Re: ISSUE-40: Drill-down access to all security information is not \'nice,\' it\'s required (by UAAG 1.0). (public comment) from Mary Ellen Zurko on 2007-04-18 (public-wsc-wg@w3.org from April 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Wed, 18 Apr 2007 10:21:50 -0400
To: Web Security Context WG <public-wsc-wg@w3.org>
Message-ID: <OFF2A28039.A02EE85C-ON852572C1.004E8536-852572C1.004EEA38@LocalDomain>

We should certainly not be reinventing any requirements wrong. In 
wsc-usecases, we shouldn't be putting forward any requirements or 
recommendations at all. And we should not at any stage re-state 
requirements from another WG (since they, not we, are the cannonical 
source of them). 

I propose we remove this text:

   Access to security information beyond what is available through the
   recommended presentation may be desireable in many scenarios, such
   as debugging. User agents are encouraged to provide this access, but
   in a way that does not interfere with the recommended presentation.

I think I was one of the few people really hot on keeping debugging 
scenarios in mind. From a product perspective, they're incredibly 
important from a Total Cost of Ownership point of view. I'll syphon my 
energy on this point to 
http://www.w3.org/2006/WSC/wiki/FuturesAndOnePluses

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




Web Security Context Issue Tracker <dean+cgi@w3.org> 
Sent by: public-wsc-wg-request@w3.org
04/15/2007 10:54 AM
Please respond to
Web Security Context WG <public-wsc-wg@w3.org>


To
public-wsc-wg@w3.org
cc

Subject
ISSUE-40: Drill-down access to all security information is not \'nice,\' 
it\'s required (by UAAG 1.0).  (public comment)








ISSUE-40: Drill-down access to all security information is not 'nice,' 
it's required (by UAAG 1.0).  (public comment)

http://www.w3.org/2006/WSC/Group/track/issues/40

Raised by: Bill Doyle
On product: Note: use cases etc.

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html


Drill-down access to all security information is not 'nice,' it's required 
(by 
UAAG 1.0). 
where it says, in (non-goals) 3.1 Presentation of all security information

   Access to security information beyond what is available through the
   recommended presentation may be desireable in many scenarios, such
   as debugging. User agents are encouraged to provide this access, but
   in a way that does not interfere with the recommended presentation.
you must change
This statement is too weak.  Mention and link the fact that access to all 
this 
information is required by UAAG 1.0, Guideline 2.
Why? 
The User Agent Accessibility Guidelines 1.0 is already a Recommendation. 
The 
current work is not chartered to undercut its requirements.  Don't 
re-invent 
this requirement wrong; just pass through the relevent authoritatve 
requirement.

Received on Wednesday, 18 April 2007 14:22:01 UTC