• RecommendationDisplayProposals

Proposals for Recommendations on Security Context Information Display

This area is for suggested examples of display of security context information (good, bad, ugly), and examples of techniques aimed (at least in part) at secure (robust) and usable presentation of security context information. Part of our Jan F2F agenda included some of these examples.

We're using this list for our April "Lightening Discussions" of proposals for our recommendations.

Discussed so far (but not moved to Template form):

1. TrustMe - a potential recommendation on not relying on parsing URL strings for meaningful security context

2. Virtual Hosting and TLS

3. UrlRecommendation

4. SharedPublicKnowledge

5. Contextual Password Warnings

6. ErrorHandling

7. http://www.w3.org/2006/WSC/wiki/NoteMozillaCurrentPractice

8. Anti Patterns derived from the SSL Cerificate Dialogs example (#2)

9. http://www.w3.org/2006/WSC/wiki/NoteKDECurrentPractice

10. http://www.w3.org/2006/WSC/wiki/RobustSecurityIndicators and the robustness responses from the browsers

11. TrustedBrowserComponent

To be discussed:

1. Drop the URL Bar

2. No Security Indicator Extension

3. Self Signed Certificates

   • (added 2007-07-26)

Display Recommendations Written Using Our Tempate Recommendation Template:

• Favicons and Certificate Logos (Added to the Editor's Draft - 20070629)

• Security Protocol Error Messages (Added to the Editor's Draft - 20070629 - Needs to be updated with the new template)

• RecRevisitingPastDecisions (Added to the Editor's Draft - 20070717 - Needs updated to be consistent with the new template)

• SafeWebBrowsingTemplate (Updated in editor's draft - 20070717)

• SafeWebFormEditor (Added to the Editor's Draft - 20070629)

• Extended Validation Certificates (Added to the Editor's Draft - 20070629 - Needs to be updated with the new template)

• Secure Internet Letterhead (This has been updated to the new template - Will be added to editor's draft)

• Browser Lock Down (Added to the Editor's Draft - 20070629)

• Page Security Scoring (Added to the Editor's Draft - 20070717)

• IdentitySignal (Added to the Editor's Draft - 20070717)

• BmaBrowserRecommendations (added June 25, 2007) (Will be added to the FPWD as a Reference)

• What is a secure page? (Added to the Editor's Draft - 20070717)

• PageInfoSummary (Added to the Editor's Draft - 20070717)

• No Security Indicator (Will be added to the editor's draft)

• RobustOverride (using slightly altered template for Robustness recommendations)

• Consistent use of TLS on site

• RobustSharedSecret