W3C home > Mailing lists > Public > public-wsc-wg@w3.org > January 2007

Re: use cases? (Re: Browser security warning)

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 9 Jan 2007 17:22:36 +0100
To: michael.mccormick@wellsfargo.com
Cc: public-wsc-wg@w3.org
Message-ID: <20070109162236.GM21007@raktajino.does-not-exist.org>


On 2007-01-08 15:21:58 -0600, michael.mccormick@wellsfargo.com wrote:

> I don't have time to write full blown use cases by tomorrow but here are
> some short stories:

We deferred these one during the call today; I do think this is
going to be a central piece of material in the use case section,
though.

Tracking as ACTION-78; placeholder in the wiki is UserNotions.

> A. Can eavesdroppers read my session?
> Scenario:
> Alice enters her credit card number on Bob's Plumbing web site, then
> wonders if computers or people at her ISP (Carol's Cheap Internet Co.)
> will be able to read it in transit.
> 
> B. Is the web site really the one I requested?
> Scenario:
> Alice clicks a link to Bob's Plumbing and the site comes us, but when it
> asks for her credit card number she can't help wondering if this web
> site really belongs to the same Bob's Plumbing she shopped at in the
> past.
> 
> C. Have the web pages I'm seeing been tampered with?
> Scenario:
> Alice notices the Bob's Plumbing home page looks different than before,
> and wonders if someone might have hacked in and made changes.
> 
> D. Is the web site reputable?
> Scenario:
> When Alice visited Bob's Plumbing online for the first time she wasn't
> sure if the web site really belonged to a reputable merchant who could
> be trusted with her credit card number.
> 
> 
> >Michael McCormick, CISSP
> >Lead Architect, Information Security
> >
> >This message may contain confidential and/or privileged information.
> If you are not the addressee or authorized to receive this for the
> addressee, you must not use, copy, disclose, or take any action based on
> this message or any information herein.  If you have received this
> message in error, please advise the sender immediately by reply e-mail
> and delete this message.  Thank you for your cooperation.
> 
> -----Original Message-----
> From: Thomas Roessler [mailto:tlr@w3.org] 
> Sent: Monday, January 08, 2007 8:01 AM
> To: McCormick, Mike
> Cc: public-wsc-wg@w3.org
> Subject: use cases? (Re: Browser security warning)
> 
> On 2006-12-27 23:56:39 -0600, michael.mccormick@wellsfargo.com wrote:
> 
> > To make matters worse, those things
> 
> ... meaning security properties that TLS can deliver ...
> 
> > don't align perfectly to the questions an average user wants
> > answered:
> > A. Can eavesdroppers read my session?
> > B. Is the web site really the one I requested?
> > C. Have the web pages I'm seeing been tampered with?
> > D. Is the web site reputable?
> > Etc.
> 
> These strike me as excellent seeds for some short stories that we might
> wish to capture in the use case part of the note.  Could you think of
> writing up short and simple use cases that exhibit and illustrate these
> concepts -- preferably for tomorrow? ;-)
> 
> Thanks,
> --
> Thomas Roessler, W3C  <tlr@w3.org>
> 
> 

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Tuesday, 9 January 2007 16:21:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:45 GMT