Goals and Non-Goals
- Catalog the existing context information provided to the users of the Web.
- Consider the interpretations that users reasonably infer from existing information.
- Set out a series of use cases and abuse cases specifying commonplace security sensitive Web transactions and likely forms of criminal attack respectively.
- Analyze context information the user requires to safely complete the proposed use cases and prevent abuse cases.
- Perform a gap analysis to identity areas where the context information provided to the user is either insufficient or misleading
- Propose changes to the presentation of existing context information and additional context information that might be provided to close the identified security gaps.
- Propose a limited set of security conditions that may be used to sumarize the risk status to the user.
The group will not attempt to solve the following problems:
- Provision of trustworthy computing platforms.
- Design of cryptographic algorithms or protocols.
- Definition of algorithms for evaluating the security condition from the risk factors.