W3C home > Mailing lists > Public > public-usable-authentication@w3.org > October 2009

Re: [wsc-ui] comments ( LC-2257)

From: <mzurko@us.ibm.com>
Date: Fri, 23 Oct 2009 20:33:45 +0000
To: Marcin Hanclik <Marcin.Hanclik@access-company.com>
Cc: public-usable-authentication@w3.org
Message-Id: <E1N1QpV-0003NV-T4@wiggum.w3.org>

 Dear Marcin Hanclik ,

The Web Security Context Working Group has reviewed the comments you sent
[1] on the Last Call Working Draft [2] of the Web Security Context: User
Interface Guidelines published on 26 Feb 2009. Thank you for having taken
the time to review the document and to send us comments!

The Working Group's response to your comment is included below.

Please review it carefully and let us know by email at
public-usable-authentication@w3.org if you agree with it or not before 30
October 2009. In case of disagreement, you are requested to provide a
specific solution for or a path to a consensus with the Working Group. If
such a consensus cannot be achieved, you will be given the opportunity to
raise a formal objection which will then be reviewed by the Director during
the transition of this document to the next stage in the W3C Recommendation
Track.

Thanks,

For the Web Security Context Working Group,
Thomas Roessler
W3C Staff Contact

 1.
http://www.w3.org/mid/FAA1D89C5BAF1142A74AF116630A9F2C2890BCA50A@OBEEX01.obe.access-company.com
 2. http://www.w3.org/TR/2009/WD-wsc-ui-20090226/


=====

Your comment on :
> The term "chrome" seems undefined, in the document it seems to be
> implicitly equivalent to the user interface.
> FYI: The View Modes specification [1] (currently approaching FPWD)
> tries to define what chrome is, mentions scrollbars etc.
> 
> 4.2.1
> The term "widget" is used. In order not to confuse a potential reader
> (aka W3C Widgets), I suggest to change "widget" to "control" or "UI
> component".
> 
> 7.2
> Could the document mention the Widget User Agent as well?
> [2] defines the "mini" mode that is without chrome.
> 
> 6.3
> Widgets related:
> [3] could be used to define some indicator specifying who/how the
> widget was signed.
> 
> 7.4.2
> What if the installation-related security aspects are controlled by the
> underlying security policy?
> [4], specifically its section 3.2.3 is just FYI.
> 
> 7.4.1
> FYI:
> "Web user agents MUST prevent web content from overlaying chrome. User
> interactions that are perceived to deal with browser chrome must not be
> detectable for Web content."
> is important for [5] and [6].
> 
> [1]
> http://dev.w3.org/2006/waf/widgets-vm/vm-mediafeature.src.html#chrome
> [2]
> http://dev.w3.org/2006/waf/widgets-vm/vm-mediafeature.src.html#mini
> [3] http://www.w3.org/TR/widgets-digsig/
> [4]
>
http://bondi.omtp.org/1.01/security/BONDI_Architecture_and_Security_v1_01.pdf
> [5] http://bondi.omtp.org/1.01/apis/ui.html
> [6] http://www.w3.org/2009/dap/
> 
> ________________________________________
> 
> Access Systems Germany GmbH
> Essener Strasse 5  |  D-46047 Oberhausen
> HRB 13548 Amtsgericht Duisburg
> Geschaeftsfuehrer: Michel Piquemal, Tomonori Watanabe, Yusuke Kanda
> 
> www.access-company.com
> 
> CONFIDENTIALITY NOTICE
> This e-mail and any attachments hereto may contain information that is
> privileged or confidential, and is intended for use only by the
> individual or entity to which it is addressed. Any disclosure, copying
> or distribution of the information by anyone else is strictly
> prohibited.
> If you have received this document in error, please notify us promptly
> by responding to this e-mail. Thank you.


Working Group Resolution (LC-2257):
Thank you for your review.

"chrome" is primary and secondary UI; we've attempted to make that
clearer, by stating that explicitly. 

"widget" is a term used in user interface terminology, which is why we are
using it. 

Without a specific proposal, we were unsure what to mention about the
Widget User Agent. 

A widget signing indicator is beyond the scope of this version of the
spec. But thank you for pointing that out. 

Thank you for the fyi on BONDI and the pointer to DAP. 



----
Received on Friday, 23 October 2009 20:33:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 23 October 2009 20:33:50 GMT