- From: Brad Porter <brad@tellme.com>
- Date: Mon, 12 Feb 2007 09:16:35 -0800
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: "W3C Security (Public)" <public-wsc-wg@w3.org>
Everything we're talking about thus far is browser making statements to the user about a site. So I'm not sure confidentiality applies, but perhaps you can expand? --Brad Stephen Farrell wrote: > > Doesn't that ignore confidentiality requirements? (Although I like > the line of thinking.) > > Brad Porter wrote: >> >> In general, with the web, the goal of security is to transparently >> protect the user. Browsers that support sandboxing are trying to >> transparently protect the user from malicious applications. The >> only two cases where the browser needs to make any assertions to the >> user are the following: >> >> 1) Establishing the veracity of the information on a site >> 2) Establishing that you are submitting your information to the party >> you intended >> >> I would argue that people are generally aware of the veracity of any >> information on the web is questionable. So the question becomes, are >> we trying to make any statements about the veracity of information on >> a site? If not, then we can punt on #1 and focus instead on #2. >> >> Number two only occurs when submitting information and is a very >> active instead of passive act. (I'm intentionally ignoring >> click-stream type data leaks as they could be handled by proper >> sandbox restrictions.) This suggests that for 98% of what people do, >> they don't need any security indicators from the browser. They only >> need to verity the security when submitting their data. This >> suggests that presentation of security context information could be >> late-binding instead of omnipresent and integrated into the task-flow >> instead of passive, which might help address a number of the problems >> with the current mechanisms. >> >> --Brad >> >> >
Received on Monday, 12 February 2007 17:16:47 UTC