- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Wed, 13 Dec 2006 10:39:15 -0500
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: W3 Work Group <public-wsc-wg@w3.org>
- Message-ID: <OF06B319EF.F8190CD5-ON85257243.0057035A-85257243.005727FE@LocalDomain>
True enough. That potential variant seems in scope. What is out of scope is user agent password management features. They are not part of the security context information that helps users make trust decisions. Mez Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) Lotus/WPLC Security Strategy and Patent Innovation Architect Stephen Farrell <stephen.farrell@cs.tcd.ie> 12/13/2006 09:26 AM To Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com> cc W3 Work Group <public-wsc-wg@w3.org> Subject Re: Problems with the current user interface I'm confused by this. I would assume that something like the following could be a potential part of this group's output: "The same password can be used more than once and may be stored by the user agent. In such cases security context presentation features SHOULD allow users the option to impose controls on when and how the password is transmitted and whether or not the user should be warned. Such controls can include..." I'm not saying that that kind of statement is correct or even a good idea, but I'm surprised if you're saying its out of scope. S. Mary Ellen Zurko wrote: > > It's still out of scope. It doesn't have to do with the "secure and > usable presentation" of security context information to the user. > Security context information is what helps the user make trust > definitions (paraphrasing the charter). > > There will certainly be user agent security problems we don't solve. > Some of them will involve the user or user interface. > > Mez > > Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) > Lotus/WPLC Security Strategy and Patent Innovation Architect > > > > *"Close, Tyler J." <tyler.close@hp.com>* > Sent by: public-wsc-wg-request@w3.org > > 12/12/2006 11:48 AM > > > To > "W3 Work Group" <public-wsc-wg@w3.org> > cc > > Subject > RE: Problems with the current user interface > > > > > > > > > > > Mary Ellen Zurko wrote: > > All look good, though I think this one falls out of our scope: > > * Passwords are reused across distinct web sites > > I was thinking we could address this problem through the user interface > to the browser's password manager. For example, if the user interface > made it easier to generate, remember and form fill passwords, perhaps > users would do that, instead of reusing the same password at distinct > web sites. > > Tyler > > >
Received on Wednesday, 13 December 2006 15:52:24 UTC