W3C home > Mailing lists > Public > public-wsc-wg@w3.org > June 2007

Re: Recommendations Draft

From: Timothy Hahn <hahnt@us.ibm.com>
Date: Mon, 11 Jun 2007 07:38:09 -0400
To: Web Security Context WG <public-wsc-wg@w3.org>
Message-ID: <OF46EF2678.8BF02741-ON852572F7.003E690E-852572F7.003FEB56@us.ibm.com>

I can't think of a better categorization, so +1 from me for the categories 

Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530

"Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com> 
Sent by: public-wsc-wg-request@w3.org
06/08/07 04:28 PM

"Shawn Duffy <Shawn.Duffy"
Web Security Context WG <public-wsc-wg@w3.org>
Re: Recommendations Draft

Now that I've made it through the proposals that make up the bulk of the 
draft, I'd like to propose a further categorization of the proposals:

1. Primary Security Context Indicators

Proposals centering on what is displayed as SCI (and not) would go here. 
Site identifying images in chrome, "what is a secure page" (when it gets 
put into template form - Yngve, have you done that yet?), secure internet 
letterhead, TrustMe, UrlRecommendation, IdentitySignal - recommendations, 
good practices, and antipatterns around the SCI that appear without user 
interaction, in the normal task flow, would appear here. 

2. Secondary Security Context Indicators

Proposals centering around other forms of SCI - security protocol error 
presentation, page info summary, EV certs (I think), maybe parts of 
IdentitySignal (is hoverover primary or secondary?), revisiting past 
decisions would go here. 

3. SCI Robustness

Techniques to make the SCI (and chrome) robust against attacks (including 
spoofing). Trusted browser component (including the personalization 
aspect), and all the discussions of robustness we've had from the various 
browsers would go here. 

4. Minimizing Trust Decisions 

Techniques to do away with some of the trust decisions users need to make 
today. PIIEditorBar, SBM, maybe browser lock down (I haven't read it yet) 

Reactions and thoughts, both on beginning to form some large grained 
categories within our proposal, and on these as the current categories?


Shawn Duffy <Shawn.Duffy@corp.aol.com>
Sent by: public-wsc-wg-request@w3.org
05/30/2007 05:30 AM

Web Security Context WG <public-wsc-wg@w3.org>

Recommendations Draft

This is a rough, rough first draft of the Recommendations:


This is based on the recommendations that were drafted using Tyler's
template in the Wiki.  Not every one used the template in an identical
manner so not every section is consistent with the rest.  I'm sure we
will continue to massage the format.

If I am missing anyone's recommendations, let me know...

shawn duffy - shawn.duffy@corp.aol.com
senior technical security engineer | aol it security
703.265.8273 | AIM: ShawnDuffy1

Received on Monday, 11 June 2007 11:38:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:16 UTC