- From: <mzurko@us.ibm.com>
- Date: Fri, 23 Apr 2010 12:31:56 +0000
- To: timeless <timeless@gmail.com>
- Cc: public-usable-authentication@w3.org
Dear timeless , The Web Security Context Working Group has reviewed the comments you sent [1] on the Last Call Working Draft [2] of the Web Security Context: User Interface Guidelines published on 9 Mar 2010. Thank you for having taken the time to review the document and to send us comments! The Working Group's response to your comment is included below, and has been implemented in the new version of the document available at: http://www.w3.org/2006/WSC/drafts/rec/rewrite.html. Please review it carefully and let us know by email at public-usable-authentication@w3.org if you agree with it or not before 30 April 2010 (Arbor Day). In case of disagreement, you are requested to provide a specific solution for or a path to a consensus with the Working Group. If such a consensus cannot be achieved, you will be given the opportunity to raise a formal objection which will then be reviewed by the Director during the transition of this document to the next stage in the W3C Recommendation Track. Thanks, For the Web Security Context Working Group, Thomas Roessler W3C Staff Contact 1. http://www.w3.org/mid/bb9848a71003271604x6719892aqa1be82f7bb5b73ac@mail.gmail.com 2. http://www.w3.org/TR/2010/WD-wsc-ui-20100309/ ===== Your comment on This [Definition: identity signal ] MUST be part of primary...: > Except, i managed to pick the wrong must because i didn't include > enough context. OOPS! :( > > > User agents MUST make information about the identity of the Web site > that a user interacts with available. > > This [Definition: identity signal ] MUST be part of primary user > interface during usage modes which entail > > the presence of signaling to the user beyond only presenting page > content. Note that there may be usage > > modes during which this requirement does not apply: For example, a > Web agent which is interactively > > switched into a presentation mode that does not display any chrome > need not preserve security indicators > > in primary user interface. On the other hand, a user agent such as a > smart phone, individual entertainment > > screen in an airplane seat back, or TV set which has a usage mode > that makes minimal (but visible) chrome > > elements available does need to preserve security indicators in such > a mode. > > The MUST that I'm asking to have dropped is from this paragraph. Working Group Resolution (LC-2380): Thank you for all your comments, in both the original (public) email comments and here. We have discussed the tradeoffs, and have taken both the Identity Signal and TLS Indicator items back to the text we had in the Candidate Recommendation version. Specifically the Identity Signal now says: This [Definition: identity signal ] SHOULD be part of primary user interface during usage modes which entail the presence of signaling to the user beyond only presenting page content. Otherwise, it MUST be available through secondary user interface ----
Received on Friday, 23 April 2010 12:31:58 UTC