W3C home > Mailing lists > Public > public-wsc-wg@w3.org > December 2006

RE: Note structure (Was: Design principles to Note)

From: Close, Tyler J. <tyler.close@hp.com>
Date: Thu, 21 Dec 2006 12:20:14 -0600
Message-ID: <08CA2245AFCF444DB3AC415E47CC40AF592896@G3W0072.americas.hpqcorp.net>
To: <public-wsc-wg@w3.org>

Mary Ellen Zurko wrote:
> There's only one thing potentially missing in the rearrangement.
> While much of "Attacks" was redundant with "Use Cases", we don't
> have enough on attacks that overwrite or otherwise disable
> security context information in existing user agents. We you
> going to flesh that out in NoteProblemsWithCurrentUserInterface?
> If not, I'll call for a volunteer on that.

I was planning on a sub-section on spoofing the chrome. This sub-section
would include:
 * Configuring the browser to have no chrome, and then displaying spoof
 * Maximizing the browser window, or even making it larger than the
display, and displaying a floating DIV tag that emulates a full browser
 * Bringing up the attacked site in a normal browser window and
overlaying a frameless pop-up window over the login form.
 * Visually extending the chrome by putting matching spoof chrome in the
page area, but directly under the real chrome.

For each of these, I think the weakness can be made clear with a couple
of sentences, and a screenshot. I typically think of a use-case as being
a multi-step interaction. What is the convention in W3C documents? Are
these points typically made with a use-case, or with a short text

Also, Thomas pointed out that we must not use any trademarks in a W3C
document. What's the policy on including screenshots taken from
trademarked applications?

I wasn't planning on including any text on overwriting the chrome by
exploiting browser bugs. These should be out of scope, though our
malware section isn't clear on that point yet.

Received on Thursday, 21 December 2006 18:20:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:13 UTC