Re: Comments RE: The Working draft - section 6.5 from Mary Ellen Zurko on 2007-04-06 (public-wsc-wg@w3.org from April 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Fri, 6 Apr 2007 08:55:06 -0400
To: "Robert Yonaitis" <ryonaitis@hisoftware.com>
Cc: public-wsc-wg@w3.org
Message-ID: <OFBA06E7E3.8C6AB845-ON852572B5.0046050C-852572B5.0046F647@LocalDomain>

[btw, if it drives people crazy that I start separate threads, let me 
know. It helps me keep track of things, but it also increases the number 
of mail messages. I'm hoping it aides discussion as well, since different 
subsets of people seem to have the most knowledge and opinions on 
different subsets of wsc-usecases.]

I think the note on scenario 12 tries to explain. It's a single scenario 
in the general area of identity/authentication failure of the web site, in 
this case using SSL. We might recommend terms, indicators, and metaphors 
for SSL, certs, crypto, etc. that can be used consistently and usefully 
across user agents (see goal 2.3). Those might drive recommendations about 
how to talk about errors, and what is useful for users, and what is not. 
We might (also) make recommendations about the user agent doing what you 
advise your grandmother to do - don't go there. 

I think scenario 20 is quite close to your suggested addition. As I re 
read 20 in that light, I disagree that the intended interaction is "none". 
It seems to be the same as the actual interaction, "software 
installation", since Steve is running software that regularly upgrades 
components. 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




"Robert Yonaitis" <ryonaitis@hisoftware.com> 
04/03/2007 08:51 PM

To
"Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, 
<public-wsc-wg@w3.org>, <yonaif4a@erau.edu>
cc

Subject
Comments RE: The Working draft






Hello All:
 
Please accept my following comments to the following document:
http://www.w3.org/TR/wsc-usecases/
 
The following are offered as comments, questions and or suggestions.
 
  
6.5 Scenarios ? Comments
I am unclear as to the purpose of the scenarios based on my reading of 
them. For example in scenario number 12-what is that we are trying to 
illustrate?  What is the goal in this case? Do we intend to recommend what 
to do in this case to the user, and if so will we define skill levels? 
Alternatively, are we going to suggest how a site validation tool would 
react to this case? I am assuming Betty is a novice user, perhaps my 
grandmother. If it was my grandmother I would advise her to not use the 
site. Not because it is unsafe, but because there would be doubt that my 
grandmother could not evaluate the risk. I am of course am just trying to 
understand the intent of the scenarios in this working draft. If the group 
could clarify this a more clear understanding would help me to make better 
comments back to the group.
 
 
Another case I might recommend:
User buys software, registers and activates it via software. This is 
actually done via a connected http server, but is it secure? And how 
should a company let the user know as personally identifiable information 
is being transferred over the Internet, perhaps without the users 
understanding?
 

Cheers,
Robert B. Yonaitis
Founder and CTO
HiSoftware
http://www.hisoftware.com/
603-496-7414



The information in this transmittal (including attachments, if any) is 
privileged and confidential and is intended only for the recipient(s) 
listed above.  Any review, use, disclosure, distribution or copying of 
this transmittal is prohibited except by or on behalf of the intended 
recipient.  If you have received this transmittal in error, please notify 
me immediately by reply email and destroy all copies of the transmittal. 
Thank you.

Received on Friday, 6 April 2007 12:55:12 UTC