- From: Michael(tm) Smith <mikes@opera.com>
- Date: Fri, 24 Nov 2006 14:16:32 +0900
- To: public-wsc-wg@w3.org
Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, 2006-11-20 11:50 -0500: > One thing that jumps out at me is that it's not clear what the user should > and shouldn't do in situations where those various levels occur. Do you > have any actionable advice to the user associated with these levels? If you click on the padlock, a "Security information" dialog box appears. That dialog box contains some natural-language description of why the security level is set to the number it's set to. It also contains details about the type and strength of the encryption protocol. (Info about the type and strength of the encryption protocol also appears as popup "tooltip" text if you mouse over the padlock.) Basically what we're trying to do with that numbered level indicator is to give some finer-grained indication of the security of a particular site relative to other sites: To convey that a site showing security level of 1 or 2 is not quite what it could be in terms of security (if it was, it would get a 3). That doesn't make it absolutely insecure -- it just means it could be more secure if the content provider chose to make it so. So to answer your question, No, we don't have explicit actionable advice associated with each of the levels. I don't see how we could, practically, associate specific guidance with each of them. The expectation is basically that you'll use the numbered security level as another data point (along with other security context information) in making a decision about the degree of confidence you want to have sharing personal information with the site. --Mike
Received on Friday, 24 November 2006 05:16:51 UTC