- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Fri, 24 Nov 2006 10:22:19 -0500
- To: mikes@opera.com
- Cc: public-wsc-wg@w3.org
- Message-ID: <OF253A7126.61B0BCE3-ON85257230.005538B0-85257230.0055ADE6@LocalDomain>
> So to answer your question, No, we don't have explicit actionable
> advice associated with each of the levels. I don't see how we
> could, practically, associate specific guidance with each of them.
> The expectation is basically that you'll use the numbered security
> level as another data point (along with other security context
> information) in making a decision about the degree of confidence
> you want to have sharing personal information with the site.
Thanks Mike. I don't think that matches any practical or realistic user
model for the majority of users. That's one of the problems with security
indicators; users haven't got a clue what to do with them. Having the
indicators can be better than not having them, but only if there is some
model of how to use them. There are studies that show that user's don't
"think about" trust and security (Martiza and I need to get cracking on
that annotated list; we've got a draft in email that I'll push out to the
wiki). So having a model that assumes they will isn't enough.
What might be enough is to use this information with other browser history
to flag things like
1) discontinuities (particularly downward) for a particular site, or
2) categories and trends and recommendations (can we use the semantic web
to tag site types, then say things like "the financial sites you've
visited in the past all have tip-top security; this one claims to be
financial but has mediocre security; beware").
Mez
Received on Friday, 24 November 2006 15:36:13 UTC