Re: ACTION-374 - proposed re-written text for 6.3, Page Security Score from Ian Fette on 2008-01-23 (public-wsc-wg@w3.org from January 2008)

From: Ian Fette <ifette@google.com>
Date: Wed, 23 Jan 2008 14:21:34 -0800
To: "Timothy Hahn" <hahnt@us.ibm.com>
Cc: public-wsc-wg@w3.org
Message-ID: <bbeaa26f0801231421l47846c72md3c03d779d3fdfc5@mail.gmail.com>
I think that what I was saying on the call, and I heard the same from
at least Johnathan, was that it's unclear what it means even if you
have a dial, or "3 bars out of 4". At the end, it doesn't help me
decide whether to proceed or not. The indirection didn't solve this
problem.

On Jan 23, 2008 2:13 PM, Timothy Hahn <hahnt@us.ibm.com> wrote:
>
> Ian,
>
> Thanks for the feedback.
>
> I tried to express a level of indirection between what is displayed (I
> referred to this as a "visual indicator") and the value itself (which I
> referred to as the "value").  This indirection was meant to allow for a
> difference between what is displayed and the "raw score" value itself.
>
> I welcome suggestions on making this more clear in the write-up.
>
> Relative to your desire for MAY vs. SHOULD - given the different opinions of
> the people that have been discussing this, I made the bold decision that
> SHOULD seemed appropriate.
>
>
> Regards,
> Tim Hahn
>  IBM Distinguished Engineer
>
>  Internet: hahnt@us.ibm.com
>  Internal: Timothy Hahn/Durham/IBM@IBMUS
>  phone: 919.224.1565     tie-line: 8/687.1565
>  fax: 919.224.2530
>
>
>
>
>  From: "Ian Fette" <ifette@google.com>
>  To:
> Timothy Hahn/Durham/IBM@IBMUS
>  Cc:
> public-wsc-wg@w3.org
>  Date: 01/23/2008 04:55 PM
>
>  Subject: Re: ACTION-374 - proposed re-written text for 6.3, Page Security
> Score
>
>
>  ________________________________
>
>
>
> I'm still unclear on the following two points:
>
>  The user agent SHOULD provide a visual indicator in primary chrome
>  which varies relative to the "security confidence estimate" value.
>  Examples of such visual indicators (non-normative) are gauges,
>  thermometers, a selection of several textual descriptions, and
>  color-gradations.
>
>  The visual indicator SHOULD be especially conspicuous in display when
>  the "security confidence estimate" value is different than the value
>  which was observed for the loaded page in previous visits to the
>  loaded page.
>
>  It sounds to me like there was a lot of agreement on the call that
>  changes in this score might be informative. I don't think there was
>  any agreement that the raw score itself was informative. I don't
>  understand why we're saying that the score SHOULD be indicated in
>  primary chrome, nor do I understand why it makes sense to show it if
>  the score has changed (i.e. "Hey, this was 78 and now it's 68" -
>  "Great, what does that mean"). I think it may make sense (MAY) to call
>  out what changed, but calling out the score (either normally, or even
>  when it changes) still makes no sense to me.
>
>  I would love to see these SHOULD -> MAY
>
>  -Ian
>
>  On Jan 23, 2008 10:41 AM, Timothy Hahn <hahnt@us.ibm.com> wrote:
>  >
>  > To Mez:
>  >
>  > I agree with your proposal and will make that be so in the draft.
>  >
>  > To Mike:
>  >
>  > While I, myself, would prefer stronger language, I worded the updates per
>  > the discussion from the group (during the weekly conference call as well
> as
>  > on the mailing list).
>  >
>  > Regards,
>  >
>  > Tim Hahn
>  >  IBM Distinguished Engineer
>  >
>  >  Internet: hahnt@us.ibm.com
>  >  Internal: Timothy Hahn/Durham/IBM@IBMUS
>  >  phone: 919.224.1565     tie-line: 8/687.1565
>  >  fax: 919.224.2530
>  >
>  >
>  >
>  >
>  >  From: Mary Ellen Zurko/Westford/IBM@IRIS
>  >  To:
>  > Timothy Hahn/Durham/IBM@IBMUS
>  >  Cc:
>  > public-wsc-wg@w3.org
>  >  Date: 01/23/2008 01:29 PM
>  >  Subject: Re: ACTION-374 - proposed re-written text for 6.3, Page
> Security
>  > Score
>  >  ________________________________
>  >
>  >
>  >
>  > I propose that you also change the title of the section to "Security
>  > Confidence Estimate"
>  >
>  >           Mez
>  >
>  >
>  >
>  >
>  >
>  >
>  >  From:
>  > Timothy Hahn/Durham/IBM@IBMUS
>  >  To:
>  > public-wsc-wg@w3.org
>  >  Date:
>  > 01/23/2008 11:29 AM
>  >  Subject: ACTION-374 - proposed re-written text for 6.3, Page Security
> Score
>  >  ________________________________
>  >
>  >
>  >
>  >
>  >
>  > Hi all,
>  >
>  > From last week's meeting (16 January 2008) I took an action to propose
>  > re-written text for the "Page Security Score" section.
>  >
>  > From the latest wsc-xit draft, the current text reads:
>  >
>  > --- Start ---
>  > 6.3 Page Security Score
>  >
>  > See also: ISSUE-129
>  >
>  > Please refer to the following entries in the Working Group's Wiki for
>  > relevant background information: RecommendationDisplayProposals/PageScore
>  >
>  > The user agent MUST reduce the state of all security context information
>  > made available to a single value. A partial order MUST be defined on the
> set
>  > of possible values.
>  >
>  > The user agent MUST make the security context information value available
> to
>  > the end user, in either primary or secondary chrome.
>  >
>  > The user agent MUST make the formula by which the value is calculated
>  > available to the end user. Documentation of the user agent is the
> likeliest
>  > place.
>  >
>  > The form of the indicator of this value will depend on the user agent and
>  > end user abilities. The user agent SHOULD provide a a primary chrome
>  > indicator
>  >
>  > --- End ---
>  >
>  > Here is my proposed re-written text:
>  >
>  > --- Start ---
>  > 6.3 Page Security Score
>  >
>  > See also: ISSUE-129
>  >
>  > Please refer to the following entries in the Working Group's Wiki for
>  > relevant background information: RecommendationDisplayProposals/PageScore
>  >
>  > The user agent SHOULD provide a means of reducing the collection of
> security
>  > context information which is available for any loaded page to a numeric
>  > value (termed a "security confidence estimate").
>  >
>  > The calculation algorithm for the "security confidence estimate" MAY be
> made
>  > selectable by the end user or offered by separately installed user agent
>  > plug-ins.
>  >
>  > The user agent SHOULD provide a visual indicator in primary chrome which
>  > varies relative to the "security confidence estimate" value.  Examples of
>  > such visual indicators (non-normative) are gauges, thermometers, a
> selection
>  > of several textual descriptions, and color-gradations.
>  >
>  > The visual indicator SHOULD be especially conspicuous in display when the
>  > "security confidence estimate" value is different than the value which
> was
>  > observed for the loaded page in previous visits to the loaded page.
>  >
>  > The user agent MAY elect to display a visual indicator in primary chrome
>  > only when a change in "security confidence estimate" values is observed.
>  >
>  > The user agent MUST make the details of all available security context
>  > information available to the end user, in either primary or secondary
>  > chrome.
>  >
>  > If a "security confidence estimate" is provided, the provider of the
>  > implementation MUST make the calculation algorithm by which the "security
>  > confidence estimate" value is calculated available to the end user.
>  > Documentation for the user agent or plug-in which is employed is the
>  > likeliest place.
>  >
>  > The visual realization of the "security confidence estimate" value will
>  > depend on the user agent and end user abilities.
>  >
>  > --- End ---
>  >
>  >
>  > Tim Hahn
>  > IBM Distinguished Engineer
>  >
>  > Internet: hahnt@us.ibm.com
>  > Internal: Timothy Hahn/Durham/IBM@IBMUS
>  > phone: 919.224.1565     tie-line: 8/687.1565
>  > fax: 919.224.2530
>  >
>  > [attachment "smime.p7s" deleted by Mary Ellen Zurko/Westford/IBM]
>  >
>  >
>  >
>
>
>
Received on Wednesday, 23 January 2008 22:22:06 UTC