RE: ACTION-301: Usability review of Identity Signal from Dan Schutzer on 2007-10-26 (public-wsc-wg@w3.org from October 2007)

From: Dan Schutzer <dan.schutzer@fstc.org>
Date: Fri, 26 Oct 2007 11:26:05 -0400
To: "'Mary Ellen Zurko'" <Mary_Ellen_Zurko@notesdev.ibm.com>, "'Johnathan Nightingale <johnath'" <johnath@mozilla.com>
Cc: "'W3C WSC W3C WSC Public'" <public-wsc-wg@w3.org>, "'Dan Schutzer'" <dan.schutzer@fstc.org>
Message-ID: <009301c817e4$8a42e000$6500a8c0@dschutzer>

I understand this to mean that agents can perform, various sophisticated
tests to validate the identity of the site, including crypto signature
validations, that would be difficult for the typical user to understand or
perform themselves. It does not discuss, as a result of this test, how this
information is conveyed; (e.g. alert message, favicon, or just block a la
Safe Mode, or some combination)

 

Dan

 

  _____  

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Mary Ellen Zurko
Sent: Friday, October 26, 2007 11:02 AM
To: Johnathan Nightingale <johnath
Cc: W3C WSC W3C WSC Public
Subject: Re: ACTION-301: Usability review of Identity Signal

 


> I appreciate that "help users understand the identity of sites they  
> interact with" is a harder testing problem than "prevent phishing  
> attacks" and I don't actually have a good methodology suggestion.  An  

I don't see why it is (and I expect kind and informative responses to
naivete :-). The testing of understandability of visual icons goes much
further back than usability testing around user attacks. I would expect that
kind of UT would be the most appropriate. 
        Mez

Received on Friday, 26 October 2007 15:26:36 UTC