ISSUE-50

present web security is not good enough; even \'though fixing that is out of scope for this deliverable (public comment)

State:
CLOSED
Product:
wsc-usecases
Raised by:
Bill Doyle
Opened on:
2007-04-16
Description:
From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html
present web security is not good enough; even \'though fixing that is out of
scope for this deliverable
where it says, in 8 Merits of the status quo and 9 Problems with the status quo
(impression is that the security of the Web is OK, it\'s just the user is
gullible and ill informed)
please consider
recognize that there are defects in the platform, say that this deliverable is
limited to boosting understanding at the user-browser connection. Collect and
document (even in a companion note) the things you would rather have done but
didn\'t because the platform technology is not as widely deployed as you feel
you need.
Why?
Just because this deliverable is going to try to improve things at the
cognitive connection between the browser and the user, don\'t pretend that
that\'s the only problem left to fix. For example, present practice is to
offer the user a printed hardcopy for their records, not a fully machinable
data record. This is a violation of what ought to be basic business rights of
the consumer. The merchants claim that the user can\'t be trusted to secure
these data. But they don\'t tell the user that. They use their wiles to keep
the user ignorant of what the could have, and should have, had access to.
That needs to be laid at the door of the Operating System as a defect in user
support, not blown by with \"best current practice is good enough.\" While
this is presented as a matter of general consumer defence, it becomes critical
for people with certain disabilities where having your personal-business
office in a personal computer is the only way to be able to independently
conduct your personal business, not just a convenience. One shouldn\'t have to
pay web merchants through a credit card in order to import the results into
Quicken, for example. And you should be able to import the full, itemized
invoice, not just the bottom line.

Related Actions Items:
No related actions
Related emails:
  1. RE: ISSUE-50: present web security is not good enough; even \\\'though fixing that is out of scope for this deliverable (public comment) (from tyler.close@hp.com on 2007-05-21)
  2. Re: ISSUE-50: present web security is not good enough; even \\\'though fixing that is out of scope for this deliverable (public comment) (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-05-18)
  3. Re: ISSUE-50: present web security is not good enough; even \\\'though fixing that is out of scope for this deliverable (public comment) (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-04-19)
  4. ISSUE-50: present web security is not good enough; even \\\'though fixing that is out of scope for this deliverable (public comment) (from dean+cgi@w3.org on 2007-04-16)

Related notes:

No additional notes.

Display change log ATOM feed


Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 50.html,v 1.1 2010/10/11 09:35:17 dom Exp $