- From: Daniel Schutzer <dan.schutzer@fstc.org>
- Date: Tue Apr 18 11:54:43 2006
- To: "John Merrells" <merrells@sxip.com>, public-usable-authentication-request@w3.org, "Mike Beltzner" <beltzner@mozilla.com>
- Cc: public-usable-authentication@w3.org
I think it might be wiser to keep the user in the secure mode for the entire session, not just the log-on. When I am Doing something serious such as transfering money, I don't want bells and whistles, I want fast and safe. And moving me out of safe mode after sign on raises two issues: 1. Possibility of a fraudulent attack after sign on 2. Need to communicate when in the session you leave safe mode Sent from my Verizon Wireless BlackBerry -----Original Message----- From: John Merrells <merrells@sxip.com> Date: Mon, 17 Apr 2006 22:44:57 To:Mike Beltzner <beltzner@mozilla.com> Cc:public-usable-authentication@w3.org Subject: Re: Secure Chrome On 17-Apr-06, at 9:09 PM, Mike Beltzner wrote: > At the conference we briefly discussed the potential for websites > to prompt browsers to enter a secure mode for a given page (using > some sort of meta tag, maybe?). The idea being that secure mode > would only needed at the point of web authentication or login, > after which point the app should be free to take advantage of all > sorts of bells and whistles. I think this is an area that the W3C could make a strong contribution. We need standard ways of signaling to the user agent that the site wants to initiate an identity information exchange and standard ways of signaling to the user what's going on. This conversation is also currently being played out on the IIW mailing list. John
Received on Tuesday, 18 April 2006 11:54:43 UTC