- From: Mike Beltzner <beltzner@mozilla.com>
- Date: Fri, 11 Jan 2008 14:25:09 -0500
- To: Web Security Context Working Group WG <public-wsc-wg@w3.org>
Timothy Hahn wrote: > I've been frustrated that we seem to be very willing to do away with the > notion because we can't be sure that we could make it "rock solid". Nobody's dismissed the notion, Tim. The initial objection was to making this a requirement on browser UI since the value was questionable. My continued objection is on placing this in primary UI when the meaning of a single summary statistic isn't at all clear. To date, nobody has addressed the fact that "80% secure" doesn't mean anything without clicking through. What Ian, myself, Johnathan and others have suggested is that we calculate these security statistics, summarize them in a human consumable fashion (eg: "Suspicious", "Insecure", "Normal", "Identified") and only present them when there's something that requires the user's attention. Going back to the weather analogy, what I'm saying is that users don't need to see that it's a 72% nice day, they need to know when there's a tornado warning. > I've been envisioning such a "score" as more of a "confidence level" - > as in "given the information seen, this score calculator has a 80% > confidence level in the connection and site you've just landed on". As mentioned several times, I think that these sorts of confidence levels aren't easily interpreted by users whose mental model is based on notions of "safe" and "unsafe". Anytime we think there's something suspicious, we should say that, and then allow users to learn more about what, precisely is suspicious. So I'm all for combining a variety of signals to get a summary statistic, but I don't think we should leave it up to users to interpret that statistic alone. Those who want to know more should get the information we have, those who aren't interested should get our recommendation for action. I'd also support something that allows a user to tell the UI if it wants to be more or less paranoid about risk assessments, thus tweaking the points where we indicate suspicion. > Further, by allowing a user to pick which "confidence calculator" was > used, they could choose one from someone or something ... or even > written by themselves. Ok - this would really be getting into a savvy > user, I admit. But hopefully this gets explains why I think the notion > of a "score" could still work and be useful. Having such separation > might also help some organizations deal with whether or not they might > be held liable for the scores provided. Add-ons should always be allowed to add more indicators, change recommendation levels, etc. > One other useful discussion over the past day on this topic is the > aspect of "change in the score from the last time you were here". I > think this is also quite powerful and shouldn't be overlooked. A change > in score is perhaps more important to point out than the score itself. > (The "drill down" could then itemize the details on what is different). Yeah, I "liberated" that idea from key continuity management. All credit where it's due. > I still feel that giving such things in a "simple cue" (with more "drill > down" available) is better than not giving any cues at all. We agree here. Where we seem to be mismatched is that I don't think "72%" is any simpler than saying "Threat Level Purple". cheers, mike
Received on Friday, 11 January 2008 19:25:41 UTC