Re: Comment on Note from Mary Ellen Zurko on 2007-04-06 (public-wsc-wg@w3.org from April 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Fri, 6 Apr 2007 09:12:22 -0400
To: bob.pinheiro@fstc.org
Cc: public-wsc-wg@w3.org
Message-ID: <OF33280DDC.095E70AD-ON852572B5.0047C673-852572B5.00488AE2@LocalDomain>

Hi Bob,

Thank you for providing your comments in a timely fashion. 


> Given the past experiences cited in 10.2, it is not inconceivable 
> that when the
> 
> recommendations undergo usability testing, some will fall short of 
whatever
> 
> criteria is set for "acceptable" usability.  This suggests that the 
process of
> 
> developing recommendations may need to be iterative; that is, the 
> recommendations
> 
> may need to be modified on the basis of the usability testing. 

Yes, section 10.3 says that of all tests:
"All test development and testing is iterative." 

It sounds like it's not making the point strongly enough. Taking some of 
your text, I propose changing that to read:

"All test development and testing is iterative. The recommendations may 
need to be modified on the basis of all three types of testing." 


> It is also likely to be true that any of the recommendations for 
presentation
> 
> techniques or security context information made by the Working Group
> will either
> 
> be ignored or misunderstood by some number of Internet users, or 
> will otherwise
> 
> be subject to successful attacks.    I understand that the actual 
usability
> 
> testing that can be performed by the Working Group will depend on 
available
> 
> resources to perform the testing.  However, it may turn out that for
> some of the
> 
> use case scenarios discussed in Section 6.5, the Working Group will have 
no
> 
> recommendations for the presentation of security information that 
isdetermined
> 
> to be adequately "usable." 

It could be that nothing at all we can recommend (including safe browsing) 
be adequately usable for some of the scenarios. I'm on the fence about 
whether to state that in wsc-usecases, or to let it ride (and be 100% 
optimistic). Does anyone have any thoughts on that? My inclination at this 
stage would to be to have a section (or note) with discussion (not 
recommendations) on what might happen outside our charter (or resources) 
to address scenarios we've identified, but cannot make recommendations on. 

        Mez

Received on Friday, 6 April 2007 13:27:43 UTC