- From: Michael(tm) Smith <mikes@opera.com>
- Date: Mon, 11 Dec 2006 16:25:28 +0900
- To: public-wsc-wg@w3.org
"Hallam-Baker, Phillip" <pbaker@verisign.com>, 2006-12-07 11:57 -0800: > I spent some time trying to decant these from the minutes of the > meeting, they appear to me to state what we want to do at the > high level. How far do we want to drill down and give specifics? > > Goals > > * Catalog the existing context information provided to the users of the Web. Yes. That seems like a reasonably well-bounded task. I don't think we need to decide how far down to drill on that one. It'll just be a matter of documenting current application behavior. > * Consider the interpretations that users reasonably infer from existing information. That one, on the other hand, doesn't seem well-bounded at all to me. What conclusions we find about interpretations that users are currently making will depend on who we ask. I'm not sure how reasonable it would be to expect to get any kind of agreement on this. > * Set out a series of use cases and abuse cases specifying > commonplace security sensitive Web transactions and likely forms > of criminal attack respectively. Yes. Not how much drilling down will be needed on that one. Maybe it's more a matter of just deciding how many use cases to include. > * Analyze context information the user requires to safely > complete the proposed use cases and prevent abuse cases. Yes. Boundaries of that will just depend on the specific use cases. > * Perform a gap analysis to identity areas where the context > information provided to the user is either insufficient or > misleading Yes. But while it might be relatively easy to describe a case where a user agent provides users with information that's misleading, describing cases where a UA provides users with "insufficient" information is a whole other matter. > * Propose changes to the presentation of existing context > information and additional context information that might be > provided to close the identified security gaps. Yes. But I doubt we'll need to drill down on that one until we've got work on the other tasks farther along. --Mike
Received on Monday, 11 December 2006 07:25:49 UTC