Search This Blog

Wednesday, November 7, 2007

Web Security Context: Experience, Indicators, and Trust

W3C announced the First Public Working Draft for "Web Security Context:
Experience, Indicators, and Trust." The specification deals with the
trust decisions that users must make online, and with ways to support
them in making safe and informed decisions where possible. In order to
achieve that goal, the specification includes recommendations on the
presentation of identity information by Web user agents; on handling
errors in security protocols in a way that minimizes the trust decisions
left to users, and (we hope) induces them toward safe behavior where
they have to make these decisions; and on data entry interactions that
will make it easier for users to enter sensitive data into legitimate
sites than to enter them into illegitimate sites. Where this document
specifies user interactions with a goal toward making security usable,
no claim is made at this time that this goal is met... To complement
the interaction and decision related parts of this specification,
[Section] 8 'Robustness' addresses the question of how the communication
of context information needed to make decisions can be made more
robust against attacks. Finally, [Section] 9 'Authoring' and deployment
best practices is about practices for those who deploy Web Sites. It
complements some of the interaction related techniques recommended in
this specification. The aim of that section is to provide guidelines
for creating Web sites with reduced attack surfaces against certain
threats, and with usefully provided security context information. More Information See also the Last Call Use Cases Working Draft: Click Here

No comments: