- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Mon, 26 Mar 2007 09:13:39 -0400
- To: tyler.close@hp.com
- Cc: public-wsc-wg@w3.org
- Message-ID: <OF34070294.C1395F8E-ON852572AA.004538B2-852572AA.0048A958@LocalDomain>
Hi Tyler, Please put a pointer (or a working version of the proposal) with the other proposals at : http://www.w3.org/2006/WSC/wiki/RecommendationIndex > proposal way back in December, I put out some seeds of something I would > like our WG to work on as a recommendation. Much of this proposal is not > novel, but a combination of elements I've seen in other anti-phishing That's good that much is not novel. After all, we're a standards wg, not a research team. In general, it's going to be much easier to work through recommendations with some background and experience behind them (unless the proposer is driving work in the area they propose in parallel with the WG). > proposals, including Rachna's Security Skins work, Ka-Ping Yee's Passpet > The proposal is intended to address the following problems documented in > the Note: > > - Provide a chrome-like area that is less vulnerable to spoofing Will it work for non visual interfaces? Do we have anyone here at all who can speak to non-visual interfaces? Brad has left TellMe, so is not on the WG anymore. I a bit worried about that gap. > I propose adding a new chrome-like area to the browser for entry of I believe we need our proposals to work for or generalize to web user agents. > Personally Identifiable Information (PII). One function of this PII bar > is providing a text field for user entry of PII text strings. From a Sounds unsuitable for kiosk use. Should probably be disabled in shared deployments. Should the proposal speak to protection of storage of this information? This is a pragmatic issue for enterprise applications. I would think it would be an issue for browsers and web user agents. > I've now round tripped one use case, but this email is already pretty > long, so I'm going to defer doing another use case to another email. > Hopefully I've already provided sufficient detail for feedback. For all the proposals we discuss, we're going to need both an instance with specifics, and an outline of the abstraction (principles and generalizations, for applying to other contexts and user agents). So instead of the next use case, a rundown of the principls/abstractions/generalizations would be good. I can help with that if it's not immediately clear what I think is needed. Let me know. Mez
Received on Monday, 26 March 2007 13:13:49 UTC