- From: Close, Tyler J. <tyler.close@hp.com>
- Date: Wed, 14 Feb 2007 01:00:11 -0000
- To: <public-wsc-wg@w3.org>
Mike Beltzner wrote:
> On 13-Feb-07, at 4:23 PM, Close, Tyler J. wrote:
> > As discussed on the telecon today, I've found the name "Web
> Security
> > Context" to be purely an impediment in explaining to people
> what this
> > Working Group is doing. We're going to pick a document
> title and short
> > name soon, so I am starting a thread to pick a better name.
>
> Really? Most people I know have gotten it immediately, and I
> like the idea that what we're doing is talking about more
> than just passwords, phishing and http-auth, but instead
> about how we present the user's entire security picture to
> them in terms of metaphors, warnings, allowed/disallowed actions, etc.
Unfortunately, that's an excellent example of exactly the kind of
confusion I've encountered. We've put great swaths of "the user's entire
security picture" out of scope. At this point, we're only dealing with a
small sliver of the user's entire security picture. I've found our name
confuses that point, leading people to believe that many more topics are
in scope. For example, all of the following are out of scope for this
WG:
- password management / client authentication
- client authorization (eg: cookie management)
- platform integrity
- user separation
- ambient authority (the default authority given to any visited web
site, such as the ability to pop a window)
I could go on further from there.
"Security" is an awfully big word. We've severely, and wisely, limited
how much of it we're going to deal with. Our current document name
doesn't reflect that.
Note that Thomas indicated we can choose whatever document name we want
without affecting our Working Group name, so people worried about
changing the Working Group name need not be.
Tyler
Received on Wednesday, 14 February 2007 01:00:46 UTC