Revisiting Past Decisions


This proposal addresses the following goals:

Use Case

See use case 18.


Security decisions made interactively often become persistent, and affect a user's security context. Current web user agent user interfaces do not enable users to understand to what extent their user agent's presentation of security context information depends on decisions that were entered interactively, and which might therefore be more prone to error than trust decisions that are part of software as shipped.

Conformance Requirement

User agents MUST enable users to access a history of interactive security decisions that affect the user agent's interpretation and presentation of the user's current security context. User agents MUST enable users to revert such decisions.

Implementation techniques


Note that this suggests adding "user's past trust decisions" to the available context information.

Expected user behavior

A core assumption of this requirement is that users might make trust decisions interactively, and that these decisions are error-prone. The aim of this scenario is to give users a possibility to find out what trust decisions they -- consciously or inadvertently -- made in the past, and to let them revisit these decisions at a later stage.


Compliance with this requirement does not necessarily lead to a change in the user's everyday browsing experience.


Interactive security decisions are known to be error-prone, yet they often become persistent and influence future browser behavior.

(The following is not for inclusion in the draft.)

Original Proposal: Revisiting Past Decisions

During discussion, the following questions came up:

The proposal was discussed at the 18 April 2007 WSC WG conference call.