- From: Web Security Context Issue Tracker <dean+cgi@w3.org>
- Date: Sun, 15 Apr 2007 14:48:19 +0000 (GMT)
- To: public-wsc-wg@w3.org
ISSUE-37: qualify your interrupts (from public comments) http://www.w3.org/2006/WSC/Group/track/issues/37 Raised by: Bill Doyle On product: Note: use cases etc. >From public comments raised by: Al Gilman Alfred.S.Gilman@ieee.org http://lists.w3.org/Archives/Public/public-usable- authentication/2007Apr/0000.html qualify your interrupts where it says, in 2.4 User awareness of security information The Working Group will recommend presentation techniques that integrate the consumption of security information by the user into the normal browsing workflow. Presenting security information in a way that is typically ignored by the user is of little value. please consider Yes. The WAI-ARIA technologies are targeted to bring into the fold of accessible web content newer, more integrated high-usability interaction gestures (such as transient flyouts for information or action), as opposed to older gestures such as loading a whole new page or launching a popup dialog. We should work together. And yes, you sometimes have to get the user's attention. But on the other hand there are real "boy crying wolf" problems if you contend too hard for the user's attention. Why? There is a rather unruly free-for-all going on out there vying for the Web wanderer's attention. How do you get the user's appropriate attention? In part by not seeking it unnecessarily. I know you are addressing this in part under 2.2. But it also goes for how you blend the security message into the flow vs. distinguish it so that it is recognized for what it is. All presentation-based distinctions (2.3) are subject to imitative spoofing attacks. The communication of a "continuing all clear" security status should be something the user is likely to ignore. Because it doesn't represent a change from what the user has internalized about their dialog context, nor anything that the user needs to do something about. The trick is to have the user's field of focus infiltrated with rationally-chosen gestures of graded 'initiative-grabbing' quality for the communication of different hazard or reassurance levels in the security context. Contemporary rich-interaction Web and installed applications afford a greater variety of such gestures with more subtle variation in attention- or initiative-grabbing quality. Yes, we want to get with the program in this regard.
Received on Sunday, 15 April 2007 14:48:26 UTC