Search This Blog

Tuesday, April 8, 2008

Web Security Context: Experience, Indicators, and Trust

Members of the W3C Web Security Context Working Group have published
a revised version of the Working Draft specification "Web Security
Context: Experience, Indicators, and Trust." It defines guidelines
and requirements for the presentation and communication of Web security
context information to end-users; and good practices for Web Site
authors. To facilitate access to relevant background, various sections
of this document are annotated with references to input documents that
are available from the Working Group's Wiki, and to pertinent issues
that the group is tracking. The documents in the wiki include background,
motivation, and usability concerns on the proposals that reference them.
They provide important context for understanding the potential utility
of the proposals. The W3C Web Security Context Working Group focuses on
the challenges that arise when users encounter currently deployed
security technology, such as TLS: While this technology achieves its
goals on a technical level, attackers' strategies shift towards
bypassing the security technology instead of breaking it. When users
do not understand the security context in which they operate, then it
becomes easy to deceive and defraud them.

No comments: