W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2013

Re: Allow ... centralized dialog up front

From: Charles McCathie Nevile <chaals@yandex-team.ru>
Date: Fri, 01 Feb 2013 13:25:23 +0100
To: "Arthur Barstow" <art.barstow@nokia.com>, Florian Bösch <pyalot@gmail.com>
Cc: "Webapps WG" <public-webapps@w3.org>
Message-ID: <op.wrtt4lncy3oazb@chaals.local>
On Fri, 01 Feb 2013 12:59:35 +0100, Florian Bösch <pyalot@gmail.com> wrote:

> On Fri, Feb 1, 2013 at 12:56 PM, Arthur Barstow <art.barstow@nokia.com>  
> wrote:
>> Web Security Experience, Indicators and Trust: Scope and Use Cases
>> <http://www.w3.org/TR/2008/NOTE-wsc-usecases-20080306/>
>Yeah, has anybody actually even read that notes TOC, you can scroll  
> straight to section 2.6:  
> http://www.w3.org/TR/2008/NOTE-wsc-usecases-20080306/#trust->decision-management

Lots of people, lots of times. It is one of the better-known truisms in  
designing security interfaces, and a really well-known principle for  
managing security on the Web.

It doesn't invalidate what Anne said - but what Anne said doesn't  
invalidate your suggestion either. As I said, what you propose is what  
most of the industry seems to already be moving towards.

Having it written in a new specification doesn't seem to make much sense -  
it is already there. And it is one of they key ideas repeated almost every  
time security or privacy comes up in relation to a specification.



>> No matter how well security context information is presented, there  
>> will always be users who, in some situations, will behave >>insecurely  
>> even in the face of harsh warnings. Thus, the Working Group will also  
>> recommend ways to reduce the number of >>situations in which users need  
>> to make trust decisions.

Charles McCathie Nevile - Consultant (web standards) CTO Office, Yandex
chaals@yandex-team.ru Find more at http://yandex.com
Received on Friday, 1 February 2013 12:25:55 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:52 UTC