Re: Rec Proposal: Separate in-browser editor for entry of Personally Identifiable Information (PII) from Mary Ellen Zurko on 2007-03-26 (public-wsc-wg@w3.org from March 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Mon, 26 Mar 2007 09:13:39 -0400
To: tyler.close@hp.com
Cc: public-wsc-wg@w3.org
Message-ID: <OF34070294.C1395F8E-ON852572AA.004538B2-852572AA.0048A958@LocalDomain>

Hi Tyler,

Please put a pointer (or a working version of the proposal) with the other 
proposals at : 
http://www.w3.org/2006/WSC/wiki/RecommendationIndex

> proposal way back in December, I put out some seeds of something I would
> like our WG to work on as a recommendation. Much of this proposal is not
> novel, but a combination of elements I've seen in other anti-phishing

That's good that much is not novel. After all, we're a standards wg, not a 
research team. In general, it's going to be much easier to work through 
recommendations with some background and experience behind them (unless 
the proposer is driving work in the area they propose in parallel with the 
WG). 

> proposals, including Rachna's Security Skins work, Ka-Ping Yee's Passpet
> The proposal is intended to address the following problems documented in
> the Note:
> 
>     - Provide a chrome-like area that is less vulnerable to spoofing

Will it work for non visual interfaces? Do we have anyone here at all who 
can speak to non-visual interfaces? Brad has left TellMe, so is not on the 
WG anymore. I a bit worried about that gap. 

> I propose adding a new chrome-like area to the browser for entry of

I believe we need our proposals to work for or generalize to web user 
agents. 

> Personally Identifiable Information (PII). One function of this PII bar
> is providing a text field for user entry of PII text strings. From a

Sounds unsuitable for kiosk use. Should probably be disabled in shared 
deployments. 

Should the proposal speak to protection of storage of this information? 
This is a pragmatic issue for enterprise applications. I would think it 
would be an issue for browsers and web user agents. 

> I've now round tripped one use case, but this email is already pretty
> long, so I'm going to defer doing another use case to another email.
> Hopefully I've already provided sufficient detail for feedback.

For all the proposals we discuss, we're going to need both an instance 
with specifics, and an outline of the abstraction (principles and 
generalizations, for applying to other contexts and user agents). So 
instead of the next use case, a rundown of the 
principls/abstractions/generalizations would be good. I can help with that 
if it's not immediately clear what I think is needed. Let me know. 
        Mez

Received on Monday, 26 March 2007 13:13:49 UTC