W3C home > Mailing lists > Public > public-wsc-wg@w3.org > November 2007

RE: ACTION-318: Draft a new subsection to section 7 discussing the mixing of trusted/untrusted information in the UI

From: Doyle, Bill <wdoyle@mitre.org>
Date: Wed, 14 Nov 2007 10:04:00 -0500
Message-ID: <518C60F36D5DBC489E91563736BA4B5801C31FB9@IMCSRV5.MITRE.ORG>
To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: <public-wsc-wg@w3.org>
Section 8
 
Given the description of section 8 and 8.1 included below
 
http://www.w3.org/TR/wsc-xit/#Robustness
 
8.1 Do not mix content and security indicators
<http://www.w3.org/TR/wsc-xit/#site-identifying> 
 
add
 
8.2 Do not mix secure an insecure content in UI ...
    - blah - blah - Certificates include secure and non-secured
content, non-secured certificate content should not be represented in
secured areas of the UI
 
 
 
 
 
 



________________________________

	From: Mary Ellen Zurko
[mailto:Mary_Ellen_Zurko@notesdev.ibm.com] 
	Sent: Wednesday, November 14, 2007 9:47 AM
	To: Doyle, Bill
	Cc: public-wsc-wg@w3.org
	Subject: RE: ACTION-318: Draft a new subsection to section 7
discussing the mixing of trusted/untrusted information in the UI
	
	

	You're still not looking at the right document Bill. Please
read my EVERY word :-)
	
	http://www.w3.org/TR/wsc-xit/ <http://www.w3.org/TR/wsc-xit/> 
	
	          Mez
	
	Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l
333-6389)
	Lotus/WPLC Security Strategy and Patent Innovation Architect
	
	
	
	
From: 	"Doyle, Bill" <wdoyle@mitre.org> 
To: 	"Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com> 
Cc: 	<public-wsc-wg@w3.org> 
Date: 	11/14/2007 08:22 AM 
Subject: 	RE: ACTION-318: Draft a new subsection to section 7
discussing the mixing  of trusted/untrusted information in the UI

________________________________




	could go under section 9 - problems with status quo
	 
	Secured and non-secured content is mixed 
	 
	 
	
	
________________________________

	From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org
<mailto:public-wsc-wg-request@w3.org> ] On Behalf Of Mary Ellen Zurko
	Sent: Wednesday, November 14, 2007 7:50 AM
	To: Doyle, Bill
	Cc: public-wsc-wg@w3.org
	Subject: RE: ACTION-318: Draft a new subsection to section 7
discussing the mixing of trusted/untrusted information in the UI
	
	
	I believe the referernce is to wsc-xit, not wsc-usecases. 
	
	
http://lists.w3.org/Archives/Member/member-wsc-wg/2007Oct/0011.html
<http://lists.w3.org/Archives/Member/member-wsc-wg/2007Oct/0011.html> 
	
	And I agree; section 7 doesn't look like the right place to me.
If it's about mixing trusted and untrusted info in certs; maybe
sections 4 or 8? Johnathan, Thomas, Tyler - you were all on the
discussion; any better recall? 
	
	         Mez
	
	Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l
333-6389)
	Lotus/WPLC Security Strategy and Patent Innovation Architect
	
	
	
From: 	"Doyle, Bill" <wdoyle@mitre.org> 
To: 	"Doyle, Bill" <wdoyle@mitre.org>, <public-wsc-wg@w3.org> 
Date: 	11/09/2007 03:48 PM 
Subject: 	RE: ACTION-381: Draft a new subsection to section 7
discussing the mixing of trusted/untrusted information in the UI

	
	
________________________________

	
	
	
	Seems like UI issues and mixing of trusted/untrusted
information should go under this heading
	
	2.5 Reliable presentation of security information
<http://www.w3.org/TR/2007/WD-wsc-usecases-20071101/#trusted-path> 
	
	
	
	
________________________________

	From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org
<mailto:public-wsc-wg-request@w3.org> ] On Behalf Of Doyle, Bill
	Sent: Friday, November 09, 2007 3:24 PM
	To: public-wsc-wg@w3.org
	Subject: ACTION-381: Draft a new subsection to section 7
discussing the mixing of trusted/untrusted information in the UI
	
	If I have this action right I am not sure if this belongs in
section 7 - The section is titled Security Information Available to the
User Agent
	
	Furthermore, section 7 has a heading titled "defined by user
agent" and UI is defined by user agent.  Is the WG making a statement
that this particular UI decision should not be left up to browser
developer community?
	
	I am thinking that section 7 is the inputs and UI is an output,
UI is the application or use of security information. Do we need a new
section?
	
	Cheers
	Bill D.
	
	
	
	
	
	
	
	
Received on Wednesday, 14 November 2007 15:04:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:53 GMT