Re: Assumptions / Design Principles / User test verification from Mary Ellen Zurko on 2007-01-30 (public-wsc-wg@w3.org from January 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Mon, 29 Jan 2007 21:59:55 -0500
To: tyler.close@hp.com
Cc: public-wsc-wg@w3.org
Message-ID: <OF1D048F1D.5091C4F2-ON85257272.007E6D37-85257273.001078F4@LocalDomain>

I can try. 

I expect that the signals that we get from using input from deployment 
experience, research and design expertise, and user testing will be mixed. 
As a group, we'll have to arrive at recommendations and concensus based on 
those mixed signals. For example, I see the tab discussion we've had so 
far as a microcosm of that. Some data indicates tab scoping is obvious to 
users; others that things outside the tab are naturally scoped only to the 
tab. While we will have a number of methods, processes, and results to 
rely on, what we don't have are examples and patterns for combining them 
in the context of a standards working group to produce results in the 
usable security area. 


          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




"Close, Tyler J." <tyler.close@hp.com> 
Sent by: public-wsc-wg-request@w3.org
01/25/2007 04:39 PM

To
<public-wsc-wg@w3.org>
cc

Subject
Assumptions / Design Principles / User test verification







Hi all,

The wiki section at:

http://www.w3.org/2006/WSC/wiki/NoteAssumptions

starts with text:

"""
Making security usable in general is still a nascent area for research
[Security and Usability]. There are a limited number of worked examples
in deployed products to learn from. There are a larger number of
attempts with unclear results to learn from. There are no worked
examples of standards of usable security to emulate. Thus it is
incumbent upon us to make clear how we will support and validate our
recommendations. Traditional standards efforts do so from a combination
of previous deployment experience, applying engineering design
expertise, implementation, and interoperability testing. Our
recommendations will be validated from a similiar combination, in the
areas of both security and usability.
"""

The first half of the above paragraph seems to be saying that we don't
have any of the stuff that the second half of the paragraph says we will
be relying on. Can anyone clarify what the intended meaning is?

Thanks,
Tyler

Received on Tuesday, 30 January 2007 03:00:11 UTC