ACTION-303: Page scoring usability test from michael.mccormick@wellsfargo.com on 2007-10-12 (public-wsc-wg@w3.org from October 2007)

From: <michael.mccormick@wellsfargo.com>
Date: Fri, 12 Oct 2007 12:02:04 -0500
To: <public-wsc-wg@w3.org>
Message-ID: <9D471E876696BE4DA103E939AE64164D5284C8@msgswbmnmsp17.wellsfargo.com>

ACTION-303: Find someone to help with what's needed for UI and
prototypes for page security scoring usability testing [on Michael
McCormick - due 2007-10-09]

BACKGROUND: As you'll see in the minutes from 2 October, I received this
action item because it was a felt I should partner with someone willing
to prototype a few different potential ways of presenting page security
scores in a UI.  (Tim Hahn was mentioned as a likely candidate.)  I
accepted the action reluctantly because the page score proposal is
deliberately agnostic about UI.  It's intended to work with any UI the
agent chooses, but gives all such UIs a consistent semantic.  As you'll
see in those same minutes, we later discussed usability testing for
"What is a Secure Page?" and concluded a traditional prototyping
approach is not appropriate, but rather we should look at a variety of
existing www pages to see how they secure they are.  I made the comment
that this approach could work for Page Security Scores also and
(according to the minutes) no one disagreed.

PROPOSAL: I submit that prototyping a UI for page security scores is not
useful, especially in light of our later decision on 3 October to remove
the specific strawman formula I'd proposed.  How can we prototype a UI
that has no definition, based on a formula/algorithm that doesn't exist?
Instead I propose we do usability tests of page security scoring the
same way we'll do them for "What is a Secure Page?".

> Michael McCormick, CISSP
> Lead Architect, Information Security Technology
> Wells Fargo Bank
> 
> "THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS
> FARGO"
> This message may contain confidential and/or privileged information.
> If you are not the addressee or authorized to receive this for the
> addressee, you must not use, copy, disclose, or take any action based
> on this message or any information herein.  If you have received this
> message in error, please advise the sender immediately by reply e-mail
> and delete this message.  Thank you for your cooperation.
>

Received on Friday, 12 October 2007 17:02:25 UTC