- From: Thomas Roessler <tlr@w3.org>
- Date: Sat, 1 Sep 2007 14:32:03 +0200
- To: "Close, Tyler J." <tyler.close@hp.com>
- Cc: public-wsc-wg@w3.org
On 2007-08-28 21:30:35 -0000, Close, Tyler J. wrote: > In TLR's email [2], he wondered about providing a secure data > entry interaction for all sensitive data, as opposed to just > special casing username/password data. I think our charter and > our use-cases require providing protection for a broad range of > PII data, such as credit card numbers, social security numbers, > phone numbers, etc. Moreover, I don't seen anything to be gained > at this stage from focusing only on login forms. I believe the > proposed form filler changes can be made just as usable as any > password-only manager that can be deployed on today's Web. The question I was asking was not a charter question, but a deployment question: How much convenience (or inconvenience) does the proposed interaction really cause to users, and what does that mean for deployment? Can credential entry be usefully separated from other information entry? (Probably.) Does credential entry lend itself to different interaction models than other information entry? (Probably, since credentials change differently than, e.g., the photo title that you want to enter today.) Does differentiating these interaction models provide benefits down the road, e.g., if/when zero-knowledge password proofs get more common? (Quite possibly.) These are things that we can, to some extent, figure out by weighing different arguments, and to some extent by testing down the road. These are certainly important to document. Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Saturday, 1 September 2007 12:32:06 UTC