Re: draft FF Implementation report from Mary Ellen Zurko on 2010-02-26 (public-wsc-wg@w3.org from February 2010)

From: Mary Ellen Zurko <mzurko@us.ibm.com>
Date: Fri, 26 Feb 2010 10:06:45 -0500
To: johnath@mozilla.com
Cc: public-wsc-wg@w3.org
Message-ID: <OFC599E369.BE106C50-ON852576D6.00518A41-852576D6.0052DE30@LocalDomain>
I'm doing updates to all three Implementation reports based on the small 
round of changes we're making. FF first...

Conformance claims additions: 

·  What user interface element is the TLS indicator defined in this 
specification. 
The padlock in the lower right corner

·  What user interface element is the identity signal defined in this 
specification. 
The location bar and the area to the left of it. 

·  What broadly accepted practices are considered sufficient for a trust 
anchor to be deemed augmented assurance qualified (see 5.1.2 Augmented 
Assurance Certificates  ), and what data elements are deemed assured by 
those certificates. 
http://www.mozilla.org/projects/security/certs/policy/ . O= and C= are 
deemed assured by those certificates. 

II. To derive a human-readable subject name from an augmented assurance 
certificate, user agents  SHOULD use the Subject field's Organization (O) 
and Country (C) attributes. 
Conforms Advanced 
IIa (or III replacement) They MUST  use information that is subject to the 
certificate authority's additional assurances, as  documented in the user 
agent's conformance statement.
Conforms Basic  
XXVI. This [Definition: identity signal ] MUST be part of primary user 
interface during usage modes which entail the presence of signaling to the 
user beyond only presenting page content (should -> must) 

Conforms Basic 

XXXI User agents with a visual user interface  MUST show the  Identity 
Signal in a consistent visual position. (should -> must) 

Conforms Basic 
XXXVIII ·   To inform the user about the party responsible for that 
information, the Issuer field's Organization attribute MUST be displayed 
in the Identity Signal, or in secondary user interface that is available 
through a consistent interaction with the Identity Signal. (or in 
secondary added) 
Conforms Basic  (no change) 
XLIV Where security context information is provided in both primary and 
secondary interface, the  meaning of the presented information MUST be 
consistent. Best practice will also avoid inconsistent presentation, such 
as using identical or semantically similar icons for different information 
in different places. (presentations moved out of must) 
Conforms Basic (no change) 

(should)
XLIX ·   An explanation of the information represented by the TLS 
indicator  , e.g., concerning the presence mixed content; (was ?level?) 

Conforms Advanced (no change) 

LX The [ Definition : TLS indicator ]  MUST be part of primary user 
interface during usage modes which entail the presence of signaling to the 
user beyond only presenting page content (should -> must) 

Conforms Basic 




From:   Mary Ellen Zurko/Westford/IBM@Lotus
To:     public-wsc-wg@w3.org
Date:   02/19/2010 11:31 AM
Subject:        Re: draft FF Implementation report
Sent by:        public-wsc-wg-request@w3.org



I've updated the version of the FF Implementation report according to this 
and discussion with Kai (does not conform on III and XXIII). See:
http://www.w3.org/2006/WSC/wiki/ImplementationReports

There are now also some cryptic notes there on the discussions Thomas and 
I had on potential changes based on the Implemetation reports. More mail 
to come. 





From:        Mary Ellen Zurko/Westford/IBM@Lotus
To:        "Joe Steele <steele" <steele@adobe.com>
Cc:        "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Date:        02/05/2010 12:22 PM
Subject:        Re: draft FF Implementation report
Sent by:        public-wsc-wg-request@w3.org



Actually 5. Johnathan's getting data on III and XXIII from Kai Engert. 

I think it's a mistake that I numbered XLIII separately. It's just a 
rollup of the items below it. Hence Johnathan's question on that. 

And yes, I think XLIV should be "Conforms Basic". It's confusing if you do 
things consistently; and we don't really help by giving examples of what 
would be inconsistent. 

on LIV, the question is doesn't XLIX cover that. Since at least in this 
case, it indicates whether or not the server produced a cert. I believe it 
does. 





From:        Joe Steele <steele@adobe.com>
To:        Mary Ellen Zurko/Westford/IBM@Lotus
Cc:        "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Date:        01/26/2010 01:10 PM
Subject:        Re: draft FF Implementation report
Sent by:        public-wsc-wg-request@w3.org



I see four items in the Firefox implementation report which have "???" as 
the compliance level (III, XXIII, XLIII and XLIV).

For XLIII and XLIV (6.2 Additional Security Context Information) it seems 
like Firefox 3.6 does conform with "Basic". What am I missing?

Joe

On Jan 22, 2010, at 1:39 PM, Mary Ellen Zurko wrote:

is posted at

http://www.w3.org/2006/WSC/wiki/ImplementationReports
Received on Friday, 26 February 2010 15:05:47 UTC