RE: Open Actions 254 and 261 are closed

I'll make edits as suggested

 

  _____  

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Mary Ellen Zurko
Sent: Monday, June 25, 2007 10:51 AM
To: dan.schutzer@fstc.org
Cc: public-wsc-wg@w3.org
Subject: RE: Open Actions 254 and 261 are closed

 


"This mode of interaction is superior to depending on a user to notice an
indicator. "
This is pretty broad, and I disgree with it in its bredth. The proposal
needs to be more precise on this. Here's one suggestion:
"This mode of interaction requires the user to know of and take explicit
actions up front, and to take an extra step if the user wishes to browse
outside of the set of homongenously certified sites. In return, the user can
assume all web sites they go to have a consistent level of trustworthiness,
using only the look and feel indicator of SBM." 

need to test users recognize spoofed SBM. 
need to test that users take the actions, understand the consequences. 

"SBM mode"
A nit, but this is a redundant phrase, since the M in SBM stands for Mode. 

"o users must be in SBM mode before there is any possibility of providing
bogus or spoof sites with information o users must be aware that they are in
SBM (known by their taking a conscious act to put themselves into SBM, and
by the distinct look) o users must understand that only legitimate " highly
trusted" websites will be accessible in SBM, and that it is therefore safe
to provide information to sites that are accessible in SBM o users must be
able to verify that they are at the intended "website," and that only
legitimate "highly trusted websites" are accessible while in SBM. "
You've got formatting problems. Read the wiki formatting for bullets. Use
"*"; the number of spaces before the "*" indicates the level of bullet (one
space for major, two spaces for within a major, and so on).

Do users need to understand anything about what information is safe to
provide? Is all information safe to provide? If not, what do users need to
understand to determine what is and what is not safe to provide?

"When  <http://www.w3.org/2006/WSC/wiki/CardSpace> CardSpace(or its open
source equivalent) "
This section needs to be generalized or removed. I do not think it's
appropriate to go into detail around integration with a proprietary
technology in an open standards document. From a merely practical point of
view, it will draw extensive comment, and there's a lot of overhead to
logging and responding to external comment. Make the change now instead of
putting in much more time later. 

"... by adding an additional keystroke before clicking on a link or typing
in a url. The act is minimal, and should be consistent across browsers. It
is intuitive... "
I personally find nothing intuitive about an additional keystroke before I
follow some (random, really, from the user task perspective) set of links. I
recommend restating. I can assure you that my mental model is nothing like
the mental model you go on to claim for users (but I also know that no one
person gets to say their mental model is "the" mental model). At a minimum
it should say: 

"... by adding an additional keystroke before clicking on a link or typing
in a url. The act is minimal, and should be consistent across browsers. User
testing will determine if it can beome intuitive... "

"SBM does not rely on any special audio or visual cues, other than that
already built into browsers and  <http://www.w3.org/2006/WSC/wiki/CardSpace>
CardSpace"
Not true - the proposal has several times called out there is a specific
look and feel to SBM. Also, see above comment about references to
proprietary technology. 

"The implementation MUST block from access, when in SBM, any website that
does not pass the website checks. "
There's a requirement missing - what the user does when they want to get out
of SBM.

"TECHNIQUES (*) 

This section is not applicable "
Not true. What should be here is in your Overview.  At the very least it
should say "See the Overview".

"She invokes safe mode, opens her web browser"
This seems wrong. Isn't invoking safe mode directed at the web browser, so
happens after the web browser is opened?

"Consider the results of the following recent study, entitled: "Customers
want online ID protection more than reimbursement from banks" (See Appendix
1). "

This should be a reference instead of an appendix. There's no URL or other
reference anywhere. It needs one (to show what study). 

"FSTC BMA Browser Recommendations Below are included some of the FSTC
recommendations that are applicable for the Safe Browsing Mode and that are
within the scope of WSC "

Then they should be moved out of an appendix into a proposal (or into other
proposals). 






"Dan Schutzer" <dan.schutzer@fstc.org> 
Sent by: public-wsc-wg-request@w3.org

06/15/2007 01:41 PM


To

"'Dan Schutzer'" <dan.schutzer@fstc.org>, "'Mary Ellen Zurko'"
<Mary_Ellen_Zurko@notesdev.ibm.com>


cc

<public-wsc-wg@w3.org>


Subject

RE: Open Actions 254 and 261 are closed

 


 

 




 
 

 

  _____  


From: Dan Schutzer [mailto:dan.schutzer@fstc.org] 
Sent: Friday, June 15, 2007 1:40 PM
To: 'Mary Ellen Zurko'
Cc: 'public-wsc-wg@w3.org'
Subject: RE: Open Actions 254 and 261 are closed
 
Sorry both are at 
 
 <http://www.w3.org/2006/WSC/wiki/SafeWebBrowsingTemplate>
http://www.w3.org/2006/WSC/wiki/SafeWebBrowsingTemplate
 
the BMA stuff is in the Appendix
 

 

  _____  


From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Mary Ellen Zurko
Sent: Friday, June 15, 2007 11:47 AM
To: dan.schutzer@fstc.org
Cc: public-wsc-wg@w3.org
Subject: Re: Open Actions 254 and 261 are closed
 

Some people actually read the work participants do. I know I do. So please
provide pointers/URLs so people can see your work: 

> I have updated SBM and put into new template - Action 254

Is it at:
http://www.w3.org/2006/WSC/wiki/SafeWebBrowsingTemplate

> I have revised BMA list - Action 261

I can't figure out where this one is. Same URL? 

>  
> I may make some additional changes/edits between now and the 
> deadline of June 15. If I do I will notify everyone of the changes
>  

Excellent. Thanks. 

Received on Monday, 25 June 2007 14:59:13 UTC