RE: Page Security Score proposal from Doyle, Bill on 2007-06-17 (public-wsc-wg@w3.org from June 2007)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Sun, 17 Jun 2007 17:47:03 -0400
To: "Timothy Hahn" <hahnt@us.ibm.com>, <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B5801814E24@IMCSRV5.MITRE.ORG>
 
So, hate to go back to the car thing but a gauge with warning lights
standard colors - Red Yellow Green?? Yes some people still drive when
the Red Oil light comes on, but..
 
Gauge tells a user that it may be less than 100%, lets say 50%, but
what is wrong? Will additional information help a user maintain a
secure posture?
 
Risk - can a user agent determine risk? The amount of risk could change
rating.
 
Bill D.
 



  _____  

From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Timothy Hahn
Sent: Saturday, June 16, 2007 12:16 AM
To: public-wsc-wg@w3.org
Subject: Re: Page Security Score proposal



Hi all, 

I'll offer a couple counter-points on list: 

 - North Carolina may be backwards, but every restaurant here must
proudly display their "cleanliness score" - it's presented as both a
letter grade (A is good ... C is ... um ... bad) and a number ... 92.5
is generally ok, 100.0 and boy you could eat off their floors.  Patrons
don't have to think too hard - the report card from the last inspection
of the restaurant is presented in a way that people have been familiar
with since grade school.  Do I know how the calculation was computed?
no.  Do I know what went into it? no.  But I do look at it and use it
as a "cue". 

 - it is my sense that people can understand analog-style guages
(speedometers, tachometers, temperature scales and so on).  And they
can get a feel for the difference between "low", "low-medium",
"medium", and so forth.  So some indicator with many gradations seems
like it should be interpretable without alot of book learning to go
along with it (whether that be a number scale, a color rainbow scale,
or a speedometer-style needle meter). 

- on Dan Schutzer's observation about people not being able to process
more than between 3 and 7 items.  I feel that a single "meter" with
many gradations is still one meter (counts as 1 in the things to be
understood/interpreted).  If we tried to put up 6 meters and asked our
users to use those together to try and get a feeling for the site, then
yes, this would fall into the situation of too much information to
process (unless you're an airline pilot or astronaut). 

- on the topic of whether we could ever get the computation "correct" -
I'm not sure it really matters if we get it correct or not.  I could
envision that some people (not the general populus) would get a kick
out of coming up with their own calculations and offering them to their
friends and neighbors.  And if this were wildly successful, someone
else would gather up all the various calculators and offer a
"super-calculator" that would summarize those.  This could even
leverage collaboration-style social networking capabilities ("I trust
my 3 favorite friends and I value their calculations.  My 'guage' is
based on their guage values.").  In the end, the anomolies in different
calculations would smooth out.  (Hey, it almost works for the Bowl
Championship Series - as one off-the-wall example). 

So I still like the idea. 

Regards, 
Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530
Received on Sunday, 17 June 2007 21:47:08 UTC