Timothy Hahn <hahnt@us.ibm.com>, 2006-12-22 09:47 -0500: > My opinion here is that much of what Michael points out below re-inforces > my point about having to know who we are interacting with. What is > informative to one "user" will be useless and unintelligible to another. > > I think we need to cater to different user personas (and vary the > information we provide based on "who" we're interacting with. Here, I > defer to colleagues here who are HCI experts (which does not include me). I very much agree with this and think we should be very careful to avoid trying to come up with a "one size fits all" or "lowest common denominator" approach to what security context info we decide to recommend exposing to users. I know that there are a great number of users who, for example, have no idea what a certificate is and don't really care to know and for whom there is little benefit to presentations of security information that make specific reference to a "certificate". But I think there are also a good number of users who /do/ know what a certificate is, and who would not find it to be a step forward if the presentation of security information in their browsers were improved to the point that they were shielded from any reference to "certificates" (e.g., not being told, explicitly, "There is a problem with the SSL certificate at the site you are trying to access. The problem is [whatever the real problem is].") --MikeReceived on Friday, 22 December 2006 15:21:45 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:44 GMT