RE: Open Actions 254 and 261 are closed

"This mode of interaction is superior to depending on a user to notice an 
indicator. "
This is pretty broad, and I disgree with it in its bredth. The proposal 
needs to be more precise on this. Here's one suggestion:
"This mode of interaction requires the user to know of and take explicit 
actions up front, and to take an extra step if the user wishes to browse 
outside of the set of homongenously certified sites. In return, the user 
can assume all web sites they go to have a consistent level of 
trustworthiness, using only the look and feel indicator of SBM." 

need to test users recognize spoofed SBM. 
need to test that users take the actions, understand the consequences. 

"SBM mode"
A nit, but this is a redundant phrase, since the M in SBM stands for Mode. 


"o users must be in SBM mode before there is any possibility of providing 
bogus or spoof sites with information o users must be aware that they are 
in SBM (known by their taking a conscious act to put themselves into SBM, 
and by the distinct look) o users must understand that only legitimate ? 
highly trusted? websites will be accessible in SBM, and that it is 
therefore safe to provide information to sites that are accessible in SBM 
o users must be able to verify that they are at the intended "website," 
and that only legitimate "highly trusted websites" are accessible while in 
SBM. "
You've got formatting problems. Read the wiki formatting for bullets. Use 
"*"; the number of spaces before the "*" indicates the level of bullet 
(one space for major, two spaces for within a major, and so on).

Do users need to understand anything about what information is safe to 
provide? Is all information safe to provide? If not, what do users need to 
understand to determine what is and what is not safe to provide?

"When CardSpace (or its open source equivalent) "
This section needs to be generalized or removed. I do not think it's 
appropriate to go into detail around integration with a proprietary 
technology in an open standards document. From a merely practical point of 
view, it will draw extensive comment, and there's a lot of overhead to 
logging and responding to external comment. Make the change now instead of 
putting in much more time later. 

"... by adding an additional keystroke before clicking on a link or typing 
in a url. The act is minimal, and should be consistent across browsers. It 
is intuitive... "
I personally find nothing intuitive about an additional keystroke before I 
follow some (random, really, from the user task perspective) set of links. 
I recommend restating. I can assure you that my mental model is nothing 
like the mental model you go on to claim for users (but I also know that 
no one person gets to say their mental model is "the" mental model). At a 
minimum it should say: 

"... by adding an additional keystroke before clicking on a link or typing 
in a url. The act is minimal, and should be consistent across browsers. 
User testing will determine if it can beome intuitive... "

"SBM does not rely on any special audio or visual cues, other than that 
already built into browsers and CardSpace"
Not true - the proposal has several times called out there is a specific 
look and feel to SBM. Also, see above comment about references to 
proprietary technology. 

"The implementation MUST block from access, when in SBM, any website that 
does not pass the website checks. "
There's a requirement missing - what the user does when they want to get 
out of SBM.

"TECHNIQUES (*) 
This section is not applicable "
Not true. What should be here is in your Overview.  At the very least it 
should say "See the Overview".

"She invokes safe mode, opens her web browser"
This seems wrong. Isn't invoking safe mode directed at the web browser, so 
happens after the web browser is opened?

"Consider the results of the following recent study, entitled: ?Customers 
want online ID protection more than reimbursement from banks? (See 
Appendix 1). "

This should be a reference instead of an appendix. There's no URL or other 
reference anywhere. It needs one (to show what study). 

"FSTC BMA Browser Recommendations Below are included some of the FSTC 
recommendations that are applicable for the Safe Browsing Mode and that 
are within the scope of WSC "

Then they should be moved out of an appendix into a proposal (or into 
other proposals). 





"Dan Schutzer" <dan.schutzer@fstc.org> 
Sent by: public-wsc-wg-request@w3.org
06/15/2007 01:41 PM

To
"'Dan Schutzer'" <dan.schutzer@fstc.org>, "'Mary Ellen Zurko'" 
<Mary_Ellen_Zurko@notesdev.ibm.com>
cc
<public-wsc-wg@w3.org>
Subject
RE: Open Actions 254 and 261 are closed






 
 

From: Dan Schutzer [mailto:dan.schutzer@fstc.org] 
Sent: Friday, June 15, 2007 1:40 PM
To: 'Mary Ellen Zurko'
Cc: 'public-wsc-wg@w3.org'
Subject: RE: Open Actions 254 and 261 are closed
 
Sorry both are at 
 
http://www.w3.org/2006/WSC/wiki/SafeWebBrowsingTemplate
 
the BMA stuff is in the Appendix
 

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] 
On Behalf Of Mary Ellen Zurko
Sent: Friday, June 15, 2007 11:47 AM
To: dan.schutzer@fstc.org
Cc: public-wsc-wg@w3.org
Subject: Re: Open Actions 254 and 261 are closed
 

Some people actually read the work participants do. I know I do. So please 
provide pointers/URLs so people can see your work: 

> I have updated SBM and put into new template - Action 254

Is it at:
http://www.w3.org/2006/WSC/wiki/SafeWebBrowsingTemplate

> I have revised BMA list ? Action 261

I can't figure out where this one is. Same URL? 

> 
> I may make some additional changes/edits between now and the 
> deadline of June 15. If I do I will notify everyone of the changes
>  

Excellent. Thanks. 

Received on Monday, 25 June 2007 14:51:15 UTC