- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Tue, 17 Apr 2007 13:59:57 -0400
- To: Web Security Context WG <public-wsc-wg@w3.org>
- Message-ID: <OFE03A9468.BF3CB319-ON852572C0.004CB19E-852572C0.0062E247@LocalDomain>
I think from the number of times we and others have fallen into confusion, we need another item for out of scope, that covers security context information about the user to the site/server/service. I propose: 5.n Other Security Challenges As stated in the charter, the mission of the Web Security Context Working Group is to specify a baseline set of security context information that should be accessible to Web users, and practices for the secure and usable presentation of this information, to enable users to come to a better understanding of the context that they are operating in when making trust decisions on the Web. While the work this group does may have a positive and beneficial effect on other security challenges on the web, directly addressing such challenges (including user authentication to web sites, single sign-on, and security models for active content on the web) are out of scope. I propose making it the first item in the Out of Scope section. I would also like to be sure that this group is appropriately informed about any deployed or standards based efforts that condition presentation to users (since it might impact how security context should be conditioned). I can't tell from the IMG Global Learning Consortium link that Al gave if it has any particular traction: http://www.imsglobal.org/accessibility/ Is anyone on this WG familiar with that work, or that area in general? Robert Y, are you? Mez Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) Lotus/WPLC Security Strategy and Patent Innovation Architect Web Security Context Issue Tracker <dean+cgi@w3.org> Sent by: public-wsc-wg-request@w3.org 04/15/2007 10:45 AM Please respond to Web Security Context WG <public-wsc-wg@w3.org> To public-wsc-wg@w3.org cc Subject ISSUE-36: presentation norms -- no oneSizeFitsAll (from public comments) ISSUE-36: presentation norms -- no oneSizeFitsAll (from public comments) http://www.w3.org/2006/WSC/Group/track/issues/36 Raised by: Bill Doyle On product: All >From public comments raised by: Al Gilman Alfred.S.Gilman@ieee.org http://lists.w3.org/Archives/Public/public-usable- authentication/2007Apr/0000.html presentation norms -- no oneSizeFitsAll where it says, in 2.3 Consistent presentation of security information The Working Group will recommend a set of terms, indicators and metaphors for consistent presentation of security information to users, across all web user agents. For each of these items, the Working Group will describe the intended user interpretation, as well as safe actions the user may respond with in common use cases. please consider The desired user interpretation of decisions and evidence are fundamental; this belongs in the model. It should not be limited to the 'normal mode' dialog that is in the projection of the full model that is discussed above. The presentation suggestions may be limited to the 'normal mode' projection. But what the user should understand if they drill down deeper or skim more lightly should be covered, not limited to the suggested summary dialog. Yes, you want to introduce some terms and icons and the like whose consistent use will enhance recognition of security information when it crosses the user's bow. But these are not the only prosodic tools that should be used to convey this role in the web-dialog scene or world-let. Why? In consideration of the diverse presentation and actuation bindings that are required so that people with disabilities are afforded access to information devices and services, realize that it is essential to define the intended interpretation, which is of broad applicability, and then under specified modality conditions indicate suggested representations. Please consider The IMS Global Learning Consortium has established a baseline of metadata for both content and personal preferences. Even 'though there is still contention as to how single-sign-on should work, it is very broadly agreed that we need this. Single-sign-on will give us a convenient way to manage the affordance of portable, personal preferences to qualifying sites. Where these preferences are available, they should in particular be used up front to condition the presentation of any sign-on dialog. Single-sign-on with the identity host brokering not only user authentication but presentation preferences is too important a user case for people with disabilities for this use case to be left out of your plans, even if single-sign-on is not yet pervasive in Web practice.
Received on Tuesday, 17 April 2007 18:00:11 UTC