reviewing the Note from Mary Ellen Zurko on 2007-02-20 (public-wsc-wg@w3.org from February 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Tue, 20 Feb 2007 18:22:09 -0500
To: public-wsc-wg@w3.org
Message-ID: <OFF5CE0187.8973CACF-ON85257288.0080576D-85257288.00805EDF@LocalDomain>

Comments on the Feb 16th draft (from the start through Section 6). 


The email list to send comments to needs to change to a list that's truly 
public. Thomas will specify. 

Does the Patent stuff stay? The link to the public list of any patent 
disclosures made in connection with this group is broken. 

First paragraph of overview. I'd like to see an extra sentence being more 
explicit about addressing both the usability and assurance of those 
mechanisms. I'd also like to see a ref/link to the charter in the overview 
as well, since certain restrictions come straight from it. I propose 
adding:
"Those recommendations will address both the usability  of those 
mechanisms and their robustness against spoofing attempts by web sites, as 
specified in the Web Security Context Working Group charter" 

I'd like us to add some text to the Goals section before beginning to list 
them. I propose:
"This section outlines the goals that the working group will focus its 
efforts on."

Section 2.4 - I propose removing the last line ("Presenting security 
information..."). I don't think the goal needs it, and it detracts from 
the goal. 

Section 4, "In Scope", I'd like to see a bit of introductory text. I 
propose:
"This section outlines in broad form what aspects of web security 
experience, indicators and trust are within the scope of this working 
group." 

Section 4.2 - there is some redundancy there. I propose striking the third 
sentence as wholey redundant ("This range includes..."). 

And Chuck, here is a good place for you to make specific recommendations 
if you believe we are not adequately addressing the range of user agents 
in scope. They can at least be called out here. 

Section 6 - I'd like to have a bit more motivation and expectation framing 
for the use cases. I propose adding this text before the line that's 
there:
"Use cases will ground and guide our recommendations." 

It seems an odd gap that 6.2 does not explicitly call out following a link 
provided by a person through some collaboration application, such as 
email, blogs, or other social networking. That case does not seem to be 
precisely covered by any of what is currently there. Assuming I am right, 
I propose the following rewording for the second sentence:
"He might have followed a web link from a known site's web pages, from web 
application data provided by other users, or from a search engine."

Section 6.3 - the implication that the user is fully aware of the 
implications of downloading software seems wrong to me. I propose striking 
the full final clause, starting with ", fully aware that...". 

We need an acknowlegements section. Here's the first draft of it. Please 
let me know who I've missed: 

Acknowledgments
This note is based on based on input from Tyler Close, Thomas Roessler, 
Mary Ellen Zurko, and the members of the Web Security Context Working 
Group.

Received on Tuesday, 20 February 2007 23:22:16 UTC