RE: Comments Universal Design review of WSC Draft from Close, Tyler J. on 2007-06-19 (public-usable-authentication@w3.org from June 2007)

From: Close, Tyler J. <tyler.close@hp.com>
Date: Tue, 19 Jun 2007 21:15:27 -0000
To: <public-usable-authentication@w3.org>
Message-ID: <08CA2245AFCF444DB3AC415E47CC40AFC43FE9@G3W0072.americas.hpqcorp.net>

Hi Chris,

My own understanding of this problem space leads me to believe that
there does not exist a potential solution which will simultaneously
address all of the threats facing web users. Given that hypothesis, the
only practical way forward is to break the problem space down into
smaller areas and attempt solutions for each of these. The WSC WG is
focused on one of those smaller areas, mostly centered around web site
impersonation. I'm also involved in work which addresses some of the
other smaller areas and believe this WG's work will integrate well with
solutions in the other areas of this problem space. I remain hopeful
that this WG's work is a step in the right direction. I would be highly
skeptical of any attempt to address the whole problem space in one go.

Tyler

> -----Original Message-----
> From: public-usable-authentication-request@w3.org 
> [mailto:public-usable-authentication-request@w3.org] On 
> Behalf Of Chris Drake
> Sent: Tuesday, June 19, 2007 7:54 AM
> To: public-usable-authentication@w3.org
> Subject: Comments Universal Design review of WSC Draft
> 
> 
> Hi,
> 
> I present just one review comment - the exclusive nature of 
> the scope renders much of the rest of the document largely pointless.
> 
> Victims care about not becoming victims.  They're not 
> interested in only avoiding becoming a victim in a predefined 
> narrow set of circumstances.  They just want to be safe.
> 
> It *should* be the simple goal of any WSC draft to propose 
> genuine usable solutions that protect potential victims in as 
> many hostile situations as possible.
> 
> Good: Follow these recommendations, and your users will be safe.
> 
>  Bad: Follow these recommendations, and attackers will adjust to
>       taking advantage of your users using slightly different
>       techniques to before.
> 
> There are a lot of experts and smart people on this list.  
> While I sympathize with the enormity of the task involved in 
> correcting the goals and scope of this document, I think it's 
> well worth while, since this is the last time you'll be able 
> to seriously access these professionals and their experience 
> in order to produce a work that could do some serious good to 
> the world.
> 
> Kind Regards,
> Chris Drake
> 
> 
>

Received on Tuesday, 19 June 2007 21:15:44 UTC