On Fri, 01 Feb 2013 12:59:35 +0100, Florian Bösch <pyalot@gmail.com> wrote: > On Fri, Feb 1, 2013 at 12:56 PM, Arthur Barstow <art.barstow@nokia.com> > wrote: >> Web Security Experience, Indicators and Trust: Scope and Use Cases >> <http://www.w3.org/TR/2008/NOTE-wsc-usecases-20080306/> >Yeah, has anybody actually even read that notes TOC, you can scroll > straight to section 2.6: > http://www.w3.org/TR/2008/NOTE-wsc-usecases-20080306/#trust->decision-management Lots of people, lots of times. It is one of the better-known truisms in designing security interfaces, and a really well-known principle for managing security on the Web. It doesn't invalidate what Anne said - but what Anne said doesn't invalidate your suggestion either. As I said, what you propose is what most of the industry seems to already be moving towards. Having it written in a new specification doesn't seem to make much sense - it is already there. And it is one of they key ideas repeated almost every time security or privacy comes up in relation to a specification. cheers Chaals > >> No matter how well security context information is presented, there >> will always be users who, in some situations, will behave >>insecurely >> even in the face of harsh warnings. Thus, the Working Group will also >> recommend ways to reduce the number of >>situations in which users need >> to make trust decisions. -- Charles McCathie Nevile - Consultant (web standards) CTO Office, Yandex chaals@yandex-team.ru Find more at http://yandex.com
Received on Friday, 1 February 2013 12:25:55 UTC