Raw List of Recommendations

These are all the recommendations given at the workshop. They are listed in the order the talks were given. The organizational label is given simply as a means to identify each talk.


Where Where Our Group is Looking

Where Our Where Our Group is Looking (2)

management systems

Where Our Where Our Group is Looking (3)

“I guess I'm not fully sure what 'encrypted' means.” - user

Where Our Group is Looking (4)


Concluding Remarks



Conclusion 1/2

browser is authentic or faked.

capabilities do not work for two reasons:

expertise and sometimes complex procedures. This is why acceptance is low.


standardised authentication features which will be difficult to fake and will be accepted by users.

confident about using authentication features.


What should W3C do?


Summary: 5 Key Principles of a Solution

  1. Trusted user interface for authentication must be based on a secret, since

all user interface is spoofable.

  1. A trusted channel can’t be trusted, since an attacker can use a trusted


  1. The client must authenticate the server, since an unauthenticated server can

ask for confidential information.

  1. A cleartext password must not be revealed during any phase of authentication,

since an attacker will fool the user into completing any standard process.

  1. The anti-phishing solution must integrate with existing password based

authentication, since users are trained to use passwords.


Three issues that are important to Yahoo!

World Savings

The Internet Access Software

The Financial Services Software Vendors

The Holy Grail - Strong Authentication:

needed) Steps 2-10 - We Must Partner

Conclusion(s) We must form a long-term partnership to ensure that the critical online channel is not lost to fraud and other criminal operations Innovation and standardization will present mitigating alternatives to online (and offline) risks We cannot afford to focus on securing only one channel . . .fraud will move to the path of least resistance


Human verified content labels


Metadata tied to past personal actions, past community activity, and authority recommendations can combat large categories of web site scams – Integration with mail infrastructure can provide additional benefits

– Bootstrapping – Roaming, multiple computers – Design that makes all the metadata consistently usable – Attacks on both technical and social aspects of metadata – Gaps from anything not absolute – Human ingenuity x human naiveté

World Bank

Personalized visual indicators such as:


If widely accepted this method of personalized visual and behavioral indicators can heighten an end-user consciousness of safe data sharing procedures over internet channels.


Petname plugin Matching of TLS Certificate fields User controlled notation

Bar Ilan University

We should protect average Net users



Candidate Solution I: Secure Mode Browser

Security Mode

Candidate Solution II: PERSEUS

Security Architecture against MalwaredPhishing


protects against Trojan horse attacks like faked dialogs)

are allowed to be executed, measures the application’s integrity



Proof-of-Concept for Online-Banking on-going

Challenges we face


Secure Letterhead

Browser Support

LOGOTYPE Certificate Issuers


New Metadata exchange protocol


SSAApproaches Summary Approach ECP IDP shared secret IDP Portal Benefits Trusted intermediary (IDP) Limitations Inherent portal limitations Additional Component? Specification Involved ID-FF Changes to Client? No Possibly No General, active component manages meeting mutual authentication requirements Scalable shared secret with minimal client changes Requires enhanced client or proxy. Agreement on the representation of the secret and implementation on the client. Yes (Enhanced client or Proxy) Liberty Authentication Service technology – ID-FF Liberty ID-FF technology or equivalent SAML 2.0 ECP or Liberty Alliance LECP ID-FF & ID-WSF (partial for AS)

MIT Lincoln Lab

The SSR Record’s Capabilities Enables sites to raise security level of users’ configurations (exactly what Chuck Wade requested)

– Cipher, keylength, etc. – E.g. HTTPS using SSLv3 and AES-256

– E.g. no HTTP, no SHA1

– E.g. etrade.com + secure.us.etrade.com

– E.g. acceptable subdomains are login.w3.org, www.w3.org


Standardization Prospects

authenticator data, confirmation values

transforms and algorithms



SXIP Protocols Anti-Phishing…

Identity Commons Non-technical proposals Identity Rights Agreements Range of Choices Privacy Concerns


Identity Metasystem Infocard New protocols based on WS- * Standards


Usability and Content


many actions

Active Approaches To Security


to avoid breaking the Internet

prone and of questionable value




(we’re at a critical juncture here, and need to be wary of creating another failed metaphor like the padlock) Leverage new features

Write an extension

(I know this sounds like a cop-out, but it’s a really well proven model for innovation in our market)


No technical proposals