Re: ISSUE-48: platform and browser security out of scope - NOT (public comment) from Mary Ellen Zurko on 2007-04-18 (public-wsc-wg@w3.org from April 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Wed, 18 Apr 2007 16:56:15 -0400
To: Web Security Context WG <public-wsc-wg@w3.org>
Message-ID: <OF0BAED413.086719D3-ON852572C1.007245F9-852572C1.007306C3@LocalDomain>

There is no conflict between 10.1.2, 10.1.6, and these scope items. The 
definition of web user agents, and the charter, support these scope items. 


          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




Web Security Context Issue Tracker <dean+cgi@w3.org> 
Sent by: public-wsc-wg-request@w3.org
04/16/2007 06:47 AM
Please respond to
Web Security Context WG <public-wsc-wg@w3.org>


To
public-wsc-wg@w3.org
cc

Subject
ISSUE-48: platform and browser security out of scope - NOT (public 
comment)








ISSUE-48: platform and browser security out of scope - NOT (public 
comment)

http://www.w3.org/2006/WSC/Group/track/issues/48

Raised by: Bill Doyle
On product: Note: use cases etc.

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html

platform and browser security out of scope - NOT 
where it says, in 5.6 and 5.7
(out of scope)
please consider
make a greater emphasis on the semantic model of the information; 
integrated 
with information from these other sources and presented in platform-
appropriate ways.
Why? 
There is a strong conflict between this scope restriction and the points 
raised in 10.1.2, 10.1.6 etc.  The user does not want to, and we don't 
want 
them to need to, sub-divide the security information this finely.  The 
user 
also wants to extend trust to software in descending order of 
trustworthiness.  So the OS and browser, in the present order of things, 
have 
priority in defining what terse messages merit user attention and how to 
indicate these.  Integration with the web browse realities means 
integrating 
security information from the web application with security information 
from 
the OS, [third party security monitor], browser, [browser plugin], and 
then 
the page.  If you can't make common cause with these other value-added 
players 
in the security situation, you have blown your opportunity to connect with 
a 
model the user can generally grok. 
please consider
there is an analogy in terms of web pages respecting the system 
presentation 
defaults when the user invokes High Contrast Mode.  These are presentation 

preferences that should be global across the desktop, and the presentation 
and 
qualification of messages claiming to speak about security needs to 
respect 
this pecking order, too.

Received on Wednesday, 18 April 2007 20:56:26 UTC