RE: WSC Open Action Items

I had submitted quite a while ago responses to :

[OPEN] ACTION-302: Daniel Schutzer to Create sketches and interaction notes
to send to usability testing group - due 2007-10-09


Here it is:


Safe Web Browsing


Description of operation


When a user opens the browser, the first page they see requests them to
click on one of two choices: 

1.	Go into Safe Web Mode (restricted to only trusted websites)
2.	Browse the entire Internet


When in Safe Mode, the entire browser chrome will be a distinctive different
color, such as green. There should be a default color, but it should be
adjustable by the user. A button will appear in the chrome that says "Safe
Mode, click to return to Full Internet." When not in Safe mode the button,
will say "Full Internet Browsing, click to return to Safe Mode"


Once selected, the browser will stay in Safe Web Mode until the user either
closes down the browser, or clicks on a button in the Chrome that says
"return to Full Internet"


Anytime a user is at a web site, the user should be able to "add" or
"delete" that site from Safe Mode. There should be a button in the chrome
that allows this action. 

To be added to Safe Mode, a site must be qualified. If a site is not
qualified to be in placed in Safe Zone, and a user attempts to add this site
to Safe Mode, the browser will return a message that says "This web page is
not qualified to be viewed in Safe Mode" 


To be allowed in Safe Zone, a site would have to conform to the requirements
specified in the Safe Web Browser Recommendation; namely, the site must be
able to be authenticated as a safe site (for example: page must be digitally
signed with an appropriate certificate and logo type, which validates the
site has undergone appropriate investigation and on-going auditing by an
authorized authority, and the sites IP addresses match addresses previously
registered and signed by registration agent). 


When in Safe Mode, besides the web page checking, the browser's security
settings will be automatically set to maximum protection.





From: [] On
Behalf Of Mary Ellen Zurko
Sent: Tuesday, October 30, 2007 5:51 PM
Subject: WSC Open Action Items


1) Do not let your Action Items go past due. It creates overhead for me,
which is time I could spend on the content of the group, instead of trying
to figure out what I should do about overdue action items. 

2) Complete your Action Item by the Due Date. 

3) Make sure to send an email to publis-wsc-wg with the exact ID somewhere
in the subject line (upper case, with the "-", for example, ACTION-3) for
tracking purposes. 

4) Do NOT close it yourself; I'll do that. That's how they get into the
agenda, so I can give you props during the meeting. Set the state to
"pending review" when you've completed it. 

5) If a personal emergency arises so that at the last minute you cannot
possibly complete the Action Item by the Due Date, reset the Due Date. It
takes only 30 seconds. And decreases my nag overhead. 

6) The roof was scarcely visible, The cornice but a mound. 

Thank you to all of you who do all this without regular personal reminders. 

[OPEN] ACTION-214: Bill Doyle to solicit commentary on Threat Trees from
MITRE INFOSEC community - due 2007-10-20

[OPEN] ACTION-274: Bill Doyle to experiment with lc-comments-tracker and
report back - due 2007-10-20

[OPEN] ACTION-284: Phillip Hallam-Baker to suggest fine-tuning of
terminology in section 4 - due 2007-10-03

[OPEN] ACTION-293: Tim Hahn to Update Browser Lockdown section per the
discussion in this call and the comments on the list. - due 2007-09-21

[OPEN] ACTION-302: Daniel Schutzer to Create sketches and interaction notes
to send to usability testing group - due 2007-10-09

[OPEN] ACTION-304: Phillip Hallam-Baker to Produce demo or lo-fi protype of
secure letterhead - due 2007-10-09

[OPEN] ACTION-305: Tim Hahn to Get back to maritzaj on what questions he
has, or any lack thereof - due 2007-10-09

[OPEN] ACTION-317: Thomas Roessler to Note the open discussion about how PII
notions of cert-handling fold into the rest of the document, particularly
around self-signed certs and KCM - due 2007-11-30

[OPEN] ACTION-318: Thomas Roessler to Draft a new subsection to section 7
discussing the mixing of trusted/untrusted information in the UI - due

[OPEN] ACTION-320: Thomas Roessler to Add authoring BP re HTTPS -> HTTP
submits (issue-107) - due 2007-11-30

[OPEN] ACTION-321: Bill Doyle to to look for cyphersuite strength standard
that we can reference - due 2007-10-31

Received on Wednesday, 31 October 2007 09:57:26 UTC