Re: One more possible hole in UI? from Berin Loritsch on 2001-03-26 (www-forms@w3.org from March 2001)

From: Berin Loritsch <bloritsch@apache.org>
Date: Mon, 26 Mar 2001 09:36:35 -0500
To: "John J. Barton" <John_Barton@hpl.hp.com>, XForms Mailing List <www-forms@w3.org>
Message-ID: <3ABF53F3.2BD2BA15@apache.org>

"John J. Barton" wrote:
> 
> At the risk of clouding this discussion on passwords,
> here is a different perspective.
> 
> The XFORMs goal is to separate presentation, logic,
> and data.
> 
> Shouldn't the "data" representation for a password
> different than "string"?  Yes I suppose a few million
> passwords have been sent as "string" (clear text),
> but at least we could contemplate encrypted text as
> the default for a new world of XFORMs.  If XFORMs
> has a special type for currency, wouldn't one for
> passwords be ok?

My oppinion is that if data is sensitive, then encrypt
it.  I think that encryption is a completely separate
concern than what the XForms proposal is trying to
enable.  I wouldn't want a partially encrypted form.
The complexity involved doesn't provide the payoff
for an all or nothing approach.  To me, weak encryption
is no better than no encryption.

If I have some sensitive information on a form, and
the rest is not sensitive, I would tend to take the
brute force method of making it all encrypted.

> If one had a datatype password, then various presentations
> can fill such slots.  One presentation could be textbox.
> The user agent would be obligated to apply "*" over
> inputs to any textbox that solicits input for type "password".
> Another presentation could be a table of buttons like
> an ATM keyboard.

I can see the advantage of that approach.  Basically, you
can have the data modeller and the form designer working
simultaneously on different parts of the system.  The data modeller
would want to ensure that a data element is "protected" from
the casual eye.  Regardless of what the Form designer put
there, the information would not be displayed.

In reality, I have the feeling that the two approaches will
be highly cooperative.  All the early design work will specify
what is and is not a protected field.  Both the data modeller
and the UI designer would have to agree to protect the data
in some way.

I really don't think that transport issues such as encryption
should be an embeddable part of the XForms spec.

Received on Monday, 26 March 2001 09:39:08 UTC