Re: ACTION-374 - proposed re-written text for 6.3, Page Security Score

To Mez:

I agree with your proposal and will make that be so in the draft.

To Mike:

While I, myself, would prefer stronger language, I worded the updates per 
the discussion from the group (during the weekly conference call as well 
as on the mailing list).

Regards,
Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530




From:
Mary Ellen Zurko/Westford/IBM@IRIS
To:
Timothy Hahn/Durham/IBM@IBMUS
Cc:
public-wsc-wg@w3.org
Date:
01/23/2008 01:29 PM
Subject:
Re: ACTION-374 - proposed re-written text for 6.3, Page Security Score


I propose that you also change the title of the section to "Security 
Confidence Estimate" 

          Mez






From:
Timothy Hahn/Durham/IBM@IBMUS
To:
public-wsc-wg@w3.org
Date:
01/23/2008 11:29 AM
Subject:
ACTION-374 - proposed re-written text for 6.3, Page Security Score



Hi all, 

>From last week's meeting (16 January 2008) I took an action to propose 
re-written text for the "Page Security Score" section. 

>From the latest wsc-xit draft, the current text reads: 

--- Start --- 
6.3 Page Security Score 

See also: ISSUE-129 

Please refer to the following entries in the Working Group's Wiki for 
relevant background information: RecommendationDisplayProposals/PageScore 

The user agent MUST reduce the state of all security context information 
made available to a single value. A partial order MUST be defined on the 
set of possible values. 

The user agent MUST make the security context information value available 
to the end user, in either primary or secondary chrome.

The user agent MUST make the formula by which the value is calculated 
available to the end user. Documentation of the user agent is the 
likeliest place. 

The form of the indicator of this value will depend on the user agent and 
end user abilities. The user agent SHOULD provide a a primary chrome 
indicator 

--- End --- 

Here is my proposed re-written text: 

--- Start --- 
6.3 Page Security Score 

See also: ISSUE-129 

Please refer to the following entries in the Working Group's Wiki for 
relevant background information: RecommendationDisplayProposals/PageScore 

The user agent SHOULD provide a means of reducing the collection of 
security context information which is available for any loaded page to a 
numeric value (termed a "security confidence estimate"). 

The calculation algorithm for the "security confidence estimate" MAY be 
made selectable by the end user or offered by separately installed user 
agent plug-ins. 

The user agent SHOULD provide a visual indicator in primary chrome which 
varies relative to the "security confidence estimate" value.  Examples of 
such visual indicators (non-normative) are gauges, thermometers, a 
selection of several textual descriptions, and color-gradations. 

The visual indicator SHOULD be especially conspicuous in display when the 
"security confidence estimate" value is different than the value which was 
observed for the loaded page in previous visits to the loaded page. 

The user agent MAY elect to display a visual indicator in primary chrome 
only when a change in "security confidence estimate" values is observed. 

The user agent MUST make the details of all available security context 
information available to the end user, in either primary or secondary 
chrome. 

If a "security confidence estimate" is provided, the provider of the 
implementation MUST make the calculation algorithm by which the "security 
confidence estimate" value is calculated available to the end user. 
Documentation for the user agent or plug-in which is employed is the 
likeliest place. 

The visual realization of the "security confidence estimate" value will 
depend on the user agent and end user abilities. 

--- End --- 


Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530
[attachment "smime.p7s" deleted by Mary Ellen Zurko/Westford/IBM]