- From: Thomas Roessler <tlr@w3.org>
- Date: Thu, 25 Oct 2007 11:34:34 +0200
- To: WSC WG <public-wsc-wg@w3.org>
Minutes from our meeting on 2007-10-02 were approved and are
available online here:
/home/roessler/W3C/WWW/2007/10/02-wsc-minutes.html
A text version is included below the .signature.
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
Web Security Context Working Group face-to-face
2 Oct 2007
See also: [2]IRC log, [3]Agenda
Attendees
Present
Luis Barriga, Johnathan Nightingale, Tyler Close, Rachna
Dhamija, Serge Egelman, Ian Fette, Mary Ellen Zurko, Phillip
Hallam-Baker, Maritza Johnson, Daniel Schutzer, Yngve Pettersen,
Hal Lockhart, Michael McCormick, Anil Saldhana, Thomas Roessler
Regrets
Bill Doyle, Tony Nadalin
Chair
MEZ
Scribe
tyler, johnath, ifette, tlr, Mez
Contents
* [4]Topics
1. [5]Agenda Bashing
2. [6]Mozilla demos
3. [7]Ceremonies for Secure Data Entry
4. [8]Low-fi Prototyping and Usability Testing
5. [9]conformance labels
6. [10]interim agenda bashing
__________________________________________________________________
Agenda Bashing
mez: Should we start with the Mozilla demos? ...
... and then on to the...
... lo-fi prototyping in the afternoon and ceremonies for secure data
entry
... FPWD issues tomorrow...
... We don't need to get through all these issues before FPWD ...
... Any of the last items could be moved forward on the agenda...
... no suggestions, so let's go with that agenda ...
... Mozilla demos is up next ...
Mozilla Demos
johnath: Showing bugzilla report for "Make general page of certificate
viewer easier to understand"...
Mez: Please go slower, I didn't see how you opened that dialog
Johnath: we're showing "owner" in this demo, but we won't do that in
the product since we think many SSL cert providers are not verifying
this information
... In general, SSL providers are only verifying the domain name, not
the distinguished name
... this is one of the places where EV would be useful ...
... our users seem to like getting the owner information ...
... we've had some bugzilla comments and emails from users asking for
the owner information to be displayed
... it's hard to tell how representative those comments are
... could just be early adopter preferences
Mez: these thought leaders are sometimes crucial to getting reviews and
getting software to the user base
Johnath: we leave presentation of more technical details to the
extension community
... the next section covers cookies
... we provide information about whether or not there are cookies
Mez: How do you tally the web site visit counter?
Johnath: We've always thought there's room for improvement in browser
history presentation
... we like some of the Opera features
... for example accessing the history from the location bar
Ian: What's the point of view cookies, as opposed to just showing
statistics about cookies?
Johnath: Yes, we're providing the cookie viewer for historical reasons
... I wouldn't suggest this for the FPWD
tyler: How do you filter the page views to remove automated page views?
Johnath: We have some controls on redirects, but after that it gets
pretty hard
<Zakim> Mez, you wanted to ask yngve about history
Hal: I had the same question, as well as about the definition of "web
site"
<Zakim> tlr, you wanted to wonder about interaction between "view saved
passwords" and PII-bar like proposals
tlr: I think the "view saved passwords" functionality is critical
... I think we might want to put something about this in the spec
Johnath: I shouldn't answer the question about how we define a web
site, because I'm having trouble remembering what we implemented
... could be everything but the CGI parameters in the URL
Hal: so this is more like page, than web site then
Johnath: Again, don't take these as accurate answers
... maybe it is actually using the same identifier as HTTP auth
... view passwords only shows the hostname and corresponding username
<Zakim> Mez, you wanted to ask Yngve again
Mez: Yngve, what is Opera doing with history
yngve: History browsing from the location bar, as Johnath mentioned ...
... new feature is searching the cache ...
phb: I think we need a way for the site provider to get some
abstractions into this presentation
... for example, cookies are used for so many purposes
Johnath: Yes, but our users want the cookie information
phb: Never liked cookies to begin with, but we need them for state
storage
... if there was a replacement mechanism, many sites would use that
<tlr> rathole!
Johnath: People are sensitive about cookies
... we need an instrumented Firefox to see how people are using these
features
tyler: I think any alternate state mechanism would also face these user
perception and presentation issues
Johnath: Agreed
<Zakim> ifette, you wanted to say we're not the right forum
Ian: We're probably not the right WG to be considering alternate state
mechanisms
... Maybe we should talk about length restrictions
Yngve: 4k limit
tlr: redesigning cookies is out of our scope and also isn't going to
happen any time soon
... designing DOM APIs is coming up in the HTML WG ...
... as well as APIs for local SQL database access ...
... P3P covers the intent issues we've been discussing ...
Yngve: cookies provide the needed API
phb: no cookies provide a more powerful API than is needed
Jonath: Moving on to malware
... we use a blacklist to identify attack sites ...
... about 250,000 active malware sites
... we show this full screen warning when we hit one
... we don't offer a click through to get to the site
... with malware, you are in trouble before you see the site, because
it uses a browser bug
... there is an option for reporting an incorrect classification of a
malware site
... not sure what this WG should recommend here
tyler: There are difficult liability issues here
Johnath: Yes, and we've had some discussions about what to do about
this for the product version
... Moving on to Identity signal
... We don't know the owner, but we know the domain name and so we show
that in the identity signal presentation
... we don't like the lock icon and so are switching to this
presentation
yngve: We've had concerns with showing the location information, given
that the user might not know the real location information
Johnath: Yes, and some information in the certificate is not vetted
well
... we put the favicon in the identity signal because it is meaningful
to users
... You can always interact with the identity signal, but we don't
provide any information for non-SSL sites
... we also didn't want to have an always on display that wouldn't show
anything useful for HTTP sites, which make up most of the Web
... We provide more information when we find an EV cert
Hal: The current display seems confusing. It's unclear what's verified
versus validated
Johnath: Yes, we're still working on this
Ian: You're showing the hostname multiple times in the display, taking
up a lot of space
Johnath: Yes, but the complexity of SSL makes it hard to have simple
rules about which display we can omit
... we're doing some mockups here though
tyler: Yngve's comment about the user not knowing the actual owner name
also applies to the domain name
... the ability to show a victim's favicon in the display, alongside
the similar domain name, could make an effective phishing attack
Johnath: Yes, we're not looking at this display as an anti-phishing
measure
... I don't think this is going to help defend against attacks any more
than the lock icon does, but I don't think that should constrain what
we do in this space
<Zakim> Mez, you wanted to be surprised that you don't include a
negative indicator since lack of indicator doesn't work and to talk
screen real estate
Johnath: but I personally suspect that users could become habituated to
this display and come to expect it and use it
Mez: Could you clarify why you will use screen space for positive
indicators, but not negative indicators
Johnath: For this case, the negative indicator would always be on, due
to the prevalence of plain HTTP, so it wouldn't be useful
phb: It is apparent to me that the favicon is a button, as you're using
it here
... We're also taking to worst piece of security context information we
have, and focusing attention on it
... As a user, my assumption would be that the favicon is the most
important security indicator
Johnath: I don't think users will form that opinion
phb: This UI screams to me that "I am about security", and I press the
favicon to access it
Johnath: I don't know if this discussion has to be about the security
aspects of this presentation
Dan: For some companies, the domain name may be more meaningful than
the owner name, which is just a holding company
Johnath: These companies can choose what name they purchase in their EV
cert
... these companies also don't have to get an EV cert, in which case we
use the domain name...
... this presentation comes out of the existence of EV, and us finding
a way to present that data
maritzaj: What is the star for?
Johnath: bookmark
maritzaj: This UI is for someone who is on a page and wants more
information
... ?
Johnath: It also helps when someone phones a friend for advice and
needs a way to identify the site
... We see this UI as part of creating a security context, where you
have multiple cues for how legitimate a site is
<Zakim> tlr, you wanted to speak to relevance of favicon design
decision and also ask about d/b/a for certificates
Johnath: the same reasoning led us to turning the address bar yellow
tlr: the bookmark presentation may only help with entry pages, like the
home page for a site
... ISSUE-109
<tlr> tlr: d/b/a in EV?
<tlr> johnath: must be registered; O field length limited
<tlr> ... no separate field for d/b/a ...
Anil: I am not sure what the controls are on the CA name display?
Johnath: Each browser chooses what CAs to build in and how to name them
... the CAs liked that the IE7 display cycled between the site's name
and the CA's name
<Mez> close the queue
Johnath: we haven't done that because we think users are most concerned
with who they are interacting with, not who they bought their cert from
... we put the CA name there to make it clear that it is not Firefox
that vetted the site
Mez: Let's wrap
Ceremonies for Secure Data Entry
<ifette> ScribeNick: johnath
Mez: next item on agenda is ceremonies for secure data entry
<Mez> [11]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#ceremonies
Mez: my recollection is that we have some conformance language... do
we?
... section 6 is still really empty, even though we've had some
discussions of proposals
tyler: At the last f2f we agreed on a template - why isn't that going
directly into the editor's draft?
tlr: the basic point at which I started to deviate from the template
was when I realised we had overlapping content
... by just copying it straight, we wouldn't have gotten a coherent
story
... I tried to isolate core conformance language to get something more
coherent
... you'll notice that there's nothing in there for the PII editor bar
... SBM did make it in, after a call where we tried to work it into
FPWD format
... Now we can do that for PII
tyler: so I already filled out every step of the template, and it
represents something in its current form that I intend to test, so if
you're going to change it, that's important to discuss
Mez: since those templates do have conformance language called out,
anything in the listed set of recs that isn't represented in the FPWD
section 6 should be discussed
tlr: SBM and browser lockdown have both been discussed on the call,
language has been put into section 9
... trusted component got proposed to a certain point, but wasn't taken
to completion
... trusted component and PII editor bar are the two remaining, and we
need to determine to what extent they overlap
Mez: so "SBM, Browser Lockdown?" should be removed from the document
... I would like to spend this part of the agenda focusing on the
conformance language we have in play for PII, Trusted Component
... any discussion of other parts of those proposals, or other
proposals, I would like to queue up as a separate agendum
ifette: Discussion about other parts of these proposals?
Mez: discussions about "why it might help, what it might look like" etc
ifette: thomas has been asking questions about the details, and they
haven't all been answered
Mez: I think the other parts of the proposals, the motivation, is
important, and I don't like to drop it, but I think we should focus on
normative language in this item
tyler: I would like to cover that data, see it included
dan: agrees with tyler.
tlr: will wait for separate agenda item
Mez: so, we're going to talk about conformance language associated with
trusted component and pii editor bar.
... does anyone have pointers to conformance language, or outstanding
issues?
<tlr> [12]http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent
<asaldhan>
[13]http://www.w3.org/2006/WSC/drafts/rec/Overview.html#piieditor
[14]http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent
<tlr> [15]http://www.w3.org/2006/WSC/drafts/rec/Overview.html#piieditor
tlr: basically the question with TrustedBrowserComponent is what it
includes that PII is missing, would suggest starting with PII
Mez: where is conformance language
tlr: 2.4.7
<tlr>
[16]http://www.w3.org/2006/WSC/drafts/rec/Overview.html#piieditor-confo
rmance
Mez: proposes break
<tlr> 30 min brea
<tlr> +k
back in half an hour
we're back
<ifette>
[17]http://www.w3.org/2006/WSC/drafts/rec/Overview.html#piieditor-confo
rmance
ifette: I seem to recall that it used to be the case, that this was
non-normative, lots of examples - where did it go?
Mez: 2.4.1-2.4.6 has that, but I want to focus on conformance language
here
... starting with 2.4.7.1
<Zakim> ifette, you wanted to ask a question
ifette: I seem to recall there was discussion of users having to fill
each form individually, is there conformance language on that?
tyler: second paragraph
ifette: so how does one infer whether that's field-by-field or
whole-form?
... I feel like I could read that to mean "the user tells me to fill
all fields"
tyler: if you can indicate to the user which fields are filled all at
once, that would be fine, but there is a concern around hidden fields
yngve: I have a comment on 2.4.7.5
... I don't like the langauge about public keys matching, it should be
certificate
Mez: because of collision?
yngve: could be collision, could be deliberate, either because a key
was stolen, or because a company intentionally re-uses the key on
multiple certs
tyler: I don't see that as a bad practice though - same key implies
same entity
<Zakim> tlr, you wanted to ask if this breaks session management
techniques
tyler: the paragraph that starts "The first check in the matching
algortihm" gives motivation
tlr: back to earlier point about hidden form fields - hidden fields are
used to manage sessions
... sites can pass a token along using hidden fields, so I have a
problem with the idea that ALL fields require explicit user consent
tyler: PII bar only cares about transferring information from PII
database to form fields, leave hidden fields alone
<ifette> +1 to PHB
PHB: the language reflects tyler's intent well, I think, but it is too
complex.
... there are systems of this type that could be valuable
<tlr> hal, mez, ISSUE-110
<Mez> tx tlr
PHB: if you look at the type of information that people are asked to
fill in to forms, very little is security sensitive
... I think it is a good recommendation to say that sensitive
information be extracted to a secure dialog, but not this level of
detail
... compare this description to the cardspace user experience
... tradeoff between security risk, and user annoyance
hal: reacting to the comment that same key implies same entity, that
runs contrary to PKI orthodoxy for 20 years
tyler: if both certs specify the same public key, then either can
impersonate the other
... if I have a matching public key, and we have the same private key,
then I can sign things as you, using your certificate, which is public
PHB: certs can be revoked too
tyler: the language does say both certs have to be valid
Mez: tlr is on the meta queue
tlr: I think hal's assertion is that when a secure transaction happens,
it's associated not only with the key, but with the certificate used
with it
tyler: I'll wait till I can see an actual example
hal: the example is a person using the same key with both a
low-assurance and a high-assurance cert
<Zakim> ifette, you wanted to talk about partitioning data
Mez: it sounds like the attack is all about repudiation, and that's not
really an issue here
tyler: agree
ifette: phil brought up an interesting point about data you "really"
want to protect, versus other information
... are zip code, birthdate, personally identifiable?
... we can rathole on defining the dividing line
hal: I would say it's different from person to person
tyler: this issue always comes up, but when you dig through scenarios,
the information about unimportant stuff like that is often remembered
by the site anyhow
PHB: we still seem to be in this mindset of "we've got to create a
state transition in the user, that causes the user to release sensitive
data"
... but the user is the least secure element in the system
tyler: who else is going to decide what information the user will give
out?
PHB: what we're doing here is creating a ceremony for disclosing
sensitive data, to train users never to interact with forms at all
tyler: that's what I'm recommending
PHB: but you've still got the user in there deciding whether the site
is trustworthy
tyler: I'm actually not doing that. I'm saying "this is a site you've
interacted with in the past, and shared the following information" vs.
"this is a site you've never communicated with"
<Zakim> Mez, you wanted to ask about petname conformance language
Mez: there seems to be no conformance language around pet name, though
the noun "pet name" is in the document
... is that supposed to be there?
tyler: I'm pretty sure there's information in the description section,
and that should probably get into conformance document
... I'd really like it all to get into the draft
Mez: will you take an action to pick up the pet name conformance
language?
tyler: I think I can do it
tlr: should we identify the part of hte language we're talking about
here
<scribe> ACTION: tyler to write up additional conformance language for
pet name components of PII Editor Bar recommendation [recorded in
[18]http://www.w3.org/2007/10/02-wsc-minutes.html#action01]
<trackbot-ng> Created ACTION-300 - Write up additional conformance
language for pet name components of PII Editor Bar recommendation [on
Tyler Close - due 2007-10-09].
<Mez> 2.4.2.1 I tx
<tlr> tyler: When the user tries to give a secret to a site for the
first time, they get walked through process of establishing
relationship. Stage in there in which credentials are shown, when user
accepts credentials, then petname is bound to these credentials.
ifette: I shop online, I go to a lot of random places. If I am buying
something from abc.com for the first time, and I get to a form that
asks for my credit card information, at what point am I going to
interact with PII bar
tyler: never. You interacted directly with the form, you didn't summon
the pii bar
... the hope is that pii is useful enough that when users see a form
like that, they think "I want the pii bar to do this for me" and uses
some gesture to invoke it
<tlr> form information only stored in client when user explicitly
interacts with PII Bar
ifette: so another question - if I think it's improbable that I'm
coming back - I don't want to create a relationship, I just one to
"one-time" it
... do we have that option? Does that make sense?
tyler: it makes sense, but the idea is to make it so unburdensome that
you won't resist it
ifette: right now, my form filler is handy, I type a couple digits and
it autofills
tyler: that's convenient, but creates an exposure
Mez: most phishing attacks pretend to be somewhere you've already
visited, to get your credentials. So part of this proposal helps create
an experience that makes it obvious to the user that they aren't in the
familiar place
... is that goal an actual subsection of 2.4.7?
tyler: that sounds like Why instead of What
Mez: the what could be "Remember stuff and only show it when
appropriate"
tyler: 2.4.7.1 is about the selection of a text string
ifette: is it possible with teh current conformance language, to just
go to bankofamerica.com and have PII handle everything to log me in,
including working through any passmark style guardians
dan: I think that could be in scope, especially if the site helped out
tyler: I recall yngve telling us that banks were blocking Opera because
of its form filler auto-filling passwords. So doing that would raise
the same problems
dan: tyler, are you talking malware?
tyler: my online stock trading site asks me to re-enter my password on
transactions - I imagine they do that to make sure I'm there, form
filling undermines that
tlr: there are two points here. One is that password entry helps
suggest to the user that something important is happening
... the PII bar would undermine that
tyler: that assertion requires backing.
tlr: the second point - why don't banks like login information to be
cached? The client might be subverted, and that's a real concern with
storing this data either way
Mez: it would be a compelling data point for me, to talk about the
pharma community, which requires special interactions for certain
electronic signature requirements
PHB: I think we're delving too far down into mechanism, instead of
mechanism
<Mez> the pharm standard is 21 CFR 11
PHB: I'm hearing secure ceremonies for providing data, and for
expressing consent
... rather than having a recommendation that talks about the PII bar
interacting with forms, which is muddied waters, we should be talking
about a recommendation that involves devising a ceremony for expressing
consent
tyler: I don't think we need new technology, http+html has what we need
<Zakim> tlr, you wanted to come to the other petname related aspect
ifette: would strings be identified by the value of the string, or the
name of the string provided
tyler: I haven't thought in depth about it, that's a question for
experts
ifette: worth mentioning that for blind users, if you're using audio
prompts, you'll want to be conscious of broadcasting sensitive data by
audio
Mez: so how are we doing in terms of figuring out conformance data?
tyler: most of the conformance langauge references back to discussion
content that's been removed - that should be added back in, but failing
that, I might have to add some elaboration
Mez: (suggests sequential structure for conformance language)
tyler: I think I used parts of that structure, but I can try to repeat
that elsewhere
<Mez>
[19]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Sep/0079.html
tlr: is there a requirement there about the browser not storing
information filled into the field outside of hte PII bar
tyler: that wasn't part of the requirement
luis: is this required to be client based? Can it be network hosted?
tlr: which use case are you talking about - a single sign-on provider,
or through redirection?
tyler: so what I was thinking Luis was asking was - there's an explicit
db of secrets, does that have to be local? My answer would be that the
rec doesn't have to restrict in this way
Mez: yes, we shouldn't add to the complexity here
luis: mentions liberty alliance
hal: but that could be a lot of different things
<much discussion of liberty alliance protocols/standards, which do take
personal information, but aren't explicitly called out by our recs,
particularly where there might be overlap with PII bar>
<tlr> I think the most useful thing right now is to notice that there
might be a bit of overlap here, and that we probably want to send a
flare to Liberty when the FPWD comes out.
Mez: cuts discussion
<PHB> if we always exclude from consideration things that will take two
or more years to complete we wil be sitting here in five years time
with the exact same set of problems
tyler: we also haven't had the discussion about including the other
text
Mez: that's a different agenda item
tyler: okay, but they're closely intertwined
<PHB> There are plenty of things that we could have fixed in a couple
of years if we had started when I proposed them - 1994
tlr: the problem with sorting that out is the blurring between examples
and normative language
[20]http://www.w3.org/2006/WSC/drafts/rec/Overview.html#piieditor-confo
rmance
tyler: there are multiple aspects here - one of which includes "you've
never given information to this site, but if you want to start, PII can
do that for you"
Mez: Ceremonies for secure data entry, what's up next? (Next steps...)
... to get it into shape for FPWD
tlr: Propose trying to get something done by dinner?
tyler: Likes more time
... happy to take actions
tlr: Reason is that we are under time pressure
... parts of discussion were useful
<maritzaj> rachna and serge are looking for a separate meeting room now
tlr: good to try to take text, re-write
Mez: What did you mean by a little longer?
tlr: want strawman including key points
... clarify, leave out, etc
Tyler: personally, think we would get better text if we formed list of
issues and he went through them
Mez: Timeframe?
Tyler: doubt FPWD before he can get that text
Mez: Not the point
... freeze. When?
tlr: hmm...
... needs to be a frozen version
... except for minor aspects
Low-fi Prototyping and Usability Testing
maritza: Pages on wiki to look at
... will paste URLs
<maritzaj> [21]http://www.w3.org/2006/WSC/wiki/UsabilityStudies
<maritzaj> [22]http://www.w3.org/2006/WSC/wiki/Study_of_SSL_warnings
maritzaj: Back in July, was a usability phone call
... went through recs that were in a proper format
... wrote up potential usability issues
<johnath> true!
maritzaj: tyler might have been the only one to respond
... planing in July to start dialog, write up summaries of potential
problems, answer questions, then next step, lo-fi prototyping
... lofi prototyping will help us understand what's going on
... might talk about pii-bar more than others
... talk about usability studies
maritzaj: hard to comment on some things, depends on user feedback
tyler: it's on my todo list
Mez: Could you talk in general about lo-fi prototyping
... tyler will be with you, not clear everyone else is on the same page
as far as what's required
... pointers, etc?
... 1:1 offline consultation?
maritzaj: feel like we've talked about before
mez: so if people have questions they contact you three?
tlr: comment about why people might have forgotten
<rachna> In the last f2f we talked about prototyping
maritzaj: to give everyone brief overview (and ask if you have Q's)
<rachna> I can send tips and techniques to the group if needed
maritzaj: Have writeups of what ppl have in mind, lo-fi prototype is a
quick mockup lacking full functionality
... for example, tyler's thing, don't have to have everything clickable
etc
... just drawings, or mock-ups in photoshop etc
... what you would expect most common screens to be
... for PII-bar, would want quick mockup showing how user chooses
security skin, icon, etc
... launch sequence
tyler: good thing to do for protyping is to look at feedback provided
by The Three, see what they're most worried about, what's minimum you
can do to let them test those concerns
... eg for pii-bar, worried about moving eye focus from editor and back
mez: hoping that by end of this agendum, have list of actions on people
to produce lo-fi prototypes
... if we're driven by feedback so far, need you to help us figure out
who takes what actions
maritzaj: start with July writeups?
mez: have other idea?
maritzaj: no
... usability study page link, have timeline
... rachna said she talked to tyler about protoyping piibar
... have that in there, need a date
mez: have a row for each of those?
... no
maritzaj: maybe we can fill that in today
tyler: on receiving end, have someone to do testing
... have you divvied up the work?
mez: think so
maritzaj: haven't discussed schedule
tyler: think it's an important part to set deadlines
mez: two rows in table, one has a tester, one has a proposal person
... to over-typify Serge and Tyler
... serge happy to do lo-fi for SSL warnings?
... or just that subset?
maritzaj: second link
<maritzaj> [23]http://www.w3.org/2006/WSC/wiki/Study_of_SSL_warnings
<rachna> serge says yes
maritzaj: study that Serge proposes to do
<Mez> yes, both lo fi and testing for all SSL warnings?
<Mez> but no positive indicators?
maritzaj: based off warnings people see, starting with people who know
what warnings mean, see which are meaningful/useful
... weed through SSL warnings there
<serge> Mez: yes
<serge> I can't on the damn interweb
Rachna: they can't hear us
<Mez> ure, talk at us
<Mez> then tell us when we can talk
PHB: You're voice from god in top of room
tlr: hear better if we shout?
Rachna: Type in questions
mez: find mics?
<johnath> we're looking for microphones
Rachna: Can hear mez
<johnath> give us a sec
mez: looking at SSL warnings study
... cutting off R&S
<maritzaj> serge, can you say how your study relates to the wg and the
prototyping
mez: sees lo-fi prototyping as embedded in questions to be answered
asaldhan: got kicked off wireless
mez: you have a grip on this part, how do we get a grip on everything
else?
... one thing we discussed was identifying prototypes needed and who to
do them
rachna: have grip on serge and tyler because they responded to first
writeup
<Mez> sounds good rachna
rachna: maybe we can go through writeup?
... go on to figure out what prototypes, get ppl to sign up
... hard to do testing schedule without knowing what to test
mez: walk us through
... we've an hour to spend on lo-fi prototyping
... want concrete actions at end of htat hour
... if we are to do other things, that results in other actions
serge: talk about SSL?
mez: no
... you have a grip on that
... we care what you do
<serge>
[24]http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFi
rstCut
<tlr> tyler: serge, re you both prototyping and testing the SSL
warnings part
<tlr> serge: yes
<tlr> tyler: anybody on the hook to test piieditor
<tlr> serge:*mumble*
<tlr> serge, shout!
<johnath> serge - you're breaking up a little, probably our flaky
internet
<scribe> ScribeNick: ifette
mez: asking for actions premature?
tyler: not premature
... try to sketch something out
... want to know how to move forward
<tlr> the voice connection is getting worse
<Mez> ian't scribing he discussion well, fyi
rachna: depends on if it's the three of us doing testing
... walk through first cut, talk about what we want to do?
mez: ok
... try that
<Mez> tyler and rachna met and decided on low fi prototype
<Mez> tyler and rachna know what tyler will do
tyler: needs to know who is testing, when they need material by
<scribe> ScribeNick: ifette
tyler: will use XUL
... do mockup of four features
... four top things you and Rachna were worried about
maritzaj: you should communicate to us what you are implementing
... so we can figure out and assign study components
tyler: rachna has a good idea of what will be implemented
... move on to second stage, identify someone to do tests
... so he knows due dates
phb: need to have a way of distinguishing a test candidate site
... deemed to be good
... and a test candidiate site that is actually fraudulent
maritzaj: demo user sessions?
phb: capability of these technologies to convince the user to choose
the wrong choice
<serge> what do you mean by test candidate site?
maritzaj: user studies that trick the user?
mez: haven't gotten there yet
phb: testing security...
mez: lots of things that could be tested
... any sort of proposal is, "what happens when attackers see this
defense"
phb: not at that point
... at point of "a way to see...
... if one of these technologies is sufficiently powerful, if
conditions are right...
... mumbling
mez: keep thinking
phb: some things we can measur
... degree of nuiscance
... remember if person was on good/bad site
... other stuff we cannot
<serge> In the interest of actually getting something done today, can
we limit the questions to specifics regarding this document:
[25]http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFi
rstCut ?
phb: avoid jackson study situation
<serge> rather than making vague comments about testing in general?
phb: great mesure of irrelevant measures
mez: should agree that data to be measured is interesting, useful
serge: we're not sure what you are saying Jackson study problems are?
phb: measuring a quantity he's disinterested in
mez: so people need to review things by mail before study
... so e.g. ssl warnings
... at some point, serge will send out a plan
... we need to agree that's useful info in the plan
serge: we have this URL we've sent multiple times
mez: referring to "Study of SSL warnings"
... first time she's seen this
<Mez> [26]http://www.w3.org/2006/WSC/wiki/Study_of_SSL_warnings
maritzaj: the wiki page on the ssl study u want to do
<tlr> mez is looking at this one:
[27]http://www.w3.org/2006/WSC/wiki/Study_of_SSL_warnings
serge: just created
... based on stuff from other URL (recommend. first cut)
... nothing new
mez: stop complaining
... deadlines are good
<serge> can we read it now?
mez: needs mail message
<tlr> [28]http://www.w3.org/2006/WSC/wiki/Study_of_SSL_warnings
mez: if far enough along, and you want WG to look at it now?
... is the study at that state yet?
... for us to say "is this useful info that is being collected"
maritzaj: need to clearly set out objectives, measures
<Mez> for every study, it will be good to get wg concensus about the
objectives
serge: nothing in study of SSl warnings not in URL sent out months ago
mez: and yet that's not the point
... am typing in points now
rachna: thinks serge... the outline can be used as an example to show
where we want to get to with other proposals?
<Mez> an explicit action for each one will be a useful, focusing event
serge: might be wrong, but...
... point of contention is that ppl didn't read it because not broken
up?
<Mez> no
mez: no
... you're wrong
... happy to have meta-discussion
... but bad use of time
... you getting what you need?
serge: no
<Mez> ?
<tlr> serge, ask a clear question
serge: wanted to limit discussion to just those studies
<Mez> ?
tlr: can you ask a set of reasonably simple questions with reasonably
clear context
... we're circling around who's read what
<serge> we can't hear you?
tlr: wasting time
... maybe you can just try
maritzaj: need dialog about what we can expect from lo-fi prototype
... before discussing types of studies
... needs to be back and forth
... what can we design, and test
mez: what's next?
serge: ssl mumbling
tlr: ... didn't understand a word
... totally mangled
... second
<johnath> serge: couldn't hear you - our phones are dying - not
frustrating at all!
tlr: heard a half concrete question from mraitza
... do we have expectation as to what people will produce
... who will produce, and what is needed for studies?
... is that correct?
... think that's the gorilla in the room
mez: looking for someone to break that down in pieces
tlr: gets back to "how lo-fi can it get"
... back to how bad can it be?
maritzaj: with some recs, difficult to give concrete feedback
... not sure what is being proposed
<rachna> step 1 is for proposal authors to read usability evaluation
first cut on wiki
maritzaj: better if even someone just takes a pencil
... shows us what we're thinking
... concrete realization
... e.g. SBM
<Mez> rachna, how do we break that into action items?
maritzaj: few others, very general
<rachna> step 2 is to produce prototypes designed to answer questions
raised in that document
maritzaj: first cut on usability, was like "if we knew more about this,
we could comment on XYZ"
... going through feedback on wiki page
... iron details
serge: some proposals require substence to get idea of what prototypes
shoudl look like
tlr: hear you saying that, if ppl were to do very simple prototypes,
that would help as first step?
mez: totally, free-hand drawing on paper
... origin of term
phb: for some of us, XUL is easier
mez: for some, that's better
<rachna> any level of fidelity would be more helpful than text
serge: independent of medium you choose to protoype
dan: we understand
serge: goes on about medium
phb: not interested in three decimal places of effectiveness
... interested in "likely accepted", "slashdot only"
<rachna> they can be whiteboard drawings, powerpoint, photoshop, HTML,
full extensions, etc.
phb: might propose some things that are less usable
... can people grok this proposal at all, then there's the Q of "does
this encourage habits that keep users safe"
<rachna> PHB, both of those are important and related.
<rachna> long term studies are also an option
phb: problem with warnings: yes, if you put warnings in front of users,
yes in an hour you can guide people through and get desired results
... but at home, turn warnings off, different.
tlr: concrete next step?
mez: frustrated
<serge> PHB: are you offering to fund a multi-year study?
mez: wating on maritza, rachna or serge
... for next steps
<rachna> action items should be assigned for each proposal author to
read the doc and then work with us to define the questions
johnath: can you hear me?
<Audian> wow! >1,000 users?
<Mez> rachna, please identify each propsal and author so those can be
created
<rachna> the next step is to produce a prototype to answer those
questions
johnath: the two proposals I put forward
... page info summary
... and identity signal
... doesnt make sense to put into lab environment
... identity signal makes sense
... as a question to who might be testing
... are you blocked on me?
... if no, tag the next person, have a discussion on next proposal
... so we can go around the room
... figure out who's blocking
serge: you have done well, my child
rachna: are there questions that are interesting to answer, or other
questions?
johnath: will take action to write email
<scribe> ACTION: johnath to write email to usability study people re
identity signal stuff [recorded in
[29]http://www.w3.org/2007/10/02-wsc-minutes.html#action02]
<trackbot-ng> Created ACTION-301 - Write email to usability study
people re identity signal stuff [on Johnathan Nightingale - due
2007-10-09].
rachna: wanted to know goals
... if we are asking the right questions
<serge> yeah, I thought that was Tyler speaking, I was going to say,
he's been good at emailing us about these
rachna: if we do test, want to know if we can establish whether
prototype met goals or did not meet goals
<Mez> can you identify who has not so actions can be created?
johnath: think that's fair, apologize for not getting reaction earlier
<serge> and asking/answering questions and helping us visualize what
the rec might look like
johnath: thought some things group were looking at were not the right
things
... if I do that, can we use that as example
... go down list, figure out what's blocking what
... and create actions?
rachna: would help
... can decide what prototypes we can test together
... etc
... SBM might have unique things to be tested separately
... would be helpful
tyler: one unusal thing about identity signal, is that...
... you don't see it as anti phishing
johnath: will make email interesting
tyler: what are we testing it for, is it still a good guide?
... ppl could say "a lot are not AP measures"
johnath: defer to study runners
... if we take, eg SBM,
... say "what are you blocked on"
... will hear "no prorotype, haven't heard from DAN on what to test"
... regardless on other stuff, we know what is blocking
... feels like progress
mez: likes that
dan: need from me, sketches and interactions
<scribe> ACTION: Schutzer to create sketches and interaction notes to
send to usability testing group [recorded in
[30]http://www.w3.org/2007/10/02-wsc-minutes.html#action04]
<trackbot-ng> Created ACTION-302 - Create sketches and interaction
notes to send to usability testing group [on Daniel Schutzer - due
2007-10-09].
<serge> I think the underlying point is, our time is limited, user
studies take months, so if someone is unwilling to be proactive about
working on this, we probably won't test it
maritzaj: we all made assumptions on initial review, could be off
... didn't know johnath's intent re: anti-phishing
<Audian> you guys figure out what you want to test, sketch it on a back
of a napkin and I can build hi-res prototypes, basic working models too
if necessary
maritzaj: make sure we know target users, target goals, what problems
etc
... useful
johnath: suspect other recommendations
mez: url to email?
<maritzaj>
[31]http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFi
rstCut
tyler: the famous one
<tyler>
I[32]http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationF
irstCut
<tyler>
[33]http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFi
rstCut
mez: revisiting past decisions
... what's needed
maritzaj: who owns?
tlr: me
... that one, so far, hasn't made it into editor's draft
... in the material we have in there so far, we seem to mostly avoid
decisions with side effects
... to some extent, that one doesn't fit b/c it would be talking about
empty set
... that one has potential to become more concrete at later stage
... happy to drag along until whatever
mez: matches what serge typed
tlr: think useful, but not sure how to fit in
mez: next is page security score
mikem: firewall problems, not on IRC
mez: what do ppl need from mikem?
mikem: lo-fi prototype of what scoring might look like in chrome?
mez: wating on reply from usability ppl
mikem: recommendation doesn't specify how to render chrome
<rachna> we can't hear you, please type in questions for us...
mikem: so out of scope?
dan: how do we render? number from 1-100 etc?
<Mez> what do you folks need from MikeM on Page Security Score?
mikem: just show number, whatever
dan: what mike is saying, ppl can imagine different ways to display the
score
<rachna> page security score is easy to test in a lo-fi way, e.g. with
images of the indicators
dan: we are not UX experts
... someone can take a shot at it
... can suggest different ways
<Mez> so rachna, you don't need anythng from MikeM on PSS?
<johnath> rachna, does that mean you are not blocked on that one?
<serge> I'm not clear what the security score will look like
<tlr> I'll try to get schutzer and McC on IRC using the web interface.
<rachna> we could use what Dan was describing... different types of
indicator mockups
<serge> if it's what I'm thinking, there's ample literature showing
it's useless
mez: usability testers need nothing?
maritzaj: need *something*
dan: know how it's computed?
maritzaj: what is meaning
... meaning of visual cues, etc
hal: affects validity, not usability?
much chatter in room
mez: alright
... nothing needed?
maritzaj: needed something
... even just...
... if we are continuing, suggest mikem or group discusses what it
should look like
... can do studies on that
<tyler> At what point do we say existing studies on passive indicators
in the chrome provide sufficient testing of such proposals?
maritzaj: vague idea, not good
mikem: a number would be an interesting test
<johnath> ifette: my question is, if we're not recommending a
particular implementation, just a score, does it make sense to run the
study?
<serge> tyler: I'm saying we're at that point
ifette: if not recommending particular implementaiton, make sense to do
study on particular implementation?
maritzaj: need user study to do recommendation
... need idea of what we're doing with it
... not good idea to recommend to display just a number without having
defined or tested
dan: combine with what we saw this morning
... e.g. you see a number in chrome
... click on number, see scoring criteria
<serge> that's been tested
<serge> it doesn't work!
mikem: would be interesting, but if not great UI wouldn't invalidate
scoring
mez: important to figure out what *would* invalidate it
mikem: pagescoring is way to bring semantics to whatever the primary
SCI is
... bring consistent semantics to whatever agent is using in primary
chrome
... means something to people
mez: can't figure that out w/o testing
mikem: Need to pick UIs, not his AOE
mez: find someone? like timh?
<serge>
[34]http://www.simson.net/ref/2006/CHI-security-toolbar-final.pdf
<serge> this is in the Shared Bookmarks
<scribe> ACTION: mccormick to find someone to help with what's needed
for UI and prototypes for page security scoring usability testing
[recorded in
[35]http://www.w3.org/2007/10/02-wsc-minutes.html#action06]
<trackbot-ng> Created ACTION-303 - Find someone to help with what's
needed for UI and prototypes for page security scoring usability
testing [on Michael McCormick - due 2007-10-09].
<serge> which I'm sure everyone has already read, right?
mez: security protocol error messages
... serge is all over that
<johnath> serge: it was just title mismatch
<johnath> Mez didn't see that the two were related
ifette: THE POINT IS TO FIGURE OUT WHO IS BLOCKING WHAT
... NOT TO GET INTO SPECIFICS ABOUT PARTICULAR PROPOSALS
serge: question is which can be eliminated
<maritzaj> no yelling on irc
serge: (re ssl)
... figure out what we can eliminate, go from there
mez: correct in reading that "you need nothing from the group right
now"?
serge: yes
rachna: did we get a list of error message?
johnath: dont remember seeing list
... four big ones
mez: did get a response in some fashion
... remember something
serge: there is 1 thing
... doing interviews with sysadmins, browser vendors, CAs...
... ppl on group can help with that
ifette: what does that mean?
mez: call on list asking for subjects or what?
serge: will email 4 ppl on list
mez: looking for WG participants to volunteer?
rachna: going back
... list of all SSL warning messages
... MOZ to generate a list?
... of what they show
johnath: steven has an email out to list
... sent june 28
... action 240 tls errors
mez: followup as needed?
johnath: will dump link in IRC when avail.
serge: high level, what is process if one of the recommendations,
through testing or literature, is shown to be flawed
... how do we remove recommendation?
mez: can use remaining 15 mins on lo-fi on that discussion
... or can queue for another discussion
... 5 more proposals on page
... diverge?
rachna: next 5
mez: great
tyler: want f2f time for that
... contentious
mez: if we get through everything else here
... otherwise Nov.
... next, EV, logos, etc
... next header: ev certs, sec. letterhead, favicons, cert. logos
... proposals from phb and mikem
rachna: related to secure internet letterhead, demo from phb?
mez: it's your heading
phb: need to take separately
... secure letterhead was sent out, ev prototype
<johnath> rachna , serge :
[36]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0261.html
phb: and IE7 to represent any cert
... as being EV
... now public
... can do testing
<johnath> ( ^^^ SSL error pages )
phb: before couldn't
... bit about favicons, don't need lightweight prototype
... question is do favicons confuse people
tyler: have way to get cert. chain from IE addon?
yngve: someone published it
tyler: just the cert chain?
phb: no
tyler: how do you know whether to turn on display?
phb: have to sabotage ev
... messy
... compromised verison of IE7 will display EV for a cert of their
choosing, not EV
... before, required a real EV cert
tyler: open source code?
PHB: not code
... description on net of how to modify IE7 to insert a root
mez: offline
... moving on
... what is blocking on that one?
... the EV etc
serge: given that... brekaing up
... why do we need to test them
... if we know it's easy to
mez: moving on
... no testing there
... next: SBM
phb: issue is, if you have a compromised machine, all bets are off and
this group is irrelevant
... any software can be sabotaged
... fact that someone has disassembled IE7 is meaningless
... and irrelevant
... in a sense, it's a modified verison of IE7
... not an attack against normal IE7 or a plugin etc
<serge> okay, I just wanted to clarify that
mez: go it, what's needed for SBM?
maritzaj: done
mez: next...
<serge> that this isn't an attack against an unmodified version
maritzaj: not sure "what is a secure page" fits usability testing
... robustness
... stopped there
... can go back if we have a counterpoint
<rachna> did we answer what we need for SBM?
<johnath> rachna: that one was out of sequence, because I mentioned it
when I was hollering earlier :)
tlr: tls stuff folded together
... in there, there is error handling with TLS
... distinct from current state
<johnath> so Dan already has an action to write up experiment
methodology reactions and lo-fi prototype
tlr: creates 3-tiered system
... not trusted and no security but no indicator of evilness,
indicators of a little security and sec. against passive attacks
... and then really strongly secured stuff, EV etc
<serge> we should have a list of questions to answer with an experiment
before doing any prototyping
<johnath> rachna: 14:47 < trackbot-ng> Created ACTION-302 - Create
sketches and interaction notes to send to usability testing group [on
Daniel Schutzer - due 2007-10-09].
<rachna> I also did not hear if we will have access to a secure
letterhead prototype...
tlr: that leads to situation where, what is a secure page, feeds into
where on that level and in that system you are
... take is that it's most useful to prototype this package and test
the package
<Mez> rachna, I heard serge say he doesn't want a secure letterhead
prototype
tlr: test both SSL error messages, AND what is a secure page, AND
others
<johnath> rachna: I think serge said he had phil's mockup?
tlr: having a look at existing indicators might be useful, but probably
have an idea of the result
<serge> huh?
tlr: need to align testing plans with editorial work
... what is a secure page exposes that need
mikem: method for testing page scoring too
<serge> I said none of the above
dan: secure page could feed this, or vice versa
<johnath> serge: hm - I am misremembering then. I thought someone said
that PHB had already sent secure letterhead demo
tlr: main difference lies in what identity signal says
<johnath> serge: in which case, maybe we should come back to that when
thomas is done here
<serge> there was some demo he sent, but it didn't work
tlr: might be primary chrome if EV is enforced
... strong stuff if something phishy is going on
... carefully phrased so that you can have... is a common practice for
how to do error messages
... list of what triggers one is not comprehensive
<Zakim> johnath, you wanted to bring back secure letterhead
johnath: in channel, note rachna asking if closure on demo or lofi for
Sec. Letterhead
<serge> johnath: I'm not convinced we need to, given that there's
enough literature showing that users won't 1) notice it and 2) trust it
more than the look of the destination web page
johnath: thought he remembered serge having demo, serge says demo
doesn't work
mez: keep hearing serge say he doesn't need a prototype
... back to secure page
tlr: useful to look at draft
... for basis for testing
... where we are on testing, and developing ideas
... secure letterhead feads in
... as isolated approach, hasn't survived
... has turned into "display logotypes under conditiosn XYZ"
... where XYZ undefined
serge: never said he didn't want to see demo
... but rather, based on what's said so far, how he envisions it isn't
different than previous failed attempts
... would love to see demo if there is something new
phb: what is similar that has failed?
mez: stop
... order from chair
... on secure letterhead:
... what do you want to see a demo of
<serge> phb,
[37]http://www.simson.net/ref/2006/CHI-security-toolbar-final.pdf
rachna: test on secure letterhead, is it on test plan?
<serge> phb, [38]http://tjwhalen.googlepages.com/eye-tracking_gi.pdf
tlr: the key material has been reviewed on call, made into identity
section
<serge> phb,
[39]http://portal.acm.org/citation.cfm?doid=1047671.1047674
<scribe> ACTION: phb to produce demo or lo-fi protype of secure
letterhead [recorded in
[40]http://www.w3.org/2007/10/02-wsc-minutes.html#action07]
<trackbot-ng> Created ACTION-304 - Produce demo or lo-fi protype of
secure letterhead [on Phillip Hallam-Baker - due 2007-10-09].
<serge> there, three papers, all in the Shared Bookmarks, show how
yours is different
maritzaj: so, tlr, what you are saying is consistent with original
thoughts: writeup on secure page fed into other recs
... not a specific user study necessary given what she saw
... not an independent thing
tlr: writeup on what kind of input material should trigger an output,
is needed
... if you have a little TLS and a bunch of javascript from HTTP, your
indicator says HTTP but not strong interrupt
... that's the level this is at
... I can't come up with usability experiment
mez: moving on
... last one...
tlr: what is a secure page, would map to same distinctions in UX as
self-signed cert vs. non-self signed cert
mez: fine
... movin gon
tlr: ...
maritzaj: y/n: this rec, needs its own UX evaluation?
tlr: not at this point
... is something in there that needs eval at some point
... but it's this plus other stuff
mez: browser lockdown
... what's needed
... if anything
maritzaj: emails exchanged in august
... action item is to get back with questions or lack thereof
<scribe> ACTION: hahn to get back to maritzaj on what questions he has,
or any lack thereof [recorded in
[41]http://www.w3.org/2007/10/02-wsc-minutes.html#action09]
<trackbot-ng> Created ACTION-305 - Get back to maritzaj on what
questions he has, or any lack thereof [on Tim Hahn - due 2007-10-09].
mez: anything else?
... looks good
... thanks for scribing in serge and rachna
<rachna> we should have deadlines... maybe next f2f?
<tlr> tlr: user interface right now abstracts from "secure page" and a
number of other sets of input data. The useful experiment would be
whether the distinction between "HTTP-like" and "has the strongly
positive indicators" will work out.
mez: feel free to stick around
... it gets interesting
... will work not to have another APWG conflict
<serge> I'm going to go, it's been...real
mez: should get used to telling APWG when we schedule before they do,
2x is 2x too many
... deadline for what at next f2f?
<Mez> ta serge
<rachna> deadlines for prototypes.
<rachna> yes
mez: bunch of action items, talking about those?
<rachna> it would be good to make progress by the next f2f
<rachna> yes
mez: do you have everything you need in action items?
... ok, great
<Mez> rachna, tyler says he's unlikely to make that date
<Mez> but we'll see what we can do in general; I'll put something on
the agenda and work with you on what
<scribe> ScribeNick: ifette
<serge> I'm going to get off the phone, and back t the conference, but
might be on IRC still
mez: pii text...
... iteration, consensus, deadlines
<johnath> thanks serge
<rachna> We are going to sign off the phone and follow on IRC
<johnath> thx too rachna
mez: tyler said he could get text by friday, tlr said iterations...
... mez wants to know how and when
tyler: still want to talk about... purpose of FPWD is to let community
know what we're considering, get feedback
... in his experience, difficult to explain new things to people
... need to get the "why" text and examples into FPWD
... to meet goal of having ppl understad
mez: an agendum for later
... need to know what do to for "ceremonies for secure data entries"
tyler: will provide text by friday
<scribe> ScribeNick: ifette
tlr: issue re: login actions more specifically, beyond pii-bar
... has opinions, but not blockers
... after FPWD
mez: notes break time
... proposal is to continue with other large section of draft that is
empty
... conformance labels
... then page security scoring
... and want to get to Item 8 before EOD
... last call for use cases
<scribe> ... new agenda item (what to do about extra text) may fall to
tomorrow
tlr: status question
... where are we on robustness?
mez: anil put in text
... feelin good
johnath: gave whack-a-mole description
... high PageRank^(tm)
asaldhan: 7.1.2 needs a few lines, he will get it
conformance labels
mez: conformance levels are under-written...
hal: chuckles
<Mez> Conformance labels for web content
<Mez>
[42]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#clabels-content
<Mez> Conformance labels for web user agents
<Mez>
[43]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#clabels-uagents
mez: thomas, take a minute and tell us what that means?
tlr: sure, yes, unless I need to scribe
[44]http://www.w3.org/TR/2005/REC-qaframe-spec-20050817/#conf-label-pri
nciple
<Mez> ScribeNick: Mez
tlr: we have conformance req in the spec for at least user agents and
content
... by saying that you conform, you are conforming to a specific
subsection
... listing what it means
... some parts of doc are optional
... deal out nice labels to talk about those parts
... identify the optional things
... explain how to do a conformance claim against them
... leaveit open for fpwd - proposed
... take up in the not too distant future
... could see some interesting discussion coming up in that area when
revisit sbm
... currently phrased as a particular conformance profile
... doubtful if it's useful right now
Mez: would you put a bit of text in motiviating, as editors note?
tlr: take a bit from qa framework, in orde to make one, this is how it
will be staged
<tlr> ACTION: thomas to drop editor's note into conformance labels
section to explain what it's supposed to mean [recorded in
[45]http://www.w3.org/2007/10/02-wsc-minutes.html#action10]
<trackbot-ng> Created ACTION-306 - Drop editor's note into conformance
labels section to explain what it's supposed to mean [on Thomas
Roessler - due 2007-10-09].
<scribe> ScribeNick: tlr
<ifette> ifette: can formula be secret?
<ifette> mikem: can see reasons, competitive and otherwise
<ifette> hal: Netcraft doing this right now
mcc: weights could come from a number of sources
... strawman formula: history stuff ...
... ca informaiton ...
... cert self-signed? ...
... trusted root ...
... expired? ...
... revoked? ...
... CRL vs OCSP ...
... weigh things and add them up ...
ifette: hard to find out where the IP address came from ...
... often you just say "want to open socket to ...", don't get direct
info about what was used to resolve ..
... with WinINET, you don't even get a lot of the cert information ...
yngve: one aspect might be to deal with minimum value of some of the
input parameters ...
... Opera uses minimum security level for page ...
... if page includes unsecure elements, then page's level goes down ...
... other one is weak encryption ...
... key lengths ...
mcc: describes effect of formula on a number of sites
<Zakim> johnath, you wanted to point out that algorithmic debate makes
it feel like this is a good place for experimentation, but not a good
place for normative recommendation
<tl1> johnath: interesting approach
<tl1> ... Vista hardware score ...
<tl1> ... nobody gets higher than a 5.9 gets that ...
mcc: functionally a cap right now ...
... doesn't necessarily have to have a cap ...
... keep adding more things into it ...
johnath: when talking about the details of the algorithm, sounds like a
fertile ground of experimentation
... this should totally be developed as extensions, experiments ...
... concern is that, if document comes out with normative language, we
wouldn't know it's actually a good one
mcc: would have to test the heck out of it
johnath: "here's the kind of calculus you should be doing"
... rather than saying that this should be explicitly presented ...
mcc: there's a certain appeal to having an industry standard formula
johnath: not let selves be hamstrung by fact that tech doesn't exist
today
... otoh, would be easier to refer to this if it existed already ...
... MS did some experiments with stuff like this ...
... but if we're normative, either tell people how to implement, or
maybe not be normative ...
phb: two sets of questions -- dominant concern: will users act if we
give them the data?
... assuming there's a threshold ...
... don't want to do the formula in a standards body ...
... toolbars that do this kind of checking ...
... you'd want to have competition in this area ...
... however, that doesn't mean that you don't want a standard ...
...
... want to sell people the opportunity to send that data ...
... instead of sending plugin, would be nice to sell service ...
... would be nice if there was a standardized interface to get this
kind of information in ...
... part of it might be some blacklisting capability ...
... at any given time, small number of IP addresses that causes trouble
...
(discussion about order of magnitude of active phishing & malware
sites; result: constrained number)
phb: would addtly need a whitelist ...
... maybe if score is below a certain point, might want to go for
backup black-list ...
... also, when episode starts, it tens to have finite duration
tyler: re score -- there's a study that associated numeric scores to a
site ...
... take a look at that study ...
... garfinkel and wu (?) ...
<tyler__>
[46]http://www.simson.net/ref/2006/CHI-security-toolbar-final.pdf
hal: one problem on this kind of approach is that it's such a common
practice to not turn on SSL/TLS till you need it ...
... everybody gets bad score till you do something ...
mcc: wells-fargo is first bank to put entire web site under SSL
... worked out for us ...
hal: would love to know non-proprietary information about TLS
deployment impact
... it's widely stated that there is a significant performance impact
...
phb: lions in north africa are extinct as well
ifette: coming from a company with a lot of servers using SSL ...
... it can be difficult ...
phb: TLS restart identifier
mcc: (shows a slide with proposed conformance language)
mzurko: overconstraining?
... maybe say "there should be a representation of security aspects
that matter"?
... "and present in a form that makes sense for the user to act on"?
mcc: "take these 11-12 things we identified, come up with a consistent
way to make them SCI"
mzurko: so "develop a representation to the user"?
mcc: would like formula-type approach, standard formula, consistency
mzurko: would like to understand preference for formula?
... would imagine it is for comparative purposes ...
mcc: can have sameness across different browsers...
... and partial order things ...
... can do that with fixed formula, or can generate formula using
neuronets ...
yngve: formula was for a single site ...
mcc: page!
yngve: trying to think how it would cover multiple servers
... mixed content ...
mcc: only place where it's referenced in particular formula is non-SSL
content in SSL page
mzurko: at this page, if we could take it up one level of abstraction,
that would be great
... there's a lot to grapple with if concrete formula is put in ...
... realize that it's just to talk about what we're working on ...
... but likely it's drawing concrete fire ...
... but we might not yet be there in terms of being able to react to it
...
mcc: so we could talk about a score, not any specifics?
mzurko: well, we were going further back -- "representation"?
... "some way to compare" ...
mcc: happy to take out the strawman formula
<Zakim> ifette, you wanted to say i like the formula
mcc: think the concept of a formula is good ...
ifette: like the idea that there is "a formula" that can be swapped out
... like recommending that there be a way to swap out for the google or
yahoo formula ...
mzurko: not the specific formula
... maybe abstracting into formulas in general ...
tlr: uneasy about formula, as it makes things harder to review
... in particular for "this is good" kinds of situations ...
<scribe> ACTION: zurko to propose language based on McCormick's slides
[recorded in
[47]http://www.w3.org/2007/10/02-wsc-minutes.html#action11]
<trackbot-ng> Created ACTION-307 - Propose language based on
McCormick's slides [on Mary Ellen Zurko - due 2007-10-09].
interim agenda bashing
mez: item 8 was publishing threats and wsc-usecases
tlr: easier one: I've been slacking on threats, that's the outstanding
issue
... there has been resolution to publish threats before, so I simply
need to get this done ...
mez: where are we on wsc-usecases?
tyler: ISSUE-83
<Mez> [48]http://www.w3.org/2006/WSC/track/issues/83
[49]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Aug/0218.html
mez: ok, so let's resolve it tomorrow
tyler: schutzer on the phone?
mcc: doubt he'll be on the phone
[50]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Aug/0218.html
[51]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Sep/0009.html
<Mez>
[52]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Sep/0009.html
[53]http://www.w3.org/mid/bbeaa26f0708241313l6de1d479i32dc5860d191e355@
mail.gmail.com
[54]http://www.w3.org/mid/bbeaa26f0708241313l6de1d479i32dc5860d191e355@
mail.gmail.com
not relevant, sorry
<serge> is someone just doing a poor job scribing, or is there nothing
going on?
tlr: happy with use cases 1 & 2, except replacing facebook with
"example.com" or the like
ifette: still have issue with use case 1, relating to plugin / local
manipulation
tlr: we're masking this distinction, so it should be "by corporate
policy, user agent exhibits this and that behavior"
<scribe> serge, thanks for the reminder :)
ifette: use case boils down to saying "error page that says page isn't
accessible"
... browser gets some error ...
<serge> not being on the phone makes it quite evident
ifette: what are we supposed to do with it?
... don't understand what should be done?
... how does the browser distinguish this use case from 404 error?
mez: maybe it can't?
yngve: if we get error from the error from the network ...
... timeout or whatever ...
... we are unable to tell why that happened ...
... could be block in the network ...
... something in the machine could be involved, but below the level we
see
ifette: to browser, might look like any other network error ...
... to browser and extensions (i.e., browser, period) ...
... if you have filtering software installed on Windows, can't tell ...
... what's the cause ...
... no way of distinguishing ...
... how to create better 404 error pages as a default? ...
... we're not suggesting error page when some filtering software blocks
site ...
... this sounds like it's about better explaining 404 pages ...
tyler: what's the trust decision here?
mez: use case 1
hal: by definition, if you have no option, you have no decision
... distinction: blocking software has accessed info that the browser
doesn't have ...
... vs things are indistinguishable to the browser ...
...
yngve: if you have two user agents, one getting error "can't connect",
one getting a page...
... sth about non-consistent proxy configurations ...
tlr: umh, thinking more about it, this use case has a genesis that got
lost here
tyler: maybe we shouldn't assume specific technology in a use case
mez: oh well, yeah
(some pondering over use case 2)
<ifette> ACTION: tlr to re-work "use case 2" from issue 83 into general
language about disabilities to insert into section 6 of use case note
due 2007-10-3 [recorded in
[55]http://www.w3.org/2007/10/02-wsc-minutes.html#action12]
<scribe> ACTION: tlr to draft generic accessibility text for section 6,
to go before subsection 6.1 [recorded in
[56]http://www.w3.org/2007/10/02-wsc-minutes.html#action13]
<trackbot-ng> Created ACTION-308 - Re-work \"use case 2\" from issue 83
into general language about disabilities to insert into section 6 of
use case note due 2007-10-3 [on Thomas Roessler - due 2007-10-09].
<trackbot-ng> Created ACTION-309 - Draft generic accessibility text for
section 6, to go before subsection 6.1 [on Thomas Roessler - due
2007-10-09].
mez: about to wrap up
tlr: use case 3 from ISSUE-83?
mez: anything more about it?
ifette: use case 1 is the one where you don't get to it because of
filtering
... use case 3 is the one where it's been taken down because of
phishing ...
... could imagine model where you go to some clearing house ...
... and there's some information that this is a 404 due to takedown ...
... boils down to call to service-provider that knows what has been
taken down ...
... not in love with this proposal, but I'll live with it ...
tyler: on criteria for accepting use cases
... rachna had message that listed some criteria toward end of
ISSUE-101 discussion ...
(discussion to identify relevant message)
<Mez>
[57]http://lists.w3.org/Archives/Member/member-wsc-wg/2007Sep/0047.html
(unminutable discussion of these criteria)
tlr: what are we getting up?
ifette: trying to apply these criteria to the three use cases at hand
ifette: trying to apply these criteria to the three use cases at hand
tyler: ???n
mez: do we have any use cases that talk about SSL?
... that's a particular technology as well ...
... wondering whether that had gotten in quite fine ...
tyler: don't think we have any "how do we present SSL" use case
mez: ssl in a current use case
tyler: well, ssl is part of infrastructure for delivering web pages
... we're not talking about the particulars of ssl ...
mcc: well, self-signed
johnath: there's a use case about different CAs
... more than straight SSL ...
... don't think it disbars a use case in the first place ...
... there are use cases that assume CAs exist ...
mez: this boils down, we didn't ever have discussion on what makes ok
use case or not
tyler: lot of concerns about this
... one that I haven't stated about this ...
... anyone who has a particular proposal in mind is going to be
motivated to say "I'd like us to look at this piece of tech" ...
... are we opening the barn door? ...
... might get more of those on this ...
<Mez> [58]http://www.w3.org/TR/wsc-usecases/
<Mez> [59]http://www.w3.org/2006/WSC/drafts/note/
tlr: wondering if we really need to worry about this. We might be in
the case of not having to solve this issue
tyler: can hope we get that way
... but if we get to last call, and have people want us adding
additional use cases, won't have leg to stand on
mez: we can stand on whatever legs we want
... we discussed, came to consensus...
tyler: have no rules, majority says, etc
mez: that's the way WG works
... larger discussion in any context, but how we deal with things
living and dying will be first meta-discussion on that
tlr: makes sense to set expectations, however, last call means we think
we're done
... so saying that in order to take a use case into consideration after
last call and applying the same criteria is definitely opeing a barn
door
... let's not set an expectation that we will take use cases into
account
... from a purely techical context, setting that expectation would be
the opposite of what we want
mez: charter is broad, but use cases are supposed to scope our focus
for the next steps
[End of minutes]
__________________________________________________________________
Minutes formatted by David Booth's [60]scribe.perl version 1.128
([61]CVS log)
$Date: 2007/10/25 09:32:04 $
References
1. http://www.w3.org/
2. http://www.w3.org/2007/10/02-wsc-irc
3. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Oct/0000.html
4. file://localhost/home/roessler/W3C/WWW/2007/10/02-wsc-minutes.html#agenda
5. file://localhost/home/roessler/W3C/WWW/2007/10/02-wsc-minutes.html#Agenda
6. file://localhost/home/roessler/W3C/WWW/2007/10/02-wsc-minutes.html#Mozilla
7. file://localhost/home/roessler/W3C/WWW/2007/10/02-wsc-minutes.html#item01
8. file://localhost/home/roessler/W3C/WWW/2007/10/02-wsc-minutes.html#Low-fi
9. file://localhost/home/roessler/W3C/WWW/2007/10/02-wsc-minutes.html#item02
10. file://localhost/home/roessler/W3C/WWW/2007/10/02-wsc-minutes.html#item03
11. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#ceremonies
12. http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent
13. http://www.w3.org/2006/WSC/drafts/rec/Overview.html#piieditor
14. http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent
15. http://www.w3.org/2006/WSC/drafts/rec/Overview.html#piieditor
16. http://www.w3.org/2006/WSC/drafts/rec/Overview.html#piieditor-conformance
17. http://www.w3.org/2006/WSC/drafts/rec/Overview.html#piieditor-conformance
18. http://www.w3.org/2007/10/02-wsc-minutes.html#action01
19. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Sep/0079.html
20. http://www.w3.org/2006/WSC/drafts/rec/Overview.html#piieditor-conformance
21. http://www.w3.org/2006/WSC/wiki/UsabilityStudies
22. http://www.w3.org/2006/WSC/wiki/Study_of_SSL_warnings
23. http://www.w3.org/2006/WSC/wiki/Study_of_SSL_warnings
24. http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFirstCut
25. http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFirstCut
26. http://www.w3.org/2006/WSC/wiki/Study_of_SSL_warnings
27. http://www.w3.org/2006/WSC/wiki/Study_of_SSL_warnings
28. http://www.w3.org/2006/WSC/wiki/Study_of_SSL_warnings
29. http://www.w3.org/2007/10/02-wsc-minutes.html#action02
30. http://www.w3.org/2007/10/02-wsc-minutes.html#action04
31. http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFirstCut
32. http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFirstCut
33. http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFirstCut
34. http://www.simson.net/ref/2006/CHI-security-toolbar-final.pdf
35. http://www.w3.org/2007/10/02-wsc-minutes.html#action06
36. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0261.html
37. http://www.simson.net/ref/2006/CHI-security-toolbar-final.pdf
38. http://tjwhalen.googlepages.com/eye-tracking_gi.pdf
39. http://portal.acm.org/citation.cfm?doid=1047671.1047674
40. http://www.w3.org/2007/10/02-wsc-minutes.html#action07
41. http://www.w3.org/2007/10/02-wsc-minutes.html#action09
42. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#clabels-content
43. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#clabels-uagents
44. http://www.w3.org/TR/2005/REC-qaframe-spec-20050817/#conf-label-principle
45. http://www.w3.org/2007/10/02-wsc-minutes.html#action10
46. http://www.simson.net/ref/2006/CHI-security-toolbar-final.pdf
47. http://www.w3.org/2007/10/02-wsc-minutes.html#action11
48. http://www.w3.org/2006/WSC/track/issues/83
49. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Aug/0218.html
50. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Aug/0218.html
51. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Sep/0009.html
52. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Sep/0009.html
53. http://www.w3.org/mid/bbeaa26f0708241313l6de1d479i32dc5860d191e355@mail.gmail.com
54. http://www.w3.org/mid/bbeaa26f0708241313l6de1d479i32dc5860d191e355@mail.gmail.com
55. http://www.w3.org/2007/10/02-wsc-minutes.html#action12
56. http://www.w3.org/2007/10/02-wsc-minutes.html#action13
57. http://lists.w3.org/Archives/Member/member-wsc-wg/2007Sep/0047.html
58. http://www.w3.org/TR/wsc-usecases/
59. http://www.w3.org/2006/WSC/drafts/note/
60. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
61. http://dev.w3.org/cvsweb/2002/scribe/
--
Thomas Roessler, W3C <tlr@w3.org>
Received on Thursday, 25 October 2007 09:35:41 UTC