ACTION-532 Write preamble which sets expectations for UI designers, resolves Conformance/Guidelines debate, ends world hunger

I don't feel like I made any progress on world hunger. But here's an 
updated section 1 Overview which include my attempt to resolve the 
conformance/guideline category error. Any additional thoughts/comments? 
_________________________________________


This specification deals with the trust decisions that users must make 
online, and with ways to support them in making safe and informed 
decisions where possible.
In order to achieve that goal, this specification includes recommendations 
on the presentation of identity information by Web user agents. We also 
include recommendations on handling errors in security protocols. The 
error handling recommendations both minimize the trust decisions left to 
users, and represent known best practice in inducing users toward safe 
behavior where they have to make these decisions. To complement the 
interaction and decision related parts of this specification, 7 Robustness 
Best Practices addresses the question of how the communication of context 
information needed to make decisions can be made more robust against 
attacks.
This document specifies user interactions with a goal toward making 
security usable, based on known best practice in this area. This document 
intends to provide user interface guidelines but assumes that the audience 
has a certain level of understanding of core PKI (Public Key 
Infrastructure) technologies. Since this document is part of the W3C 
specification process, it is written in the form of a standard, with the 
requirements and options for conforming to it as a standard clearly laid 
out. User interface guidelines that are not intended for use as standards 
do not have such a structure. Readers more familiar with that latter form 
of user interface guideline are encouraged to read this specification as a 
way to avoid known mistakes in usable security. 
This specification comes with two companion documents: [WSC-USECASES] 
documents the use cases and assumptions that underlie this specification. 
[WSC-THREATS] documents the Working Group's threat analysis.

Received on Friday, 2 January 2009 20:51:44 UTC