ACTION-554: updated intro text from Thomas Roessler on 2009-01-11 (public-wsc-wg@w3.org from January 2009)

From: Thomas Roessler <tlr@w3.org>
Date: Sun, 11 Jan 2009 14:31:24 +0100
To: WSC WG <public-wsc-wg@w3.org>
Message-Id: <E2E104B2-EE52-4064-B4F9-8C7DBCB9F7B0@w3.org>

Mez,

your original text is here:
   http://lists.w3.org/Archives/Public/public-wsc-wg/2009Jan/0017.html

I've made some small changes in the version that's gone into the  
editor's draft; it now reads as follows:

>      <p>This specification deals with the trust decisions that users  
> must make online, and with ways to support them in making safe and  
> informed decisions where possible.</p>


>       <p>In order to achieve that goal, this specification includes  
> recommendations on the presentation of identity information by Web  
> user agents. We also include recommendations on conveying error  
> situations in security protocols. The error handling recommendations  
> both minimize the trust decisions left to users,

That sentence was mostly referring to the KCM piece of the document.   
I haven't gone through the current text with a fine comb -- but can  
anybody suggest a place where we actually reduce the amount of  
decision-making expected from the user?  I fear all of these have gone  
away.

If my suspicion is right, I'd like us to change the intro text  
accordingly.

> and represent known best practice in inducing users toward safe  
> behavior where they have to make these decisions. To complement the  
> interaction and decision related parts of this specification,  
> <specref ref="Robustness"/>, addresses the question of how the  
> communication of context information needed to make decisions can be  
> made more robust against attacks.</p>


>       <p>This document specifies user interactions with a goal  
> toward making security usable, based on known best practice in this  
> area. This document is intended to provide user interface guidelines  
> but assumes that the audience has a certain level of understanding  
> of core PKI (Public Key Infrastructure) technologies as used on the  
> Web. Since this document is part of the W3C specification process,  
> it is written to clearly lay out the requirements and options for  
> conforming to it as a standard.  User interface guidelines that are  
> not intended for use as standards do not have such a structure.  
> Readers more familiar with that latter form of user interface  
> guideline are encouraged to read this specification as a way to  
> avoid known mistakes in usable security.</p>


>       <p>This specification comes with two companion documents:  
> <bibref ref="ref-wsc-usecases"/> documents the use cases and  
> assumptions that underlie this specification.  <bibref ref="ref-wsc- 
> threats"/> documents the Working Group's threat analysis.</p>


--
Thomas Roessler, W3C  <tlr@w3.org>

Received on Sunday, 11 January 2009 13:31:33 UTC