- From: Web Security Context Issue Tracker <dean+cgi@w3.org>
- Date: Mon, 16 Apr 2007 10:47:50 +0000 (UTC)
- To: public-wsc-wg@w3.org
ISSUE-48: platform and browser security out of scope - NOT (public comment) http://www.w3.org/2006/WSC/Group/track/issues/48 Raised by: Bill Doyle On product: Note: use cases etc. >From public comments raised by: Al Gilman Alfred.S.Gilman@ieee.org http://lists.w3.org/Archives/Public/public-usable- authentication/2007Apr/0000.html platform and browser security out of scope - NOT where it says, in 5.6 and 5.7 (out of scope) please consider make a greater emphasis on the semantic model of the information; integrated with information from these other sources and presented in platform- appropriate ways. Why? There is a strong conflict between this scope restriction and the points raised in 10.1.2, 10.1.6 etc. The user does not want to, and we don't want them to need to, sub-divide the security information this finely. The user also wants to extend trust to software in descending order of trustworthiness. So the OS and browser, in the present order of things, have priority in defining what terse messages merit user attention and how to indicate these. Integration with the web browse realities means integrating security information from the web application with security information from the OS, [third party security monitor], browser, [browser plugin], and then the page. If you can't make common cause with these other value-added players in the security situation, you have blown your opportunity to connect with a model the user can generally grok. please consider there is an analogy in terms of web pages respecting the system presentation defaults when the user invokes High Contrast Mode. These are presentation preferences that should be global across the desktop, and the presentation and qualification of messages claiming to speak about security needs to respect this pecking order, too.
Received on Monday, 16 April 2007 10:47:57 UTC