Re: Action 213: write a lightning proposal on wiki from Mary Ellen Zurko on 2007-06-08 (public-wsc-wg@w3.org from June 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Fri, 8 Jun 2007 12:24:48 -0400
To: rachna.public@gmail.com
Cc: public-wsc-wg@w3.org
Message-ID: <OF8724A584.C990DF2A-ON852572F4.005939CB-852572F4.005A2CF3@LocalDomain>

"The user shares a secret with the Trusted Browser Component. The shared 
secret may be an image selected by the user, or can be another type of 
secret (e.g., text or audio) to meet accessibility requirements. The 
shared secret creates a "trusted path" between the user and the Trusted 
Browser Component. Examples of user customized website and browser 
interfaces include [4], [5] and [6]. "

This part definately seems in scope, and as I mentioned in PIIEditorBar, 
Perhaps you can put it into conformance language. 

"The first time the user visits a trusted website or wishes to create an 
account at such a website, he must create an association between the 
browser and "trusted website"(e.g., the browser may automatically 
recognize that this is a website that supports this login mechanism, the 
user may be required to perform an action to make an association, the user 
may be required to supply an out of band activation code). This step 
represents a one-time trust decision by the user (usability testing is 
required to determine if users can accomplish this task). This trust 
decision can be supported with information supplied by the browser (EV 
status, user's history with the website, others' history with the 
website). "

Asking users for one time trust decisions is definately in scope (that's 
what SSL does today with self signed certs). I'd very much like to see 
recommendations abstract enough to support a variety of implementations of 
those trust decisions, and some usability testing on the topic, in our WG. 
So I'd like to see you carry this part forward as well. 

The Login part also seems phrased to keep it all in scope, and I can see 
working with basic password management tools in that context as 
alternative examples. 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




"Rachna Dhamija" <rachna.public@gmail.com> 
Sent by: public-wsc-wg-request@w3.org
05/24/2007 01:13 PM

To
public-wsc-wg@w3.org
cc

Subject
Action 213: write a lightning proposal on wiki






I added a proposal to the wiki.  This opens up a question for the group: 
are interfaces to out of scope protocols within our scope?

Trusted Browser Component to Capture User Intention
http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent

Received on Friday, 8 June 2007 16:25:14 UTC