ISSUE-50: present web security is not good enough; even \'though fixing that is out of scope for this deliverable (public comment)

ISSUE-50: present web security is not good enough; even 'though fixing that is out of scope for this deliverable (public comment)

http://www.w3.org/2006/WSC/Group/track/issues/50

Raised by: Bill Doyle
On product: Note: use cases etc.

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html
present web security is not good enough; even 'though fixing that is out of 
scope for this deliverable
where it says, in 8 Merits of the status quo and 9 Problems with the status quo
(impression is that the security of the Web is OK, it's just the user is 
gullible and ill informed)
please consider
recognize that there are defects in the platform, say that this deliverable is 
limited to boosting understanding at the user-browser connection.  Collect and 
document (even in a companion note) the things you would rather have done but 
didn't because the platform technology is not as widely deployed as you feel 
you need.
Why? 
Just because this deliverable is going to try to improve things at the 
cognitive connection between the browser and the user, don't pretend that 
that's the only problem left to fix.  For example, present practice is to 
offer the user a printed hardcopy for their records, not a fully machinable 
data record.  This is a violation of what ought to be basic business rights of 
the consumer.  The merchants claim that the user can't be trusted to secure 
these data.  But they don't tell the user that.  They use their wiles to keep 
the user ignorant of what the could have, and should have, had access to.  
That needs to be laid at the door of the Operating System as a defect in user 
support, not blown by with "best current practice is good enough."   While 
this is presented as a matter of general consumer defence, it becomes critical 
for people with certain disabilities where having your personal-business 
office in a personal computer is the only way to be able to independently 
conduct your personal business, not just a convenience.  One shouldn't have to 
pay web merchants through a credit card in order to import the results into 
Quicken, for example.  And you should be able to import the full, itemized 
invoice, not just the bottom line.

Received on Monday, 16 April 2007 10:50:19 UTC