RE: ISSUE-8: User Education

Done, see:
 
http://www.w3.org/2006/WSC/drafts/note/#learning-by-doing
 
Tyler


________________________________

	From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Mary Ellen Zurko
	Sent: Thursday, February 08, 2007 11:58 AM
	To: Web Security Context WG
	Subject: Re: ISSUE-8: User Education
	
	

	Looking at the Note again, and where a statement on user
education might best fit, I now propose it go into section 8, currently
titled "Problems with the status quo". But if Tyler, or anyone, thinks
it goes better somewhere else, I'm open to that. It could go in 8.3, or
in its own subsection if the section is retitled to be more in line with
"Analysis of the current situation" (which was an alternative we
discussed at the f2f). Assuming the former, my proposal is: 
	
	
	Employing a great deal of deception might also be unnecessary
for a successful attack, since studies have shown many users have a poor
understanding of the chrome. The current chrome indicators provide a
thin summary of raw technical artifacts drawn from the network
protocol's current exchange. The full meaning of these protocol
artifacts is not necessarily understood by users.
	
	
	8.3.4 Explanations versus understanding
	
	Users come to an understanding of security indicators
predominantly through use and direct experience, and somewhat through
general awareness (discussions with others, news and other information
they might receive). Users knowing about the padlock icon at all, for
example, shows that user education does happen over time. Experience and
history with education on using computer software indicates that users
do not learn and act exactly on what is explicitly taught them (for an
example of that in user security, see
http://www.acsa-admin.org/2002/papers/7.pdf). Explicit user education
does not override other problems and consistently alter user behavior. 
	
	
	
	Also ACTION-64
<http://www.w3.org/2006/WSC/Group/track/actions/64>