RE: ACTION-208: "Site Identifying Images inChrome"displayrecommendation from michael.mccormick@wellsfargo.com on 2007-06-13 (public-wsc-wg@w3.org from June 2007)

From: <michael.mccormick@wellsfargo.com>
Date: Wed, 13 Jun 2007 17:58:35 -0500
To: <tlr@w3.org>
Cc: <Mary_Ellen_Zurko@notesdev.ibm.com>, <public-wsc-wg@w3.org>, <rachna.public@gmail.com>
Message-ID: <8A794A6D6932D146B2949441ECFC9D68040A9F85@msgswbmnmsp17.wellsfargo.com>

Thomas,

That's a helpful clarification.  I could probably support Variant 1 if
"areas of the user interface that are intended or commonly used to
communicate trust information" were more rigorously defined.

Then we could move on to debating whether certain UI parts are in or our
of scope.  For example, I don't think bookmark lists should be exempted
from the requirement since people use them to find & launch web sites.
Especially since in many cases the bookmark/favorite was preloaded in
the browser by its manufacturer, not necessarily added by the user.
(Such preloading practices may be yet another security anti pattern?)

Mike

-----Original Message-----
From: Thomas Roessler [mailto:tlr@w3.org] 
Sent: Wednesday, June 13, 2007 4:11 PM
To: McCormick, Mike
Cc: Mary_Ellen_Zurko@notesdev.ibm.com; public-wsc-wg@w3.org;
rachna.public@gmail.com
Subject: Re: ACTION-208: "Site Identifying Images
inChrome"displayrecommendation

On 2007-06-13 14:33:21 -0500, michael.mccormick@wellsfargo.com wrote:

> Variant 1 - Roessler Web User Agents MUST NOT display bitmaps 
> controlled by Web Content in areas of the user interface that are 
> intended or commonly used to communicate trust information to users.
> 
> Variant 2 - McCormick Web User Agents MUST NOT display bitmaps 
> controlled by Web Content in areas of the user interface that are 
> commonly expected to be under the control of the user agent.
> 
> The reason I think these variants seem equivalent is that a 
> significant number of users assume any part of the UI controlled by 
> the UA (aka "chrome") can be relied upon for trust information.  Why 
> would I rely on trust information presented in one area of chrome 
> (e.g., Location Bar) but not another (e.g., Bookmark List)?  If some 
> parts of chrome are truly more trustworthy than others, how is this 
> distinction communicated to users?

In variant 2, "commonly expected" is phrased badly, I guess -- I tried
to avoid the "chrome" word which I probably shouldn't have in my attempt
to word Variant 2.

The basic notion in Variant 1 is that there are some regions in chrome
(such as the location bar and the status bar) that people are generally
asked to look at for trust metainformation, and that are used for trust
indicators, while there are other parts that are commonly controlled by
the browser UI, but not used for that purpose.

It then basically says "don't mix trust indicators and site-supplied
bitmaps too closely"; it's a variation over the theme that security
information shouldn't be communicated in-band.

That aims to leave things like bookmarks, tab headings, desktop icons
out of the scope of the proposal -- as long as these aren't used to also
communicate trust information that could otherwise be spoofed.

I'm not coming up with better wording right now.

Cheers,
--
Thomas Roessler, W3C  <tlr@w3.org>

Received on Wednesday, 13 June 2007 22:59:03 UTC