Web Security Experience, Indicators and Trust: Scope and Use Cases

W3C has announced an update from the Web Security Context Working Group
in the form of a published Note "Web Security Experience, Indicators
and Trust: Scope and Use Cases." Web user agents are now used to engage
in a great variety and number of commercial and personal activities.
Though the medium for these activities has changed, the potential for
fraud has not. The W3C Web Security Context Working Group, as part of
the Security Activity, was chartered to recommend user interfaces that
help users make trust decisions on the Web. The updated Note explains
the group's technical aims, complementing the WG charter. It explains
what the group aims to achieve, what technologies may be used, and how
proposals will be evaluated. This elaboration is limited to the group's
technical work and does not cover additional activities the group
intends to engage in, such as ongoing outreach and education. The work
outlined in the document is expected to take existing standards and
best practices into account; where relevant, such existing work will
be leveraged. (1) Security information within the Working Group's scope
will be catalogued, along with corresponding presentations and user
interpretations reported in user studies. (2) Members will analyze
common use cases to determine what security information the user needs
to safely accomplish their current task and recommend security
information that should, or should not, be presented in each case. (3)
The WG will recommend a set of terms, indicators and metaphors for
consistent presentation of security information to users, across all
web user agents. For each of these items, the Working Group will
describe the intended user interpretation, as well as safe actions
the user may respond with in common use cases. (4) Group members will
recommend presentation techniques that integrate the consumption of
security information by the user into the normal browsing workflow.
Presenting security information in a way that is typically ignored by
the user is of little value. (5) The Working Group will recommend
presentation techniques that mitigate deceptive imitation, or hiding,
of the user agent's presentation of security information.