- From: Ian Fette <ifette@google.com>
- Date: Fri, 11 Jan 2008 14:35:02 -0800
- To: "Anil Saldhana" <Anil.Saldhana@redhat.com>
- Cc: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Which is still just a single factor (what you know)...
On Jan 11, 2008 2:26 PM, Anil Saldhana <Anil.Saldhana@redhat.com> wrote:
> Many of the US banks are going towards multi-factor knowledge based
> authentication, like displaying a favorite picture of yours and such.
>
>
> Mike Beltzner wrote:
> >
> > michael.mccormick@wellsfargo.com wrote:
> >> There seems to still be some lingering misunderstanding about the
> >> security score. It does not specify how the score should be presented
> >> in primary chrome. The UA is free to render it as anything from a
> >> padlock to a color-coded address bar to a traffic light to whatever.
> >> The raw score is not displayed in the primary UI.
> >
> > The disagreement is in that I don't believe a single "score" will ever
> > hold value. A recommendation or advice based on a score, is what I would
> > suggest we advocate in our document.
> >
> > The user who needs a recommendation for action (ie: "Is this page
> > safe?") won't benefit from a score ("72% safe!"), as it won't hold any
> > specific meaning to them.
> >
> > The user who wants to know more about why a specific recommendation has
> > been given (ie: "Why are you saying that this page is suspicious, it
> > looks like my bank!") won't benefit from a score ("because it's onlye
> > 72% safe!") because they need more detail.
> >
> > Both of these users are served by a system where security risks are
> > called out by the browser ("Note: This page is suspicious!
> > (Details...)") and then further explanation is given (the certificate
> > changed, it's not high on the network of trust, etc).
> >
> > cheers,
> > mike
> >
>
> --
>
> Anil Saldhana
> Project/Technical Lead,
> JBoss Security & Identity Management
> JBoss, A division of Red Hat Inc.
> http://labs.jboss.com/portal/jbosssecurity/
>
>
Received on Friday, 11 January 2008 22:35:21 UTC