W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

ISSUE-23 OPEN Rephrase background on usable security in Process secion

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Thu, 26 Apr 2007 10:46:09 -0400
To: public-wsc-wg@w3.org
Message-ID: <OFDC483BBE.5E289007-ON852572C9.0050C1B0-852572C9.00511FEA@LocalDomain>
I propose the following change to the intro of section 10: 

Making security usable is still a nascent area for research [Security and 
Usability]. Research incorporating usable security goes back to "The 
Protection of Information in Computer Systems" by Saltzer and Schroeder, 
in 1975. There are no worked examples of formal standards from standards 
making bodies of usable security to emulate. There are a limited number of 
worked examples in deployed products to learn from. There are a larger 
number of attempts with unclear results to learn from. We have yet to get 
widely-applicable satisfactory answers to basic questions on usable 
security. Consequently, this Working Group's recommendations will 
necessarily contain more innovation than might a traditional standards 
effort. This section details the process the Working Group will employ to 
mitigate the significant perils of innovation in a standards effort.


          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect
Received on Thursday, 26 April 2007 14:46:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:47 GMT