- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Fri, 13 Jun 2008 08:57:02 -0400
- To: public-wsc-wg@w3.org
- Message-ID: <OF200F2DD8.87AE0024-ON85257467.0044E594-85257467.00472144@LocalDomain>
I've tweaked it a bit. Comments and suggestions welcome: This specification deals with the trust decisions that users must make online, and with ways that user agents support them in making safe and informed decisions where possible. In order to achieve that goal, this specification includes recommendations on the presentation of identity information and other security context information by Web user agents. We also include recommendations on handling errors in security protocols. The error handling recommendations both minimize the trust decisions left to users, and represent known best practice in inducing users toward safe behavior where they have to make these decisions. To complement the interaction and decision related parts of this specification, 7 Robustness addresses the question of how the communication of context information needed to make decisions can be made more robust against attacks. This document specifies user interactions with a goal toward making security usable, based on known best practice in this area. Subsequent testing of this specification will include conformance, interoperability, and usability teting. This specification comes with two companion documents: [WSC-USECASES] documents the use cases and assumptions that underly this specification. [WSC-THREATS] documents the Working Group's threat analysis.
Received on Friday, 13 June 2008 12:57:37 UTC