RE: ACTION-374 - proposed re-written text for 6.3, Page Security Score

Tim,
 
Although I'd prefer a couple of your SHOULDs be MUSTs, overall I agree this
change improves the recommendation.  The clarification regarding 3rd-party
plugins in particularly welcome.
 
Thanks, MikeM

  _____  

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Timothy Hahn
Sent: Wednesday, January 23, 2008 9:09 AM
To: public-wsc-wg@w3.org
Subject: ACTION-374 - proposed re-written text for 6.3, Page Security Score



Hi all, 

>From last week's meeting (16 January 2008) I took an action to propose
re-written text for the "Page Security Score" section. 

>From the latest wsc-xit draft, the current text reads: 


--- Start --- <http://www.w3.org/TR/wsc-xit/#error-handling>  
 <http://www.w3.org/TR/wsc-xit/#page-score> 6.3 Page Security Score 


See also:  <http://www.w3.org/2006/WSC/track/issues/129> ISSUE-129 


Please refer to the following entries in the Working Group's Wiki for
relevant background information:
<http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/PageScore>
RecommendationDisplayProposals/PageScore 


The user agent MUST reduce the state of all security context information
made available to a single value. A partial order MUST be defined on the set
of possible values. 


The user agent MUST make the security context information value available to
the end user, in either primary or secondary chrome. 


The user agent MUST make the formula by which the value is calculated
available to the end user. Documentation of the user agent is the likeliest
place. 


The form of the indicator of this value will depend on the user agent and
end user abilities. The user agent SHOULD provide a a primary chrome
indicator <http://www.w3.org/TR/wsc-xit/#error-handling>  


--- End --- <http://www.w3.org/TR/wsc-xit/#error-handling>  


Here is my proposed re-written text: 


--- Start --- 
 <http://www.w3.org/TR/wsc-xit/#page-score> 6.3 Page Security Score 


See also:  <http://www.w3.org/2006/WSC/track/issues/129> ISSUE-129 


Please refer to the following entries in the Working Group's Wiki for
relevant background information:
<http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/PageScore>
RecommendationDisplayProposals/PageScore 


The user agent SHOULD provide a means of reducing the collection of security
context information which is available for any loaded page to a numeric
value (termed a "security confidence estimate"). 


The calculation algorithm for the "security confidence estimate" MAY be made
selectable by the end user or offered by separately installed user agent
plug-ins. 


The user agent SHOULD provide a visual indicator in primary chrome which
varies relative to the "security confidence estimate" value.  Examples of
such visual indicators (non-normative) are gauges, thermometers, a selection
of several textual descriptions, and color-gradations. 


The visual indicator SHOULD be especially conspicuous in display when the
"security confidence estimate" value is different than the value which was
observed for the loaded page in previous visits to the loaded page. 


The user agent MAY elect to display a visual indicator in primary chrome
only when a change in "security confidence estimate" values is observed. 


The user agent MUST make the details of all available security context
information available to the end user, in either primary or secondary
chrome. 


If a "security confidence estimate" is provided, the provider of the
implementation MUST make the calculation algorithm by which the "security
confidence estimate" value is calculated available to the end user.
Documentation for the user agent or plug-in which is employed is the
likeliest place. 


The visual realization of the "security confidence estimate" value will
depend on the user agent and end user abilities. 


--- End --- <http://www.w3.org/TR/wsc-xit/#error-handling>  



Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530

Received on Wednesday, 23 January 2008 16:38:44 UTC