On Fri, Feb 1, 2013 at 12:56 PM, Arthur Barstow <art.bars...@nokia.com> wrote:Web Security Experience, Indicators and Trust: Scope and Use Cases<http://www.w3.org/TR/2008/NOTE-wsc-usecases-20080306/>
Yeah, has anybody actually even read that notes TOC, you can scroll straight to section 2.6: http://www.w3.org/TR/2008/NOTE-wsc-usecases-20080306/#trust-decision-management
Lots of people, lots of times. It is one of the better-known truisms in designing security interfaces, and a really well-known principle for managing security on the Web.
It doesn't invalidate what Anne said - but what Anne said doesn't invalidate your suggestion either. As I said, what you propose is what most of the industry seems to already be moving towards.
Having it written in a new specification doesn't seem to make much sense - it is already there. And it is one of they key ideas repeated almost every time security or privacy comes up in relation to a specification.
cheers
Chaals
No matter how well security context information is presented, there will always be users who, in some situations, will behave insecurely even in the face of harsh warnings. Thus, the Working Group will also recommend ways to reduce the number of situations in which users need to make trust decisions.
--
Charles McCathie Nevile - Consultant (web standards) CTO Office, Yandex
cha...@yandex-team.ru Find more at http://yandex.com
cha...@yandex-team.ru Find more at http://yandex.com
