- From: Brad Porter <brad@tellme.com>
- Date: Mon, 20 Nov 2006 12:31:43 -0800
- To: "W3C Security (Public)" <public-wsc-wg@w3.org>
Received on Monday, 20 November 2006 20:31:55 UTC
I was considering the unique security challenges of the Widgets 1.0 Working Draft <http://www.w3.org/TR/2006/WD-widgets-20061109/> (chromeless windows that want all the capabilities of the web plus more.) I began to wonder if we should be looking to enable the IT administrator as much or more than the individual. As an IT administrator, you're forced to deal with users who place different values on personal and information security, who have different mental models for who they trust, and generally have less to lose personally than the corporation as a whole. Consequently, as much as the responsibility for maintaining the information security policy belongs to each individual at a company, in practice, doing that consistently requires some central enforcement. Would we consider it in-scope or out-of-scope to deal with centrally managing access and policy along side with (or in place of) making it easier for the individual user to manage his/her security and privacy? --Brad
Received on Monday, 20 November 2006 20:31:55 UTC