Re: ISSUE-36: presentation norms -- no oneSizeFitsAll (from public comments) from Mary Ellen Zurko on 2007-04-17 (public-wsc-wg@w3.org from April 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Tue, 17 Apr 2007 13:59:57 -0400
To: Web Security Context WG <public-wsc-wg@w3.org>
Message-ID: <OFE03A9468.BF3CB319-ON852572C0.004CB19E-852572C0.0062E247@LocalDomain>
I think from the number of times we and others have fallen into confusion, 
we need another item for out of scope, that covers security context 
information about the user to the site/server/service. I propose:

5.n Other Security Challenges

As stated in the charter, the mission of the Web Security Context Working 
Group is to specify a baseline set of security context information that 
should be accessible to Web users, and practices for the secure and usable 
presentation of this information, to enable users to come to a better 
understanding of the context that they are operating in when making trust 
decisions on the Web. While the work this group does may have a positive 
and beneficial effect on other security challenges on the web, directly 
addressing such challenges (including user authentication to web sites, 
single sign-on, and security models for active content on the web) are out 
of scope. 

I propose making it the first item in the Out of Scope section. 

I would also like to be sure that this group is appropriately informed 
about any deployed or standards based efforts that condition presentation 
to users (since it might impact how security context should be 
conditioned). I can't tell from the IMG Global Learning Consortium link 
that Al gave if it has any particular traction: 
http://www.imsglobal.org/accessibility/

Is anyone on this WG familiar with that work, or that area in general? 
Robert Y, are you? 


          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




Web Security Context Issue Tracker <dean+cgi@w3.org> 
Sent by: public-wsc-wg-request@w3.org
04/15/2007 10:45 AM
Please respond to
Web Security Context WG <public-wsc-wg@w3.org>


To
public-wsc-wg@w3.org
cc

Subject
ISSUE-36: presentation norms -- no oneSizeFitsAll (from public comments)








ISSUE-36: presentation norms -- no oneSizeFitsAll (from public comments)

http://www.w3.org/2006/WSC/Group/track/issues/36

Raised by: Bill Doyle
On product: All

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html

presentation norms -- no oneSizeFitsAll 
where it says, in 2.3 Consistent presentation of security information
   The Working Group will recommend a set of terms, indicators and
   metaphors for consistent presentation of security information to
   users, across all web user agents. For each of these items, the
   Working Group will describe the intended user interpretation, as
   well as safe actions the user may respond with in common use cases.
please consider
The desired user interpretation of decisions and evidence are fundamental; 

this belongs in the model.  It should not be limited to the 'normal mode' 
dialog that is in the projection of the full model that is discussed 
above. 
The presentation suggestions may be limited to the 'normal mode' 
projection. 
But what the user should understand if they drill down deeper or skim more 

lightly should be covered, not limited to the suggested summary dialog. 
Yes, 
you want to introduce some terms and icons and the like whose consistent 
use 
will enhance recognition of security information when it crosses the 
user's 
bow.  But these are not the only prosodic tools that should be used to 
convey 
this role in the web-dialog scene or world-let.
Why? 
In consideration of the diverse presentation and actuation bindings that 
are 
required so that people with disabilities are afforded access to 
information 
devices and services, realize that it is essential to define the intended 
interpretation, which is of broad applicability, and then under specified 
modality conditions indicate suggested representations.
Please consider
The IMS Global Learning Consortium has established a baseline of metadata 
for 
both content and personal preferences.  Even 'though there is still 
contention 
as to how single-sign-on should work, it is very broadly agreed that we 
need 
this.  Single-sign-on will give us a convenient way to manage the 
affordance 
of portable, personal preferences to qualifying sites.  Where these 
preferences are available, they should in particular be used up front to 
condition the presentation of any sign-on dialog.  Single-sign-on with the 

identity host brokering not only user authentication but presentation 
preferences is too important a user case for people with disabilities for 
this 
use case to be left out of your plans, even if single-sign-on is not yet 
pervasive in Web practice.
Received on Tuesday, 17 April 2007 18:00:11 UTC