Re: ACTION-571: Draft text about showing unrelated identity signals from Mary Ellen Zurko on 2009-04-05 (public-wsc-wg@w3.org from April 2009)

From: Mary Ellen Zurko <mzurko@us.ibm.com>
Date: Sun, 5 Apr 2009 10:17:39 -0400
To: "Joe Steele <steele" <steele@adobe.com>
Cc: WSC WG public <public-wsc-wg@w3.org>
Message-ID: <OF08F38FE4.1D276B9A-ON8525758F.004E4F34-8525758F.004E8FC0@LocalDomain>

sigh.

I want us to be consistent on what this document is about. I don't mean to 
cleave to a hobgoblin of my small mind, so everyone should check for 
foolishness. 

Yngve or Jan Vidar, does Opera meet this guideline?

Ian, does Chrome? 

From:
Joe Steele <steele@adobe.com>
To:
Thomas Roessler <tlr@w3.org>
Cc:
WSC WG public <public-wsc-wg@w3.org>
Date:
04/03/2009 05:11 PM
Subject:
Re: ACTION-571: Draft text about showing unrelated identity signals
Sent by:
public-wsc-wg-request@w3.org

Good point. I think we should probably only include ?security sensitive 
information? that the user must interact with, i.e. dialogs. That was the 
case that was brought up. Passive information like security indicators in 
the chrome are ok to exclude. 

Unfortunately you are right -- this is not the way Firefox 3.x or Safari4 
or IE7 behaves at least with regards to tabs and http basic auth. Not sure 
about Opera. So does that mean we should punt on this change? 

I do think this would be good behavior ? that is hiding dialogs associated 
with one tabs when you switch to another. But I could be swayed by the 
argument that this does not represent ?accepted best practice? so is not 
for this document.

Joe

On 4/3/09 1:19 AM, "Thomas Roessler" <tlr@w3.org> wrote:

So, if the scenario is that we have four browser windows on the 
screen, each of them with their own indicators (padlock, colored 
address bar, ...), then only one of them is supposed to show an 
indicator?

I'm pretty sure that that doesn't match what currently happens.  I 
also don't know whether this is a well-considered change from current 
behavior:  I could very well see usefulness in having several sets of 
passive indicators on the screen *if* they are usefully related to the 
pages that people interact with, or with the locus of attention.

--
Thomas Roessler, W3C  <tlr@w3.org>

On 2 Apr 2009, at 19:05, Joe Steele wrote:

> From the last meeting, in reference to comment #2 from one of the 
> reviewers (
http://lists.w3.org/Archives/Public/public-usable-authentication/2009Mar/0001.html

> ) Mez and I came up with the following text for a new section 7.3:
>
> ?Browsers SHOULD NOT display security sensitive information for page 
> content which the user is not interacting with. Security sensitive 
> information includes security indicators, dialogs prompting for user 
> credentials, script errors and dialogs.?
>
> Please suggest improvements to both wording and content.
>
> Joe Steele

Received on Sunday, 5 April 2009 14:18:48 UTC