- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Wed, 2 May 2007 08:21:48 -0400
- To: Serge Egelman <egelman@cs.cmu.edu>
- Cc: Web Security Context WG <public-wsc-wg@w3.org>
- Message-ID: <OF08D34C78.DBAE72D2-ON852572CF.0043D3D6-852572CF.0043EA41@LocalDomain>
I'll be glad to create the action item on/for you. What due date will you
have it done by?
And you can create one yourself if you like; Thomas has given us a
cheatsheet to basic functions (which I now include in the agenda for
scribes):
http://www.w3.org/2006/WSC/Group/cheatsheet
Mez
Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect
Serge Egelman <egelman@cs.cmu.edu> wrote on 05/01/2007 11:03:02 PM:
> This actually reminds me of something I've been thinking about for a few
> weeks now: there are certain situations where the user needs to make a
> decision. I think it would be interesting to create a taxonomy of
> situations where user decisions are required. Of all the ones I can
> currently think of, they all appear to fit under "policy decision." For
> instance, setting access permissions, determining whether the
> destination site really matches the destination intended, etc.
>
> Maybe this should be an action item?
>
> serge
>
> Mary Ellen Zurko wrote:
> >
> > I like the idea of having a goal in this space. I'd like to propose an
> > alternative wording that is more in line with the wording of our
> > charter. So I'm sure Stuart will like it less, because it is more
> > abstract and opaque.
> >
> > Title: "Reduce the number of scenarios in which users need to
make
> > trust decisions."
> > Content: "No matter how well security context information is
> > presented, there
> > will always be users who, in some situations, will behave insecurely
even in
> > the face of harsh warnings. Thus, the working group will also
recommend
> > ways to reduce the number of situations in which users need to make
> > trust decisions."
> >
> >
> >
> > Mez
> >
> > Mary Ellen Zurko, STSM, IBM Lotus CTO Office (t/l 333-6389)
> > Lotus/WPLC Security Strategy and Patent Innovation Architect
> >
> >
> >
> > *Web Security Context Issue Tracker <dean+cgi@w3.org>*
> > Sent by: public-wsc-wg-request@w3.org
> >
> > 04/25/2007 10:38 AM
> > Please respond to
> > Web Security Context WG <public-wsc-wg@w3.org>
> >
> >
> >
> > To
> > public-wsc-wg@w3.org
> > cc
> >
> > Subject
> > ISSUE-69: New goal--Reduce the number of scenarios in which users\'
> > security depends upon authenticating sites
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ISSUE-69: New goal--Reduce the number of scenarios in which users'
> > security depends upon authenticating sites
> >
> > http://www.w3.org/2006/WSC/Group/track/issues/69
> >
> > Raised by: Stuart Schechter
> > On product: Note: use cases etc.
> >
> > Looking at the goals in Section 2 of the note, I don't see how
password
> > managers, which reduce the likelihood that a user will enter a
password into
> > an impersonation site, would fit into our goals. MeZ tells me that
she
> > believes there is a rough consensus that are inline with our goals.
Stuart
> > proposes a new goal between 2.5 and 2.6:
> >
> > Title: "Reduce the number of scenarios in which users' security
depends
> > on their ability to authenticating a site"
> > Content: "No matter how well security information is presented,
there
> > will always be users who, in some situations, will behave insecurely
even in
> > the face of harsh warnings. Thus, the working group will also
recommend
> > ways to reduce the number of situations in which users' security will
be
> > compromised if they fail to recognize an impersonation attack or other
> > security failure."
> >
> >
> >
> >
> >
>
> --
> /*
> Serge Egelman
>
> PhD Candidate
> Vice President for External Affairs, Graduate Student Assembly
> Carnegie Mellon University
>
> Legislative Concerns Chair
> National Association of Graduate-Professional Students
> */
Received on Wednesday, 2 May 2007 12:22:00 UTC