Re: ISSUE-56: habit is little help, here (public comment) from Mary Ellen Zurko on 2007-04-19 (public-wsc-wg@w3.org from April 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Thu, 19 Apr 2007 15:44:15 -0400
To: Web Security Context WG <public-wsc-wg@w3.org>
Message-ID: <OFD736CB9F.87D0B3F6-ON852572C2.006C4BA8-852572C2.006C6C02@LocalDomain>

I think we're OK on this. It's too bad that there's a lot of data in WG 
discussions that doesn't belong at this level, so reviewers will 
inevitably assume there are fewer options than the ones we've discussed. 
Though wsc-usecases does try to get across one aspect of good habit 
formation in the context of anti-phishing (the password management 
example). 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




Web Security Context Issue Tracker <dean+cgi@w3.org> 
Sent by: public-wsc-wg-request@w3.org
04/17/2007 08:20 AM
Please respond to
Web Security Context WG <public-wsc-wg@w3.org>


To
public-wsc-wg@w3.org
cc

Subject
ISSUE-56: habit is little help, here (public comment)








ISSUE-56: habit is little help, here (public comment)

http://www.w3.org/2006/WSC/Group/track/issues/56

Raised by: Bill Doyle
On product: Note: use cases etc.

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html

habit is little help, here 
where it says, in 10.1.4 Habit formation
   Persistent use of any interface will cause the user to develop
   habits. A user interface should leverage habit formation to shape
   the user's workflow
please consider
you are dealing in exceptional situations; can't rely on habit to deal 
effectively with threats, unless you want to make disaster habitual.  Why 
do 
we hold fire drills?  Not because people are going to make a habit of 
using 
the stairs for exit, but precisely because they don't.  They need to have 
things within their recall that are beyond the habitual.  That's the 
performance point where we are working, here.
please consider 
Model and prioritize the full security infoset and actions.
Recommend good practice as to what to engage the user with and when
predicated on articulated assumptions of a default delivery context.
The Screen Reader (for example) and not the Working Group
has enough knowledge of the user experience and habits to make
appropriate presentation-pruning and presentation-effect-binding 
decisions.

Received on Thursday, 19 April 2007 19:44:19 UTC