ISSUE-139
Clarify UX of CoSL
- State:
- CLOSED
- Product:
- wsc-xit-past-062008
- Raised by:
- Mary Ellen Zurko
- Opened on:
- 2007-12-14
- Description:
- 6.1.2
"During interactions with a Web page for which any of the resources involved was retrieved through a weakly TLS-protected transaction, the identity signal must be indistinguishable from one that would be shown for an unprotected HTTP transaction, unless a change of security level has occured."
This seems to be the first place in the document that implies anything about what "change of security level" (CoSL) should/must be like from a user experience (UX). And the implication is, at the least, that it is _not_ the same as the UX for weakly TLS-protected web pages. We need to be more explicit about the UX for CoSL; at least about this level assumption. A straw-cat crack at it would be adding the following to 5.5:
A web user agent that displays any security context information in primary user interface MUST display a different form of security context information for change of security level and weakly TLS-protected transactions.
- Related Actions Items:
- No related actions
- Related emails:
- ISSUE-139: Clarify UX of CoSL [wsc-xit] (from sysbot+tracker@w3.org on 2007-12-14)
Related notes:
Added to xit as open issue under section 6.1.2
Anil Saldhana, 21 Jan 2008, 22:14:03Display change log