RE: ISSUE-132: Update Section 10.1 of wsc-xit with information from updated browser lock down wiki page from Doyle, Bill on 2007-11-26 (public-wsc-wg@w3.org from November 2007)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Mon, 26 Nov 2007 16:14:53 -0500
To: "Ian Fette" <ifette@google.com>, "Dan Schutzer" <dan.schutzer@fstc.org>
Cc: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, "Web Security Context Working Group WG" <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B5801C32771@IMCSRV5.MITRE.ORG>

Removing the ability to view security settings appears to be in
conflict with an issue that was brought up a long time ago and noted by
UAAG 1.0

http://www.w3.org/2006/WSC/track/issues/40


 

-----Original Message-----
From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Ian Fette
Sent: Monday, November 26, 2007 12:40 PM
To: Dan Schutzer
Cc: Mary Ellen Zurko; Web Security Context Working Group WG
Subject: Re: ISSUE-132: Update Section 10.1 of wsc-xit with information
from updated browser lock down wiki page


Yes, but then they call up their help desk / ISP / son / whomever, and
are asked "Is HTTPS over SOCKS checked or unchecked" and they say "I
don't see where that option is...".

I really don't see why the user should ever be prevented from at least
viewing the settings.

On Nov 26, 2007 9:16 AM, Dan Schutzer <dan.schutzer@fstc.org> wrote:
>
>
>
>
> I would agree that a user should always be able to view and modify
> security-related configuration settings, but that if a user agent
does their
> job correctly, it should not be necessary, especially for the user
who would
> have trouble understanding the kind of detailed security
configuration
> settings that one sees today in the Security tab
>
>
>
>  ________________________________
>
>
> From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On
> Behalf Of Mary Ellen Zurko
>  Sent: Monday, November 26, 2007 11:36 AM
>  To: Web Security Context Working Group WG
>  Subject: Re: ISSUE-132: Update Section 10.1 of wsc-xit with
information
> from updated browser lock down wiki page
>
>
>
>
>
>  "A user agent MUST support a mode of operation whereby the user is
unable
> to view or modify the security-related configuration settings. "
>
>  It seems wrong to me that there is a mode where the user is unable
to view
> the security related configuration settings. In every context I've
ever been
> in, having some ability to get to more information if helpful.
>
>  I would remove the "view or" part of this, unless I'm missing
something.

Received on Monday, 26 November 2007 21:15:11 UTC