Re: ACTION-210: "Security Protocol Error Presentation" display recommendation from Mary Ellen Zurko on 2007-06-08 (public-wsc-wg@w3.org from June 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Fri, 8 Jun 2007 08:06:41 -0400
To: "<michael.mccormick" <michael.mccormick@wellsfargo.com>
Cc: public-wsc-wg@w3.org
Message-ID: <OFC59BDF13.EC059F7E-ON852572F4.0041D2DB-852572F4.00428B2C@LocalDomain>

"Allow technical user to access details of the error in a secondary user 
interface (UI) but hide them in the primary UI. "
This aligns well with the PageInfoSummary recommendation. I propose moving 
this point into that proposal, or referencing it here. 

"Primary UI security context indictors should reflect the error without 
displaying details. 
Confine technical jargon to the secondary UI. "
The challenge on these seems to be phrasing them in a way that supports 
conformance (and makes non conformance clear). But I think they're 
important. Is it clear to you, Michael, or anyone, how to start rephrasing 
these into appropriate standards language? 

"Detailed test cases for expected user behavior could be developed by 
identifying every combination of a protocol error and a use case. "
This seems like a bit much to me. But we should definately get a list of 
errors. It would work best if this recommendation could start the list. 

It is funny that your disruptions section talks about current ones, not 
ones that this proposal generates. Because at it's heart, it's attempting 
to get rid of disruptions already in place. 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




<michael.mccormick@wellsfargo.com> 
Sent by: public-wsc-wg-request@w3.org
05/18/2007 11:59 PM

To
<public-wsc-wg@w3.org>
cc

Subject
ACTION-210: "Security Protocol Error Presentation" display recommendation






I drafted a display recommendation (using the template) that can be found 
at http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/CertErr 
in satisfaction of my action item, which I propose can now be closed.

Michael McCormick, CISSP 
Lead Architect, Information Security Technology 
Wells Fargo Bank 
255 Second Avenue South 
MAC N9301-01J 
Minneapolis MN 55479 
(僴      612-667-9227 (desk)             7       612-667-7037 (fax) 
(       612-590-1437 (cell)             J       
michael.mccormick@wellsfargo.com (AIM) 
2       612-621-1318 (pager)            *       
michael.mccormick@wellsfargo.com 
¨THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS 
FARGO" 
This message may contain confidential and/or privileged information.  If 
you are not the addressee or authorized to receive this for the addressee, 
you must not use, copy, disclose, or take any action based on this message 
or any information herein.  If you have received this message in error, 
please advise the sender immediately by reply e-mail and delete this 
message.  Thank you for your cooperation.

Received on Friday, 8 June 2007 12:07:07 UTC