RE: ACTION-210: "Security Protocol Error Presentation" display recommendation from michael.mccormick@wellsfargo.com on 2007-06-08 (public-wsc-wg@w3.org from June 2007)

From: <michael.mccormick@wellsfargo.com>
Date: Fri, 8 Jun 2007 10:24:27 -0500
To: <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: <public-wsc-wg@w3.org>
Message-ID: <8A794A6D6932D146B2949441ECFC9D6802B4D46E@msgswbmnmsp17.wellsfargo.com>

  _____  

From: Mary Ellen Zurko [mailto:Mary_Ellen_Zurko@notesdev.ibm.com] 
Sent: Friday, June 08, 2007 7:07 AM
To: McCormick, Mike
Cc: public-wsc-wg@w3.org
Subject: Re: ACTION-210: "Security Protocol Error Presentation" display recommendation

"Allow technical user to access details of the error in a secondary user interface (UI) but hide them in the primary UI. " 
This aligns well with the PageInfoSummary recommendation. I propose moving this point into that proposal, or referencing it here. 
[Mike:] Makes sense to me. 

"Primary UI security context indictors should reflect the error without displaying details. 
Confine technical jargon to the secondary UI. " 
The challenge on these seems to be phrasing them in a way that supports conformance (and makes non conformance clear). But I think they're important. Is it clear to you, Michael, or anyone, how to start rephrasing these into appropriate standards language? 
[Mike:] I would need help with that.  Techie jargon is hard to define, although we all know it when we see it. 

"Detailed test cases for expected user behavior could be developed by identifying every combination of a protocol error and a use case. " 
This seems like a bit much to me. But we should definately get a list of errors. It would work best if this recommendation could start the list. 
[Mike:] Tyler's recommendation template requires test cases be tied to our use cases, hence the dilemma. 

It is funny that your disruptions section talks about current ones, not ones that this proposal generates. Because at it's heart, it's attempting to get rid of disruptions already in place. 
[Mike:] Yes.  I probably should have said simply "None" but I couldn't resist. :) 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect

<michael.mccormick@wellsfargo.com> 
Sent by: public-wsc-wg-request@w3.org 

05/18/2007 11:59 PM 

To
<public-wsc-wg@w3.org> 
cc
Subject
ACTION-210: "Security Protocol Error Presentation" display recommendation

I drafted a display recommendation (using the template) that can be found at http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/CertErr <http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/CertErr>  in satisfaction of my action item, which I propose can now be closed. 

Michael McCormick, CISSP 
Lead Architect, Information Security Technology 
Wells Fargo Bank 
255 Second Avenue South 
MAC N9301-01J 
Minneapolis MN 55479 
*      612-667-9227 (desk)             *       612-667-7037 (fax) 
(7 (cell)             :-)       michael.mccormick@wellsfargo.com (AIM) 
*       612-621-1318 (pager)            *       michael.mccormick@wellsfargo.com <mailto:michael.mccormick@wellsfargo.com>  

“THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS FARGO" 
This message may contain confidential and/or privileged information.  If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein.  If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.  Thank you for your cooperation.

Received on Friday, 8 June 2007 15:24:55 UTC