RE: ACTION-585: Check on AA indicator

I realize I'm beating a dead horse here, but:

If WSC requires all content (not just top level document) to be DV secured when a DV signal is displayed, then it follows logically WSC should at least *recommend* all content be AA secured when the AA signal is displayed.

I feel this question is relevant to action #585 because it goes to the heart of the question, "What does the AA indicator mean?"

Thanks, Mike

-----Original Message-----
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Thomas Roessler
Sent: Wednesday, May 27, 2009 4:07 AM
To: WSC WG public
Subject: ACTION-585: Check on AA indicator

This action went back to Anna Zhang's review of wsc-ui: She had  
noticed that section 5.3 [1] refers to an augmented assurance  
indicator that doesn't appear otherwise in the spec.  While the  
indicator actually makes another appearance, that's in the security  
considerations piece [2], and doesn't help to address Anna's point.

To address this point, I think the following things need to happen:

- add a few words to 6.1.2 (identity signal content) that make it  
clear that AA-related signaling is subject to what 5.3 says.  (In  
particular, you *can* show site identity information if an EV site  
mixes in non-EV, but DV, content.)

- it's probably worthwhile to indicate the term "AA indicator" in 6.3,  
TLS indicator, as well.

1. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#securepage
2. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#security-considerations-ev-dv

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>

Received on Wednesday, 27 May 2009 22:07:01 UTC