RE: Note Section - Design Principles from michael.mccormick@wellsfargo.com on 2007-01-10 (public-wsc-wg@w3.org from January 2007)

From: <michael.mccormick@wellsfargo.com>
Date: Wed, 10 Jan 2007 12:28:31 -0600
To: <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: <public-wsc-wg@w3.org>
Message-ID: <8A794A6D6932D146B2949441ECFC9D6802B4D21E@msgswbmnmsp17.wellsfargo.com>

My suggestion would be for W3C to sponsor (or co-sponsor with
appropriate partners from academia & industry) a further test of browser
security context usability, following more or less the methodology
already defined by Carnegie Mellon ... but this time drawing on a
larger, more representative  sample of users.
 
The objectives of the exercise would be:

*	
	Validate or refine our understanding of who the average web user
is and how much she understands security
*	
	Validate or refine our assumptions about how current security
cues are understood and used, and how well that works today
*	
	Test user reaction to proposed WSC solutions using UI prototypes
of new security indicators, messages, etc.

Michael McCormick, CISSP 
Lead Architect, Information Security 

This message may contain confidential and/or privileged information.  If
you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose, or take any action based on
this message or any information herein.  If you have received this
message in error, please advise the sender immediately by reply e-mail
and delete this message.  Thank you for your cooperation.

 

  _____  

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org]
On Behalf Of Mary Ellen Zurko
Sent: Wednesday, January 10, 2007 8:14 AM
To: McCormick, Mike
Cc: public-wsc-wg@w3.org
Subject: RE: Note Section - Design Principles



> I think the original description of average user was pretty accurate
> actually.  We work with a population of close to 10 million 
> consumers across a broad demographic spectrum, and most of them seem
> to have little or no understanding of how the web works much less 
> what the security dangers are, what certificates represent, etc.
>  
> Some survey or focus group based research in this area might prove 
> illuminating.  Without hard data we're all just guessing.

Would you like to propose something this WG could or should do, as an
addition to the Assumptions section of the Note?
        Mez

Received on Wednesday, 10 January 2007 20:04:25 UTC