Proposals for Recommendations on Security Context Information Display

This area is for suggested examples of display of security context information (good, bad, ugly), and examples of techniques aimed (at least in part) at secure (robust) and usable presentation of security context information. Part of our Jan F2F agenda included some of these examples.

We're using this list for our April "Lightening Discussions" of proposals for our recommendations.

Discussed so far (but not moved to Template form):

  1. TrustMe - a potential recommendation on not relying on parsing URL strings for meaningful security context

  2. Virtual Hosting and TLS

  3. UrlRecommendation

  4. SharedPublicKnowledge

  5. Contextual Password Warnings

  6. ErrorHandling


  8. Anti Patterns derived from the SSL Cerificate Dialogs example (#2)


  10. and the robustness responses from the browsers

  11. TrustedBrowserComponent

To be discussed:

  1. Drop the URL Bar

  2. No Security Indicator Extension

  3. Self Signed Certificates

    • (added 2007-07-26)

Display Recommendations Written Using Our Tempate Recommendation Template: