do not necessarily work for the handheld.

The specification was reviewed by participants with mobile expertise from Ericsson (not S-E, though) and Opera; we've tried to express things generically enough so we don't overconstrain mobile implementations.  Are there specific requirements in the document that you think are problematic from a mobile perspective?

*** Many terms in the document don't have any definition at all. Some terms that are unique to this document don't have sufficient explanation of justification for their introduction:

Can you point at specific terms that you had issues with?  We had one comment in the past that dealt with terms of art generally known in the security community, but perhaps not outside that.

(The points that I haven't taken up here seem reasonably reasonably clear, and we'll get back to you later.)

Thomas Roessler, W3C  <tlr@w3.org<mailto:tlr@w3.org>>
Received on Wednesday, 15 April 2009 08:40:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:16 UTC