Re: ISSUE-52: benchmarking success -- it\'s out there (public comment)

The statement about standards is still sadly true, and remains a 
challenge. 

I don't think translation of physical usable security to computers has 
worked well in the past, but does anyone have an example that has? 

And are there other usable security success stories we think we can learn 
from? I'm afraid all of the ones I can think of do not have the low 
friction of the web. 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




Web Security Context Issue Tracker <dean+cgi@w3.org> 
Sent by: public-wsc-wg-request@w3.org
04/17/2007 08:15 AM
Please respond to
Web Security Context WG <public-wsc-wg@w3.org>


To
public-wsc-wg@w3.org
cc

Subject
ISSUE-52: benchmarking success -- it\'s out there (public comment)








ISSUE-52: benchmarking success -- it's out there (public comment)

http://www.w3.org/2006/WSC/Group/track/issues/52

Raised by: Bill Doyle
On product: Note: use cases etc.

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html

benchmarking success -- it's out there
where it says, in 10 Process
There are no worked examples of
   standards of usable security to emulate.
Whoa! think again
Credit care and debit card operations at groceries, along with RFID based 
gasoline purchase tokens are all existence proofs of successful tradeoffs 
between usability and security.

You need to note "what works" that is "what secure+usable systems are 
there as 
close to the targeted domain of Web commerce as we can get?" and not just 
look 
inside a narrow definition of that domain and say "there are none."

Benchmark the closest approaches between the domain of successful 
applications 
and your desired target domain.  Don't fail to do this.