- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Thu, 26 Apr 2007 10:46:09 -0400
- To: public-wsc-wg@w3.org
- Message-ID: <OFDC483BBE.5E289007-ON852572C9.0050C1B0-852572C9.00511FEA@LocalDomain>
I propose the following change to the intro of section 10:
Making security usable is still a nascent area for research [Security and
Usability]. Research incorporating usable security goes back to "The
Protection of Information in Computer Systems" by Saltzer and Schroeder,
in 1975. There are no worked examples of formal standards from standards
making bodies of usable security to emulate. There are a limited number of
worked examples in deployed products to learn from. There are a larger
number of attempts with unclear results to learn from. We have yet to get
widely-applicable satisfactory answers to basic questions on usable
security. Consequently, this Working Group's recommendations will
necessarily contain more innovation than might a traditional standards
effort. This section details the process the Working Group will employ to
mitigate the significant perils of innovation in a standards effort.
Mez
Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect
Received on Thursday, 26 April 2007 14:46:22 UTC