W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

ISSUE-48: platform and browser security out of scope - NOT (public comment)

From: Web Security Context Issue Tracker <dean+cgi@w3.org>
Date: Mon, 16 Apr 2007 10:47:50 +0000 (UTC)
To: public-wsc-wg@w3.org
Message-Id: <20070416104750.DF1D513AC4@seamus.w3.org>


ISSUE-48: platform and browser security out of scope - NOT (public comment)

http://www.w3.org/2006/WSC/Group/track/issues/48

Raised by: Bill Doyle
On product: Note: use cases etc.

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html

platform and browser security out of scope - NOT 
where it says, in 5.6 and 5.7
(out of scope)
please consider
make a greater emphasis on the semantic model of the information; integrated 
with information from these other sources and presented in platform-
appropriate ways.
Why? 
There is a strong conflict between this scope restriction and the points 
raised in 10.1.2, 10.1.6 etc.  The user does not want to, and we don't want 
them to need to, sub-divide the security information this finely.  The user 
also wants to extend trust to software in descending order of 
trustworthiness.  So the OS and browser, in the present order of things, have 
priority in defining what terse messages merit user attention and how to 
indicate these.  Integration with the web browse realities means integrating 
security information from the web application with security information from 
the OS, [third party security monitor], browser, [browser plugin], and then 
the page.  If you can't make common cause with these other value-added players 
in the security situation, you have blown your opportunity to connect with a 
model the user can generally grok. 
please consider
there is an analogy in terms of web pages respecting the system presentation 
defaults when the user invokes High Contrast Mode.  These are presentation 
preferences that should be global across the desktop, and the presentation and 
qualification of messages claiming to speak about security needs to respect 
this pecking order, too.
Received on Monday, 16 April 2007 10:47:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:46 GMT