Re: Problems with the current user interface

I've made some notations in the wiki indicating this should be linked with 
the section that outlines current user interfaces, the NoteContent section 
(which I've put a quick description in since it might not be obvious from 
the title). 

All look good, though I think this one falls out of our scope:
    * Passwords are reused across distinct web sites

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




"Close, Tyler J." <tyler.close@hp.com> 
Sent by: public-wsc-wg-request@w3.org
12/08/2006 06:10 PM

To
"W3 Work Group" <public-wsc-wg@w3.org>
cc

Subject
Problems with the current user interface







I think our first public Note should also specifically call out the
problems we see with the current display of security context
information. I think this will help us understand the problem we are
trying to solve and encourage us to pull expertise from the many
phishing studies that have been done.

I have started a list at:

http://www.w3.org/2006/WSC/wiki/NoteProblemsWithCurrentUserInterface

The initial text of the wiki page is:

This section lists problems with the display of security context
information in current web browsers. Entries in this section should be
culled for user interface studies, and so be accompanied by citations.

Problems with current user interface

    * No chrome area versus page area distinction in user's mind
    * Users ignore the chrome area
    * The chrome area is spoofable
    * Passwords are reused across distinct web sites
    * Domain names are incorrectly read, or interpreted, by users
    * Users assume that a http: URL reliably connects to the indicated
domain name
    * Certificates Authorities, or certificates, can be readily
substituted

Tyler