This section now appears in the draft Note Available security information section.

(A sub-section of the NoteIndex)

Bill Doyle will be filling out this section according to ACTION-58

This section should also include the data from ContextPresentation.

Security context is available from a number of sources, for this document sources of security context have been identified as Protocol/Service, API/Application and User Data (eg: history, bookmarks and stored identifiers)

Security Context Available

Protocols/Services

Protocols and services used in a web session that operate in a predictable method according to a defined standard (e.g. NIST, IETF and W3C).

Applications / APIs / Browser Services

Browser services, applications, services, extensions and APIs and that support the user or enhance web capabilities. Services in this section may make use of standards based protocols and services or custom/proprietary services and capabilities.

* HTTP content in an HTTPS page (mixed security modes)

User Data

Any data about the web service that is entered/configured/managed by the user.

Design Principles UI Mixed Secuirty Modes

(NOTE: Holding Place for this information Action Item 381 - mixed security context)

Security context MUST be seperated into trusted and untrusted sources and kept isolated when presented to the user. Developers and browser development community need to collaborate and further security standards in order to ensure that the user community is presented with consistent and clear information on the capabilities of a given trusted web site.

The following are some of the current issues involved with mixed security context (e.g HTTPs but clear text forms)