- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Fri, 15 Jun 2007 15:50:17 -0400
- To: "Johnathan Nightingale <johnath" <johnath@mozilla.com>
- Cc: W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
- Message-ID: <OFDC0DA38F.23D2985F-ON852572FB.006B481F-852572FB.006CF9B1@LocalDomain>
What excellent timing. I forgot this one was in the works. "This recommendation applies to all web user agents capable of supporting the relevant site-identity technologies (e.g. EV SSL Certificates). " Why can't it apply to all web user agents, since the combination of a URL, browsing history, and the ability to name a site can also provide an identity signal? If it's meant to be third party crypto identity, that wasn't clear to me until later down. Perhaps that should be spelled out? Or perhaps I'm still unclear on the scope. "The expectation is that by establishing a consistent method for checking identity information, users who are curious about, or unsure of, the identity of sites they interact with will tend to check with this indicator as a form of user-driven investigation" What about user agents that show other indicators that users might mistake for identity information (URLs, domain names, favicons)? I'm thinking the expected user behavior would be "confirmation bias" related; if either the "secure" indicator or some insecure pseudo-indicator told the user they were in a good place, they'd buy it. Sounds like a case for usability testing. Any of our usability testing experts want to comment? Or is there research out there covering this question, research experts? Mez Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389) Lotus/WPLC Security Strategy and Patent Innovation Architect Johnathan Nightingale <johnath@mozilla.com> Sent by: public-wsc-wg-request@w3.org 06/15/2007 12:22 PM To W3C WSC W3C WSC Public <public-wsc-wg@w3.org> cc Subject ACTION 219 - Update IdentitySignal to conform to template I have completed this action. The template form of the recommendation can be found here: http://www.w3.org/2006/WSC/wiki/IdentitySignal Cheers, J --- Johnathan Nightingale Human Shield johnath@mozilla.com
Received on Friday, 15 June 2007 19:50:27 UTC