- From: Daniel Schutzer <dan.schutzer@fstc.org>
- Date: Fri, 15 Jun 2007 21:32:45 +0000
- To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>,public-wsc-wg-request@w3.org,"Michael McCormick" <Michael.Mccormick@wellsfargo.com>
- Cc: public-wsc-wg@w3.org
I would stick to a smaller number of choices. Psychology studies show that people can cope at best with at max of 6 to 7 chunks at a time and in mgmt briefs 3 to 4. Is max. So I would go with something like 1. Suspucious 2. Unknown 3. Trustworthy 4. Trustworthy and been there before Sent from my Verizon Wireless BlackBerry -----Original Message----- From: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com> Date: Fri, 15 Jun 2007 10:16:36 To:<michael.mccormick@wellsfargo.com> Cc:public-wsc-wg@w3.org Subject: Re: Page Security Score proposal <br><font size=3D2 face=3D"sans-serif">Thanks Mike. This proposal touches on several other areas. So I'm trying to wrap my head around the basic question "Why a numeric score?". Since you rightly reference PageInfo, it isn't only about making what the inputs are explicit. </font><br><br><fo= nt size=3D2 face=3D"sans-serif">I believe we're likely to achieve concensus that there should be some primary SCI display (there are accessibility and device size/characteristics to be accounted for orthogonally, as well as the multicultural aspect raised by Bruno/ANEC; I assume those and do not explicitly address them here). To the extent there is a primary SCI display, it will have to have some sort of levels or gradations (on/off, 3 levels as in "what is a secure page", 4 levels as this proposal suggests, 99 levels/gradations as this proposal also suggests). No one seems to be proposing something with no levels as a primary SCI (that is currently relegated to secondary SCI in PageInfo, and rightly so in my opinion). We discussed the issue of medium/high risk situations that are pure display (no input) during one of the lightening discussions I led, and there seemed to be concensus that there would be pure display use cases of medium/high risk data, which also points towards concensus around a primary SCI display. Now would be the time for any participant to indicate that we did not have concensus on the need for recommendations around a primary display of SCI which reflects some level or gradation of security that is meant to be usable for trust decisions. </font><br><br><font size= =3D2 face=3D"sans-serif">Goal #vocabulary (2.3) says we will "</font><font size=3D3>recommend a set of terms, indicators and metaph= ors for consistent presentation of security information to users, across all web user agents.</font><font size=3D2 face=3D"sans-serif"> </font><font siz= e=3D3>For each of these items, the Working Group will describe the intended user interpretation</font><font size=3D2 face=3D"sans-serif"> ..." That does argue for us standardizing on the indicators and what they mean to the user. So the gap in my mind between numeric score and our goals is, what is the intended user interpretation (user meaning) of the levels/gradations of the score? </font><br><br><font size=3D2 face=3D"sans-serif">Taking it f= rom the other direction, here are some intended user interpretations I could imagine might help with trust decisions on the web. (Side comment, we got any research or other data on what user interpretations would actually be useful to users? Audian, is that something that you could do as a low cost usability test?)<= /font><br><br><font size=3D2 face=3D"sans-serif">1. We don't know enough/an= ything about the trustabillity. It's new territory, you haven't been there before, the other wonky security things don't show anything especially amazing or espec= ially suspicious. Proceed as you would in a new neighborhood. </font><br><br><fon= t size=3D2 face=3D"sans-serif">2. There's something fishy about this site. Don't trust it with anything you really care about. Don't use anything it says in any situation that involves something you consider risky. </font= ><br><br><font size=3D2 face=3D"sans-serif">3. This site is trustworthy for= commerce. You can safely give it your name, address, phone number, and whatever finan= cial information seems appropriate to you in trustworthy commerce (credit card, password, ssn, mother's maiden name,....). </font><br><br><font size=3D2 fa= ce=3D"sans-serif">4. This is a site you've been to before and you've got some history with it. What we show you reminds me of what that history is (a petname, the most meaningful parts of the domain name, etc.), so that you can remember what you trust this site for and use it for that (again). </font><br><br><font size=3D2 face=3D"sans-serif">5. This= is a site someone you trust has said is trusted for some context. Here are displays for both those concepts; it should help you figure out what you can safely do here. </font= ><br><br><font size=3D2 face=3D"sans-serif">Some other user interpreations = I could imagine we might like, but I can't see how they'd fly. </font><br><br><font= size=3D2 face=3D"sans-serif">6. This site is using all the best cryptograp= hy and PKI. But there is no additional semantic meaning we can give to it. Trust it for something, maybe. After all, they must have invested x$ in a certificate from some CA.</font><br><br><font size=3D2 face=3D"sans-serif= ">7. This site is part of your place of business. Trust it with everyone work related (I personally really want this one, but don't see a way to do it beyond 4 and 5 above). </font><br><b= r><font size=3D2 face=3D"sans-serif">8. This site allows all kinds of crazy bad security things to happen like XSS and CSRF and the social networking/w= eb 2.0 hack du jour. Run away fast (I don't see how to make this one happen beyond 1 and 2). </font><br><br><font size=3D2 face=3D"sans-serif">If you b= uy the premise that the levels have to be meaningful to the user, then I don't see how scores can map to user meaningful levels with "no surprises". I do see how combi= nations of security context information could. Either way, we also have the problem that security context information marches on, and there will be new ones, and new values, and new attacks. As Mike points out, that will mean the need for updates/iterations on the mappings of SCi to SCI displays. </font>= <br><br><br><br><table width=3D100%><tr valign=3Dtop><td width=3D40%><font = size=3D1 face=3D"sans-serif"><b><michael.mccormick@wellsfargo.com></b= ></font><p><font size=3D1 face=3D"sans-serif">06/09/2007 01:17 AM</font><td= width=3D59%><table width=3D100%><tr valign=3Dtop><td><div align=3Dright><f= ont size=3D1 face=3D"sans-serif">To</font></div><td><font size=3D1 face=3D"= sans-serif"><Mary=5FEllen=5FZurko@notesdev.ibm.com></font><tr valign= =3Dtop><td><div align=3Dright><font size=3D1 face=3D"sans-serif">cc</font><= /div><td><font size=3D1 face=3D"sans-serif"><public-wsc-wg@w3.org></f= ont><tr valign=3Dtop><td><div align=3Dright><font size=3D1 face=3D"sans-ser= if">Subject</font></div><td><font size=3D1 face=3D"sans-serif">Page Securit= y Score proposal</font></table><br><table><tr valign=3Dtop><td><td></table>= <br></table><br><br><br><font size=3D2 color=3Dblue face=3D"Arial">I conver= ted this recommendation to the correct template; see </font><a href=3Dhttp://www.w3.org/2006/WSC/wi= ki/RecommendationDisplayProposals/PageScore><font size=3D2 color=3Dblue fac= e=3D"Arial"><u>http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposa= ls/PageScore</u></font></a><font size=3D2 color=3Dblue face=3D"Arial">. Thanks, Mike</font><br><br><hr><font size=3D2 face=3D"Tahoma"><b>From= :</b> Mary Ellen Zurko [mailto:Mary=5FEllen=5FZurko@notesdev.ibm.com] <b><br>Sent:</b> Wednesday, June 06, 2007 6:51 AM<b><br>To:</b> McCormick, = Mike<b><br>Subject:</b> RE: lightening discussion</font><font size=3D3><br>= <br></font><br><BR>
Received on Friday, 15 June 2007 21:32:57 UTC