W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

ISSUE-37: qualify your interrupts (from public comments)

From: Web Security Context Issue Tracker <dean+cgi@w3.org>
Date: Sun, 15 Apr 2007 14:48:19 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20070415144819.718FEBDA8@w3c4.w3.org>


ISSUE-37: qualify your interrupts (from public comments)

http://www.w3.org/2006/WSC/Group/track/issues/37

Raised by: Bill Doyle
On product: Note: use cases etc.

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html

qualify your interrupts 
where it says, in 2.4 User awareness of security information
  The Working Group will recommend presentation techniques that
   integrate the consumption of security information by the user into
   the normal browsing workflow. Presenting security information in a
   way that is typically ignored by the user is of little value.
please consider
Yes.  The WAI-ARIA technologies are targeted to bring into the fold of 
accessible web content newer, more integrated high-usability interaction 
gestures (such as transient flyouts for information or action), as opposed to 
older gestures such as loading a whole new page or launching a popup dialog.  
We should work together. And yes, you sometimes have to get the user's 
attention.  But on the other hand there are real "boy crying wolf" problems if 
you contend too hard for the user's attention.  
Why? 
There is a rather unruly free-for-all going on out there vying for the Web 
wanderer's attention.  How do you get the user's appropriate attention?  In 
part by not seeking it unnecessarily.  I know you are addressing this in part 
under 2.2.  But it also goes for how you blend the security message into the 
flow vs. distinguish it so that it is recognized for what it is.  All 
presentation-based distinctions (2.3) are subject to imitative spoofing 
attacks.  The communication of a "continuing all clear" security status should 
be something the user is likely to ignore.  Because it doesn't represent a 
change from what the user has internalized about their dialog context, nor 
anything that the user needs to do something about.  The trick is to have the 
user's field of focus infiltrated with rationally-chosen gestures of 
graded 'initiative-grabbing' quality for the communication of different hazard 
or reassurance levels in the security context.  Contemporary rich-interaction 
Web and installed applications afford a greater variety of such gestures with 
more subtle variation in attention- or initiative-grabbing quality.  Yes, we 
want to get with the program in this regard.
Received on Sunday, 15 April 2007 14:48:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:46 GMT