Updated editor's draft available from Thomas Roessler on 2009-01-11 (public-wsc-wg@w3.org from January 2009)

From: Thomas Roessler <tlr@w3.org>
Date: Sun, 11 Jan 2009 15:00:51 +0100
To: WSC WG <public-wsc-wg@w3.org>
Message-Id: <84C66D65-67C9-45D6-8B2C-BFF04B4D26B4@w3.org>
An updated editor's draft is available:
   http://www.w3.org/2006/WSC/Drafts/rec/rewrite.html
   Web Security Context: User Interface Guidelines
   Editor's Draft 11 January 2009
   $Revision: 1.280 $ $Date: 2009/01/11 13:59:50 $

Changes:

- ACTION-550: Incorporate ACTION-525 text into editor's draft

The following text was added to the end of the EV/AA cert section:
> Note: Should certificates arise in the future that provide strong  
> assurance of the holder's identity, but do not include an  
> organization attribute, then user agents can make use of the  
> additional assurance level and identity information without  
> violating this specification. Such future certificates could, for  
> example, include high assurance certificates for individuals.

http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-evcert
- ACTION-551: Put second option from ACTION-538 into editor's draft

(This got minuted as "... from ACTION-550", which was nonsense.)

The following text:

> Whether a Web page is TLS-protected, whether the protection is weak  
> or strong, and the reasons for the value of the protection.

was changed to this:
> * What protection level is represented by the [ref TLS indicator];

> * If the Web page is [ref weakly] TLS-protected, then, what  
> conditions cause the protection to be weak (e.g., bad algorithms,  
> mixed content, ...)

http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#pageinfo-weak


- ACTION-552: Put text from ACTION-539 into editor's draft.
See: http://lists.w3.org/Archives/Public/public-wsc-wg/2009Jan/0001.html

- ACTION-553: Take change from http://lists.w3.org/Archives/Public/public-wsc-wg/2009Jan/0002.html 
  into draft

- ACTION-554: Take mez's intro section into the document, modulo the  
guidelines intending stuff, and core PKI technologies being used on  
the Web.  (See separate note.)

- ACTION-555: Send e-mail with proposed update to petnames proposal  
along lines of discussion above.

See separate note.  The change I propose is in the new editor's draft.

- ACTION-556: Put in reference to Marc Stiegler's petname paper.

- ACTION-557: Replace par 2 of 6.1.1 with this text:

> If the identity signal is available, it MUST be part of primary user  
> interface when any identity sources that are from unauthenticated or  
> untrusted sources are (also) part of the primary user interface.  
> These sources include URLs.


- ACTION-558: Include change from http://lists.w3.org/Archives/Public/public-wsc-wg/2008Sep/0013.html

These were the references to TLSv12 -- I suggested what to do in  
September, but apparently never did it.  Fixed now.

- ACTION-559: Clarify OID / OOB designation issue in beginning of  
5.1.2, see 9/24 minutes and LC-2088

I've shuffled the text around a bit, to make things more clear.   
Please have a look here:
   http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-evcert

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>
Received on Sunday, 11 January 2009 14:01:01 UTC