NoteInScope - W3C Web Security Context Wiki

This section now appears in the draft Note In scope section.

(A sub-section of the NoteIndex) [Mez drafted the original list; other contributions welcome.]

Following Hal's point about the differences between goals and scope, this page should list specific technical artifacts, like protocols or software components, that are the subject of the Working Group's activity. The list of outcomes the Working Group aims to achieve should be listed on NoteGoals or NoteNonGoals. Tyler thinks the distinction between scope versus goals is one of means versus ends. Mez thinks scope can cover items that we don't concentrate on; goals covers what we concentrate on. Tyler thinks things "we don't concentrate on" are NoteNonGoals, in Hal's terminology. Tyler remembers a statement to the effect that NoteNonGoals are things we might achieve, but won't put any effort into achieving.

In scope

Web protocols

This Working Group is focused on user interaction with web resources that are accessed through HTTP, HTTPS or SOAP.

Web user agents

Use cases considered by this Working Group must involve a web user agent, operated by a human user. The web browser commonly found on desktop computers is the canonical web user agent; though any user agent that presents information retrieved via a web protocol is in scope. This range includes everything from rich clients on desktop computers, to web browsers found on mobile phones and other constrained devices. In all instances, the use case is only relevant to this Working Group if the presentation of security context information should affect the user's interaction with the web resource.

Source identification

A primary concern of this Working Group is the presentation of information identifying the source of content presented to the user. Relevant source identifiers are provided by the web protocol, or an underlying protocol, such as DNS or SSL. The Working Group may also recommend against presentation of source identifiers deemed to be unreliable.

This working group notes that the collection of corroborating information from multiple independent sources is important for users in determining what entity they are interacting with over the web. Presenting such collected knowledge/evidence, and whether that information is, indeed, from independent sources is something this working group may consider.

Third-party recommendations

The presentation of third-party information about a source is in scope. Potential third-parties include certificate authorities and reputation services integrated into the user agent.

Historical browsing information

The Working Group may also use information about past interactions between the user and a web site in presentation recommendations. Relevant historical browsing information includes source identification information used in past browsing sessions, as well as information provided by the user to the host during those sessions.