- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Fri, 24 Nov 2006 10:22:19 -0500
- To: mikes@opera.com
- Cc: public-wsc-wg@w3.org
- Message-ID: <OF253A7126.61B0BCE3-ON85257230.005538B0-85257230.0055ADE6@LocalDomain>
> So to answer your question, No, we don't have explicit actionable > advice associated with each of the levels. I don't see how we > could, practically, associate specific guidance with each of them. > The expectation is basically that you'll use the numbered security > level as another data point (along with other security context > information) in making a decision about the degree of confidence > you want to have sharing personal information with the site. Thanks Mike. I don't think that matches any practical or realistic user model for the majority of users. That's one of the problems with security indicators; users haven't got a clue what to do with them. Having the indicators can be better than not having them, but only if there is some model of how to use them. There are studies that show that user's don't "think about" trust and security (Martiza and I need to get cracking on that annotated list; we've got a draft in email that I'll push out to the wiki). So having a model that assumes they will isn't enough. What might be enough is to use this information with other browser history to flag things like 1) discontinuities (particularly downward) for a particular site, or 2) categories and trends and recommendations (can we use the semantic web to tag site types, then say things like "the financial sites you've visited in the past all have tip-top security; this one claims to be financial but has mediocre security; beware"). Mez
Received on Friday, 24 November 2006 15:36:13 UTC