- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Mon, 25 Jun 2007 10:51:02 -0400
- To: dan.schutzer@fstc.org
- Cc: public-wsc-wg@w3.org
- Message-ID: <OF7FBB672E.60050A94-ON85257305.004A6AEA-85257305.0051937E@LocalDomain>
"This mode of interaction is superior to depending on a user to notice an indicator. " This is pretty broad, and I disgree with it in its bredth. The proposal needs to be more precise on this. Here's one suggestion: "This mode of interaction requires the user to know of and take explicit actions up front, and to take an extra step if the user wishes to browse outside of the set of homongenously certified sites. In return, the user can assume all web sites they go to have a consistent level of trustworthiness, using only the look and feel indicator of SBM." need to test users recognize spoofed SBM. need to test that users take the actions, understand the consequences. "SBM mode" A nit, but this is a redundant phrase, since the M in SBM stands for Mode. "o users must be in SBM mode before there is any possibility of providing bogus or spoof sites with information o users must be aware that they are in SBM (known by their taking a conscious act to put themselves into SBM, and by the distinct look) o users must understand that only legitimate ? highly trusted? websites will be accessible in SBM, and that it is therefore safe to provide information to sites that are accessible in SBM o users must be able to verify that they are at the intended "website," and that only legitimate "highly trusted websites" are accessible while in SBM. " You've got formatting problems. Read the wiki formatting for bullets. Use "*"; the number of spaces before the "*" indicates the level of bullet (one space for major, two spaces for within a major, and so on). Do users need to understand anything about what information is safe to provide? Is all information safe to provide? If not, what do users need to understand to determine what is and what is not safe to provide? "When CardSpace (or its open source equivalent) " This section needs to be generalized or removed. I do not think it's appropriate to go into detail around integration with a proprietary technology in an open standards document. From a merely practical point of view, it will draw extensive comment, and there's a lot of overhead to logging and responding to external comment. Make the change now instead of putting in much more time later. "... by adding an additional keystroke before clicking on a link or typing in a url. The act is minimal, and should be consistent across browsers. It is intuitive... " I personally find nothing intuitive about an additional keystroke before I follow some (random, really, from the user task perspective) set of links. I recommend restating. I can assure you that my mental model is nothing like the mental model you go on to claim for users (but I also know that no one person gets to say their mental model is "the" mental model). At a minimum it should say: "... by adding an additional keystroke before clicking on a link or typing in a url. The act is minimal, and should be consistent across browsers. User testing will determine if it can beome intuitive... " "SBM does not rely on any special audio or visual cues, other than that already built into browsers and CardSpace" Not true - the proposal has several times called out there is a specific look and feel to SBM. Also, see above comment about references to proprietary technology. "The implementation MUST block from access, when in SBM, any website that does not pass the website checks. " There's a requirement missing - what the user does when they want to get out of SBM. "TECHNIQUES (*) This section is not applicable " Not true. What should be here is in your Overview. At the very least it should say "See the Overview". "She invokes safe mode, opens her web browser" This seems wrong. Isn't invoking safe mode directed at the web browser, so happens after the web browser is opened? "Consider the results of the following recent study, entitled: ?Customers want online ID protection more than reimbursement from banks? (See Appendix 1). " This should be a reference instead of an appendix. There's no URL or other reference anywhere. It needs one (to show what study). "FSTC BMA Browser Recommendations Below are included some of the FSTC recommendations that are applicable for the Safe Browsing Mode and that are within the scope of WSC " Then they should be moved out of an appendix into a proposal (or into other proposals). "Dan Schutzer" <dan.schutzer@fstc.org> Sent by: public-wsc-wg-request@w3.org 06/15/2007 01:41 PM To "'Dan Schutzer'" <dan.schutzer@fstc.org>, "'Mary Ellen Zurko'" <Mary_Ellen_Zurko@notesdev.ibm.com> cc <public-wsc-wg@w3.org> Subject RE: Open Actions 254 and 261 are closed From: Dan Schutzer [mailto:dan.schutzer@fstc.org] Sent: Friday, June 15, 2007 1:40 PM To: 'Mary Ellen Zurko' Cc: 'public-wsc-wg@w3.org' Subject: RE: Open Actions 254 and 261 are closed Sorry both are at http://www.w3.org/2006/WSC/wiki/SafeWebBrowsingTemplate the BMA stuff is in the Appendix From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Mary Ellen Zurko Sent: Friday, June 15, 2007 11:47 AM To: dan.schutzer@fstc.org Cc: public-wsc-wg@w3.org Subject: Re: Open Actions 254 and 261 are closed Some people actually read the work participants do. I know I do. So please provide pointers/URLs so people can see your work: > I have updated SBM and put into new template - Action 254 Is it at: http://www.w3.org/2006/WSC/wiki/SafeWebBrowsingTemplate > I have revised BMA list ? Action 261 I can't figure out where this one is. Same URL? > > I may make some additional changes/edits between now and the > deadline of June 15. If I do I will notify everyone of the changes > Excellent. Thanks.
Received on Monday, 25 June 2007 14:51:15 UTC