This section now appears in the draft Note Goals section.
Following Hal's point about the differences between goals and scope, this page should list the outcomes the Working Group aims to achieve through the recommended technical changes. The goals are what we want, versus how we're going to get it. Specific technical artifacts we will affect should be listed on the NoteInScope or NoteOutOfScope pages.
- usable display of the information (including simple error information)
- best practices for existing web user agent/protocol use cases
- general lessons learned, philosophy, techniques, or recommendations that can be used in the future
- techniques that render the display of security information more robust in the face of spoofing attacks
Appropriateness of Context Information
The Working Group may consider different characteristic interaction scenarios, and may make recommendations on the appropriatenes of the communication of context information in the respective scenarios.
Authoring and Deployment Techniques
The Working Group may recommend authoring and deployment techniques that enable sites to cause appropriate security context information to be communicated to users.
Best Practices Other Forms of Site-to-User Communication
Security context information will necessarily be understood by users in their broader context. That broader context will include information from protocols and mechanisms that are not part of the scope of our web security context recommendations (including email, paper mail, TV/video). To the extent that the usability of web security context information relies on businesses following best practices (or avoiding worst practices) with their users in other media, the Working Group recommendations will include that best (and worse) practice information.
Recommendation for Consistent Presentation of Security Information
The Working Group will work with browser vendors to agree upon a common set of terms, icons and metaphors by which information about web security will be communicated to users. This may include agreeing on the display of standardized indicators which reflect some imprecise concept such as "Risk Rating", even though the algorithm used to compute such a concept is unspecified and may change over time.