- From: Web Security Context Issue Tracker <dean+cgi@w3.org>
- Date: Mon, 16 Apr 2007 10:46:50 +0000 (UTC)
- To: public-wsc-wg@w3.org
ISSUE-47: define extension interface for content-scanning tools (public comment) http://www.w3.org/2006/WSC/Group/track/issues/47 Raised by: Bill Doyle On product: Note: use cases etc. >From public comments raised by: Al Gilman Alfred.S.Gilman@ieee.org http://lists.w3.org/Archives/Public/public-usable- authentication/2007Apr/0000.html define extension interface for content-scanning tools where it says, in 5.5 Content based detection The Working Group will not recommend any checks on the content served by web sites. please consider I don't think that you mean people shouldn't check signatures on signed content. What I think that you mean is that the filter queries or trip thresholds for statistical techniques such as you discuss will not be published by the group. You should consider providing a programmatic interface (perhaps a hypothesis lattice compatible with what a voice recognizer looks like in EMMA) for such tools to contribute to rational decision making about when to raise a warning, and in addition an interface where they can contribute message-content to the security infoset. Why? The free-content areas drive trust. Confidence schemes work in this domain. So there is an enduring value-added niche for such techniques. The group should seek to define interfaces whereby third-party software can contribute its findings to the rollup summarized by your recommended presentation. Otherwise we will continue with the plethora of security helpers waving plackards in our faces.
Received on Monday, 16 April 2007 10:46:57 UTC