Re: ACTION 219 - Update IdentitySignal to conform to template

What excellent timing. I forgot this one was in the works.

"This recommendation applies to all web user agents capable of supporting 
the relevant site-identity technologies (e.g. EV SSL Certificates). "
Why can't it apply to all web user agents, since the combination of a URL, 
browsing history, and the ability to name a site can also provide an 
identity signal? If it's meant to be third party crypto identity, that 
wasn't clear to me until later down. Perhaps that should be spelled out? 
Or perhaps I'm still unclear on the scope. 

"The expectation is that by establishing a consistent method for checking 
identity information, users who are curious about, or unsure of, the 
identity of sites they interact with will tend to check with this 
indicator as a form of user-driven investigation"
What about user agents that show other indicators that users might mistake 
for identity information (URLs, domain names, favicons)? I'm thinking the 
expected user behavior would be "confirmation bias" related; if either the 
"secure" indicator or some insecure pseudo-indicator told the user they 
were in a good place, they'd buy it. 

Sounds like a case for usability testing. Any of our usability testing 
experts want to comment? Or is there research out there covering this 
question, research experts? 


          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




Johnathan Nightingale <johnath@mozilla.com> 
Sent by: public-wsc-wg-request@w3.org
06/15/2007 12:22 PM

To
W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
cc

Subject
ACTION 219 - Update IdentitySignal to conform to template







I have completed this action.  The template form of the 
recommendation can be found here:

http://www.w3.org/2006/WSC/wiki/IdentitySignal

Cheers,

J

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com