- From: Johnathan Nightingale <johnath@mozilla.com>
- Date: Mon, 11 Jun 2007 10:51:21 -0400
- To: Timothy Hahn <hahnt@us.ibm.com>
- Cc: Web Security Context WG <public-wsc-wg@w3.org>
- Message-Id: <031EDB70-3A98-4264-BB4B-DD92BA02EA97@mozilla.com>
I think this is not only an intuitive classification, but one which simplifies the job of implementors by breaking work items into obvious segments. +1 from me unless someone can point to recommendations which break the system. Cheers, Johnathan --- Johnathan Nightingale Human Shield johnath@mozilla.com On 11-Jun-07, at 7:38 AM, Timothy Hahn wrote: > > Mez, > > I can't think of a better categorization, so +1 from me for the > categories below. > > Regards, > Tim Hahn > IBM Distinguished Engineer > > Internet: hahnt@us.ibm.com > Internal: Timothy Hahn/Durham/IBM@IBMUS > phone: 919.224.1565 tie-line: 8/687.1565 > fax: 919.224.2530 > > > > "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com> > Sent by: public-wsc-wg-request@w3.org > 06/08/07 04:28 PM > > To > "Shawn Duffy <Shawn.Duffy" > cc > Web Security Context WG <public-wsc-wg@w3.org> > Subject > Re: Recommendations Draft > > > > > > > Now that I've made it through the proposals that make up the bulk > of the draft, I'd like to propose a further categorization of the > proposals: > > 1. Primary Security Context Indicators > > Proposals centering on what is displayed as SCI (and not) would go > here. Site identifying images in chrome, "what is a secure > page" (when it gets put into template form - Yngve, have you done > that yet?), secure internet letterhead, TrustMe, UrlRecommendation, > IdentitySignal - recommendations, good practices, and antipatterns > around the SCI that appear without user interaction, in the normal > task flow, would appear here. > > 2. Secondary Security Context Indicators > > Proposals centering around other forms of SCI - security protocol > error presentation, page info summary, EV certs (I think), maybe > parts of IdentitySignal (is hoverover primary or secondary?), > revisiting past decisions would go here. > > 3. SCI Robustness > > Techniques to make the SCI (and chrome) robust against attacks > (including spoofing). Trusted browser component (including the > personalization aspect), and all the discussions of robustness > we've had from the various browsers would go here. > > 4. Minimizing Trust Decisions > > Techniques to do away with some of the trust decisions users need > to make today. PIIEditorBar, SBM, maybe browser lock down (I > haven't read it yet) > > > > Reactions and thoughts, both on beginning to form some large > grained categories within our proposal, and on these as the current > categories? > > Mez > > > > Shawn Duffy <Shawn.Duffy@corp.aol.com> > Sent by: public-wsc-wg-request@w3.org > 05/30/2007 05:30 AM > > > To > Web Security Context WG <public-wsc-wg@w3.org> > cc > Subject > Recommendations Draft > > > > > > > > > This is a rough, rough first draft of the Recommendations: > > http://www.w3.org/2006/WSC/drafts/rec/ > > This is based on the recommendations that were drafted using Tyler's > template in the Wiki. Not every one used the template in an identical > manner so not every section is consistent with the rest. I'm sure we > will continue to massage the format. > > If I am missing anyone's recommendations, let me know... > > Thanks, > Shawn > -- > shawn duffy - shawn.duffy@corp.aol.com > senior technical security engineer | aol it security > 703.265.8273 | AIM: ShawnDuffy1 > > >
Received on Monday, 11 June 2007 14:51:50 UTC