Re: Allow ... centralized dialog up front

I don't propose writing into a specification how the dialog would look
like. There does need to be a specification however on the API that
developers can use to indicate an applications desire to use any of the
dozen or so restricted APIs.


On Fri, Feb 1, 2013 at 1:25 PM, Charles McCathie Nevile <
chaals@yandex-team.ru> wrote:

> **
> On Fri, 01 Feb 2013 12:59:35 +0100, Florian Bösch <pyalot@gmail.com>
> wrote:
>
> On Fri, Feb 1, 2013 at 12:56 PM, Arthur Barstow <art.barstow@nokia.com>wrote:
>
>> Web Security Experience, Indicators and Trust: Scope and Use Cases
>>  <http://www.w3.org/TR/2008/NOTE-wsc-usecases-20080306/>
>>
>
> Yeah, has anybody actually even read that notes TOC, you can scroll
> straight to section 2.6:
> http://www.w3.org/TR/2008/NOTE-wsc-usecases-20080306/#trust-decision-management
>
>
> Lots of people, lots of times. It is one of the better-known truisms in
> designing security interfaces, and a really well-known principle for
> managing security on the Web.
>
> It doesn't invalidate what Anne said - but what Anne said doesn't
> invalidate your suggestion either. As I said, what you propose is what most
> of the industry seems to already be moving towards.
>
> Having it written in a new specification doesn't seem to make much sense -
> it is already there. And it is one of they key ideas repeated almost every
> time security or privacy comes up in relation to a specification.
>
> cheers
>
> Chaals
>
>
> No matter how well security context information is presented, there will
>> always be users who, in some situations, will behave insecurely even in the
>> face of harsh warnings. Thus, the Working Group will also recommend ways to
>> reduce the number of situations in which users need to make trust decisions.
>
>
>
>
> --
> Charles McCathie Nevile - Consultant (web standards) CTO Office, Yandex
> chaals@yandex-team.ru Find more at http://yandex.com
>