ISSUE-139: Clarify UX of CoSL [wsc-xit] from Web Security Context Working Group Issue Tracker on 2007-12-14 (public-wsc-wg@w3.org from December 2007)

From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Fri, 14 Dec 2007 22:21:18 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20071214222118.56D99C6DB0@barney.w3.org>

ISSUE-139: Clarify UX of CoSL [wsc-xit]

http://www.w3.org/2006/WSC/track/issues/

Raised by: Mary Ellen Zurko
On product: wsc-xit

6.1.2

"During interactions with a Web page for which any of the resources involved was retrieved through a weakly TLS-protected transaction, the identity signal must be indistinguishable from one that would be shown for an unprotected HTTP transaction, unless a change of security level has occured."

This seems to be the first place in the document that implies anything about what "change of security level" (CoSL) should/must be like from a user experience (UX). And the implication is, at the least, that it is _not_ the same as the UX for weakly TLS-protected web pages. We need to be more explicit about the UX for CoSL; at least about this level assumption. A straw-cat crack at it would be adding the following to 5.5:

A web user agent that displays any security context information in primary user interface MUST display a different form of security context information for change of security level and weakly TLS-protected transactions.

Received on Friday, 14 December 2007 22:21:23 UTC