RE: Secure storage (was: PIIEditorBar)

Ah, I see, add a "Security Issues" sections that lists issues
implementers should be aware of, even though they may be out of scope
for more detailed advice from this WG. OK, I'll do this.
 
Thanks,
Tyler


________________________________

	From: Mary Ellen Zurko
[mailto:Mary_Ellen_Zurko@notesdev.ibm.com] 
	Sent: Wednesday, June 13, 2007 10:42 AM
	To: Close, Tyler J.
	Cc: public-wsc-wg@w3.org
	Subject: Re: Secure storate (was: PIIEditorBar)
	
	

	Right, that's why I suggested the cannonical security section,
and not a recommendation. Mentioning it early will make the inevitable
comments from external review easier to process. I'm open to any other
section. I just want us to proactively recognize the issue somewhere. 
	
	          Mez
	
	Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l
333-6389)
	Lotus/WPLC Security Strategy and Patent Innovation Architect
	
	
	
	
"Close, Tyler J." <tyler.close@hp.com> 
Sent by: public-wsc-wg-request@w3.org 

06/13/2007 01:25 PM 

To
<public-wsc-wg@w3.org> 
cc
Subject
Secure storate (was: PIIEditorBar)

	




	Hi Mez, 
	  
	In this email, I'm just addressing the secure storage issue you
raise in the quoted email below. 
	  
	I think it's possible that discussion of how a user agent stores
PII information is out of scope for this Working Group. For example,
some operating systems, like OS X come with built in support for full
file system encryption, in addition to providing a custom application
for storage of secrets. A conforming implementation may well want to use
these services. 
	  
	It's also worth noting that PII information often shows up in
the web content served by a web site, such as when an ecommerce site
presents a purchase confirmation page. In this case, the browser ends up
storing PII information in its cache. Writing requirements for the
storage of PII entered into the PII editor, but not for the storage of
cached web pages, seems particularly useless from a security point of
view. If we determine that storage security is in scope, I think it
should be addressed in a separate recommendation that covers all
storage, not just storage as used in one particular browser feature. My
own reading of the Note is that storage security is out of scope. 
	  
	Tyler 
	  
	
________________________________


	From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Mary Ellen Zurko
	Sent: Friday, June 08, 2007 6:04 AM
	To: Close, Tyler J.
	Cc: public-wsc-wg@w3.org
	Subject: PIIEditorBar
	
	
	"The core conceptual change is augmenting the form filler with a
record of what web site a stored text string was given to and providing
the user with ready access to this record during a data entry task. "
	One potential issue with this proposal is the security of
storing PII. At some point that should be addressed. For example, in the
cannonical security issues section, there might be short discussion on
techniques used by password storage/management features and extensions
to protect passwords in web user agents. 
	
	When this is fully rephrased in conformance language, I'd like
to see the petname/history part pulled out as one good practice
(representing to users when they've been somewhere before). 
	
	"For robustness against spoofing, the PII bar should be
displayed using a theme customized to the user. "
	There's a more general recommendation hiding here too, which I
hope is pulled out when it's rephrased for conformance. 
	
	"To encourage such treatment, the interface is designed such
that it is easier to provide information to a web site using the PII bar
than it is for the user to enter information into a web page directly.
When using the PII bar, the user need not remember the exact sequence of
characters in a PII string, nor type them in; rather, the string is
selected from a menu."
	The scenarios you haven't dealt with, that may raise issues, are
when change happens to the validity of the PII strings. When the credit
card number changes. Or expiration date. When the password has changed
(I hit a lot of these every few months because of how my employer
manages passwords). The stored password is no longer valid (right; it's
been changed; must update it here too.) 
	
	         Mez
	
	Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l
333-6389)
	Lotus/WPLC Security Strategy and Patent Innovation Architect
	
	
	
"Close, Tyler J." <tyler.close@hp.com> 
Sent by: public-wsc-wg-request@w3.org 

05/21/2007 07:15 PM 



To
<public-wsc-wg@w3.org> 
cc
Subject
RE: Editing process for Recommendations


	


	
	
	
	Hi Mez,
	
	I'm also going to add my PII Editor bar proposal to our draft
recommendations. See:
	
	
http://www.w3.org/2006/WSC/wiki/PersonallyIdentifiableInformationEditorB
ar
<http://www.w3.org/2006/WSC/wiki/PersonallyIdentifiableInformationEditor
Bar> 
	
	Shawn and I spoke last week about splitting up editing tasks.
I'm taking care of finishing up the Note and he's going to get started
on the recommendations. I think he's going to setup a skeleton draft and
move the display recommendations from the wiki into the draft. I'll then
add my PII Editor bar content. I'm hoping all this gets done this week,
so that everyone can print a copy to take on the airplane with them.
	
	Tyler
	
	
________________________________

	From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Mary Ellen Zurko
	Sent: Monday, May 21, 2007 12:41 PM
	To: Close, Tyler J.
	Cc: sduffy@aol.net; public-wsc-wg@w3.org
	Subject: Re: Editing process for Recommendations
	
	
	We're past May 18th. How are we doing? It seems we have three
proposals that have been put in template format. Will those be forming
the basis of our first public working draft recommendations? 
	
	        Mez
	
	Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l
333-6389)
	Lotus/WPLC Security Strategy and Patent Innovation Architect
	
	
"Close, Tyler J." <tyler.close@hp.com> 
Sent by: public-wsc-wg-request@w3.org 

04/27/2007 06:40 PM 



To
<public-wsc-wg@w3.org> 
cc
Subject
Editing process for Recommendations




	


	
	
	
	
	
	The calendar will soon turn to May and so if we're to do
anything other
	than drink Guinness while in Dublin for the next F2F, we will
need some
	draft recommendations.
	
	I think each draft recommendation should be written up by the
primary WG
	members who will be developing the proposal. This division of
labor
	ensures each proposal is described by those most knowledgeable
about it,
	and that we've got a champion for each proposal who will help
drive the
	testing and implementation work that must be done.
	
	To get some consistency among the proposal descriptions, I think
we
	should develop a template. The template would specify some
required
	sections for each proposal. For example, we could require a
section that
	enumerates the use-cases addressed by the proposal, or the
security
	information items relied upon, or the usability principles that
are
	leveraged, etc. We should develop this template over the course
of the
	next week.
	
	I'd need to get finished text for each of the proposals by May
18th. By
	finished text, I mean the exact text that should appear in the
	recommendation document, but not necessarily in the W3C XML
format. For
	those unfamiliar with this XML language, I could go through and
add the
	syntax for the sections, paragraphs and lists. Look at our Note
to see
	the available structural elements. Shawn and I could then merge
these
	proposals into a document by the 23rd so that we all have a week
to read
	and think about the proposals before meeting in Dublin.
	
	Tyler 
	
	
	
	
	

Received on Wednesday, 13 June 2007 18:01:35 UTC