ACTION-381: Draft a new subsection discussing the mixing of trusted/untrusted information in the UI from Doyle, Bill on 2007-12-27 (public-wsc-wg@w3.org from December 2007)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Thu, 27 Dec 2007 08:31:49 -0500
To: <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B5801D364B2@IMCSRV5.MITRE.ORG>

This is what I came up with - as had been discussed on the tread, text
would go at the end of section 8
 
Robustness calls for consistent presentation of security information
and separation of trusted and untrusted information in the UI. These
two items are combined in a robustness requirement because
inconsistency in the presentation of security information and the
mixing of trusted and untrusted information in the UI can confuse users
and allow malicious content providers to exploit this confusion. When
UI is inconsistent, users cannot determine security settings and
therefore cannot make informed decision in regards to the information
assurances that a particular web site has or does not have.  
 
The Robustness ties guidance provided by Web Security Context
Experience and Trust together. Specific sections of this document
include section that 5 notes types of certificates and attributes that
are considered trusted with that particular type of certificate,
section 6 that discusses the presentation of identity attributes in UI
and requires consistency of presentation and section 7 Safe Form Editor
with guidance on application and indicator usage within the forms.

Received on Thursday, 27 December 2007 13:31:57 UTC