- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 9 Jan 2007 17:22:36 +0100
- To: michael.mccormick@wellsfargo.com
- Cc: public-wsc-wg@w3.org
On 2007-01-08 15:21:58 -0600, michael.mccormick@wellsfargo.com wrote: > I don't have time to write full blown use cases by tomorrow but here are > some short stories: We deferred these one during the call today; I do think this is going to be a central piece of material in the use case section, though. Tracking as ACTION-78; placeholder in the wiki is UserNotions. > A. Can eavesdroppers read my session? > Scenario: > Alice enters her credit card number on Bob's Plumbing web site, then > wonders if computers or people at her ISP (Carol's Cheap Internet Co.) > will be able to read it in transit. > > B. Is the web site really the one I requested? > Scenario: > Alice clicks a link to Bob's Plumbing and the site comes us, but when it > asks for her credit card number she can't help wondering if this web > site really belongs to the same Bob's Plumbing she shopped at in the > past. > > C. Have the web pages I'm seeing been tampered with? > Scenario: > Alice notices the Bob's Plumbing home page looks different than before, > and wonders if someone might have hacked in and made changes. > > D. Is the web site reputable? > Scenario: > When Alice visited Bob's Plumbing online for the first time she wasn't > sure if the web site really belonged to a reputable merchant who could > be trusted with her credit card number. > > > >Michael McCormick, CISSP > >Lead Architect, Information Security > > > >This message may contain confidential and/or privileged information. > If you are not the addressee or authorized to receive this for the > addressee, you must not use, copy, disclose, or take any action based on > this message or any information herein. If you have received this > message in error, please advise the sender immediately by reply e-mail > and delete this message. Thank you for your cooperation. > > -----Original Message----- > From: Thomas Roessler [mailto:tlr@w3.org] > Sent: Monday, January 08, 2007 8:01 AM > To: McCormick, Mike > Cc: public-wsc-wg@w3.org > Subject: use cases? (Re: Browser security warning) > > On 2006-12-27 23:56:39 -0600, michael.mccormick@wellsfargo.com wrote: > > > To make matters worse, those things > > ... meaning security properties that TLS can deliver ... > > > don't align perfectly to the questions an average user wants > > answered: > > A. Can eavesdroppers read my session? > > B. Is the web site really the one I requested? > > C. Have the web pages I'm seeing been tampered with? > > D. Is the web site reputable? > > Etc. > > These strike me as excellent seeds for some short stories that we might > wish to capture in the use case part of the note. Could you think of > writing up short and simple use cases that exhibit and illustrate these > concepts -- preferably for tomorrow? ;-) > > Thanks, > -- > Thomas Roessler, W3C <tlr@w3.org> > > -- Thomas Roessler, W3C <tlr@w3.org>
Received on Tuesday, 9 January 2007 16:21:48 UTC