- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Wed, 1 Nov 2006 09:03:14 -0800
- To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>
- Cc: <public-wsc-wg@w3c.org>
- Message-ID: <198A730C2044DE4A96749D13E167AD37E7DF1F@MOU1WNEXMB04.vcorp.ad.vrsn.com>
Picking up on the comments by Mez. Before we do experiments we need a theory. We are not testing the usability of specific browsers, we are testing a theory of usability. If we are to have a theory we need to start from a model. My model of the user is a finite state machine that is attempting to complete a task. My first theory is that the more states and the more environmental variables we require in the state machine the worse the usability will be. My second theory is that the harder it is for the user to determine which state they are in the harder it will be. In particular if there is a mismatch between the semantics that a signal is assumed to have (this page is safe) and those that it actually has (the transport was encrypted). For example we are all familiar with the dialogue box that pops up the first time we navigate from a secure to an insecure page and the box that comes up when a page has mixed secure/insecure content. I believe that both boxes are crutches, security theatre to give the semblance of security while admitting that they are a fraud. If the transition matters it should always be apparent to the user which state they are in. Even if the user leave the dialogue boxes on they cannot be expected to remember what they mean. Instead of telling me that there is a mixture of secure and insecure content just don't tell me that the page is 'secure'. Hypothesis: Any warning dialogue that contains the clickbox 'do not show this warning again' indicates a broken security design as well as a broken usability design. Hypothesis: It is possible to design a user interface that provides the user with the information they need without transitional dialogue boxes. ________________________________ From: Mary Ellen Zurko [mailto:Mary_Ellen_Zurko@notesdev.ibm.com] Sent: Wednesday, November 01, 2006 9:25 AM To: Hallam-Baker, Phillip Cc: public-wsc-wg@w3c.org Subject: control, data, users One of the topics I want to bring up here and at the f2f is how we'll deal with the issue of level setting around and agreeing on user acceptance and behavior. It's my belief that this will be one of the biggest difficulties in coming to concensus; how we'll agree about usability and users. It would be optimal if we could do some actual user studies, although that wouldn't cover "users learn" types of arguments. Something to think about, and I appreciate all thoughts on that topic. As a side note, I would like to encourage folks to discuss any of the items on the agenda of the f2f beforehand on the email list, particularly if they have input and might not make it. Mez Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) Lotus/WPLC Security Strategy and Patent Innovation Architect "Hallam-Baker, Phillip" <pbaker@verisign.com> Sent by: public-wsc-wg-request@w3.org 10/31/2006 12:28 PM To Timothy Hahn/Durham/IBM@IBMUS, <public-wsc-wg@w3c.org> cc Subject RE: Greetings The term 'frustrated by the various "artifacts"' reminded me that there is another important issue here, the insecure clutter that is getting stuffed into browsers without thought for the security issues. For example, favicons have been spreading quickly. But there is no bar to having a favicon that looks like a padlock icon. It is pretty easy to create a favicon that makes a page appear to use SSL. We need to have a clear distinction between control and data. Users should be able to trust the browser to display content in the content window and restrict the chrome area to data that is trustworthy. For years people have been telling me that 'users want' flash animations, etc. that can make whatever use of the user's screen they choose. Now the same people tell me to use Firefox pretty much because of what it does not allow. The control bar on my broswer belongs to me, it should not be possible for a content provider to disable it. We have a 'stop downloading' button. Why can't I click that to stop the execution of Javascript &ct. on a page? Clearly it will take time to get from where we are to where we want to be. But it would be nice if there was at least a clickbox that would enable a single comprehensive set of browser configurations that is secure and repeatable. Ad hoc constraints on javascript are creating as much of a problem as the early spam filters that kicked out 10% false positive. If the set of capabilities was predictable and detectable content providers would be much better off. ________________________________ From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Timothy Hahn Sent: Tuesday, October 31, 2006 10:10 AM To: public-wsc-wg@w3c.org Subject: Greetings Hello! My name is Tim Hahn and I am looking forward to working with this group. I have been somewhat frustrated by the various "artifacts" which different HTTP clients/browsers use to convey whatever security-related information has been sent from HTTP servers to which the browser is connected. The current state-of-the-art seems to be more annoying to users than informative, and even for security professionals can be confusing to interpret. I have worked for IBM for 16 years as a developer, designer, architect, and strategist. I have been working on several of IBM's directory and security-related product offerings for over 10 years, dating back to Distributed Computing Environment, through LDAP directory services, and currently on authentication, access control, and identity management product offerings. I have participated in several standards bodies in the past including DMTF and IETF working groups. I am looking forward to meeting all of you, either in person in NYC or on the list. Regards, Tim Hahn Internet: hahnt@us.ibm.com Internal: Timothy Hahn/Durham/IBM@IBMUS phone: 919.224.1565 tie-line: 8/687.1565 fax: 919.224.2530
Received on Wednesday, 1 November 2006 17:03:43 UTC