- From: Web Security Context Issue Tracker <dean+cgi@w3.org>
- Date: Mon, 16 Apr 2007 10:50:16 +0000 (UTC)
- To: public-wsc-wg@w3.org
ISSUE-50: present web security is not good enough; even 'though fixing that is out of scope for this deliverable (public comment) http://www.w3.org/2006/WSC/Group/track/issues/50 Raised by: Bill Doyle On product: Note: use cases etc. >From public comments raised by: Al Gilman Alfred.S.Gilman@ieee.org http://lists.w3.org/Archives/Public/public-usable- authentication/2007Apr/0000.html present web security is not good enough; even 'though fixing that is out of scope for this deliverable where it says, in 8 Merits of the status quo and 9 Problems with the status quo (impression is that the security of the Web is OK, it's just the user is gullible and ill informed) please consider recognize that there are defects in the platform, say that this deliverable is limited to boosting understanding at the user-browser connection. Collect and document (even in a companion note) the things you would rather have done but didn't because the platform technology is not as widely deployed as you feel you need. Why? Just because this deliverable is going to try to improve things at the cognitive connection between the browser and the user, don't pretend that that's the only problem left to fix. For example, present practice is to offer the user a printed hardcopy for their records, not a fully machinable data record. This is a violation of what ought to be basic business rights of the consumer. The merchants claim that the user can't be trusted to secure these data. But they don't tell the user that. They use their wiles to keep the user ignorant of what the could have, and should have, had access to. That needs to be laid at the door of the Operating System as a defect in user support, not blown by with "best current practice is good enough." While this is presented as a matter of general consumer defence, it becomes critical for people with certain disabilities where having your personal-business office in a personal computer is the only way to be able to independently conduct your personal business, not just a convenience. One shouldn't have to pay web merchants through a credit card in order to import the results into Quicken, for example. And you should be able to import the full, itemized invoice, not just the bottom line.
Received on Monday, 16 April 2007 10:50:19 UTC