Re: ISSUE-186 (Petname option): Give petname as an option in identity signal [wsc-xit] from Ian Fette on 2008-03-07 (public-wsc-wg@w3.org from March 2008)

From: Ian Fette <ifette@google.com>
Date: Fri, 7 Mar 2008 14:14:25 -0800
To: "Johnathan Nightingale" <johnath@mozilla.com>
Cc: "Thomas Roessler" <tlr@w3.org>, "Web Security Context Working Group Issue Tracker" <sysbot+tracker@w3.org>, public-wsc-wg@w3.org
Message-ID: <bbeaa26f0803071414p6c85256doda4b855553127de4@mail.gmail.com>

I just wanted to point out that I'm fine with strong language in the case
that pentames exist and one is present. I think both my language and
Johnathan's are roughly equivalent and am fine with either, in the sense
that if a petname exists it's probably a good idea to dispaly it, but if it
doesn't exist I don't want to tie people's hands.

On Fri, Mar 7, 2008 at 2:04 PM, Johnathan Nightingale <johnath@mozilla.com>
wrote:

> I don't currently use petnames either, but I don't think my own lack
> of experience with them precludes a SHOULD or even a carefully worded
> MUST.  They do have some empirical support.  What about:
>
>    User agents which support petnames MUST display petnames as part
> of the identity signal.  User agents MAY indicate the lack of a
> petname as part of the identity signal as well.
>
> To the best of my knowledge, we don't have language in the current
> document which requires (MUST) petname support in the first place, but
> I think a user agent that makes the choice to expose that
> functionality should not find it particularly onerous to incorporate
> it into identity UI; that's really the whole point.
>
> As for the absence thing - I suspect that user agents will choose, for
> one thing, to only talk about petnames for SSL, since http sessions
> don't offer any assurance that you are visiting the petnamed site in
> the first place.  I think the MAY gives implementors flexibility
> around the issue, while at the same time calling attention to the fact
> that this is a thing worth considering.
>
> Cheers,
>
> Johnathan
>
> On 7-Mar-08, at 2:18 PM, Thomas Roessler wrote:
>
> >
> > On 2008-03-07 10:33:54 -0800, Ian Fette wrote:
> >
> >> Because I for one am never going to use petnames, and therefore
> >> don't want
> >> to see Petname: none always showing.
> >
> >> If a user has defiend a petname for a site, then I'm fine with
> >> language around should, but I don't want to see should without
> >> the caveat. e.g. "If a user has defined a petname for a site,
> >> that petname SHOULD be displayed as part of the identity signal"
> >> or whatever. But the "If" is important.
> >
> > There are two questions here:
> >
> > - Should petnames, if present, be part of an identity signal?
> > - Should the absence of petnames be signalled?
> >
> > I don't really have an opinion on the second one (though I'd note
> > that at least some modern browsers indicate, e.g., whether the
> > currently visited page is bookmarked -- that gets close), but I
> > think we should make a much stronger statement than MAY about the
> > first one.
> >
> > --
> > Thomas Roessler, W3C  <tlr@w3.org>
> >
>
> ---
> Johnathan Nightingale
> Human Shield
> johnath@mozilla.com
>
>
>
>

Received on Friday, 7 March 2008 22:14:38 UTC