The W3C's Web Security Context Working Group have just released the Last Call version of its "User Interface Guidelines" document, which is a set of recommendations for the security related UI in Web User Agents.
This specification deals with the trust decisions that users must make online, and with ways to support them in making safe and informed decisions where possible.
This document specifies user interactions with a goal toward making security usable, based on known best practice in this area. Subsequent testing of this specification will include conformance, interoperability, and usability testing.
If you want to comment on the document you are welcome to do so:
The W3C Membership and other interested parties are invited to review the document and send comments to [email protected] (with public archive) through 15 September 2008. We appreciate if comments follow these guidelines for writing good issues.
Nice to see they are aware that security is *a lot* about UI design. Most security advisories deal with underlying technical issues while users are just as much at risk from UIs they don’t understand and social engineering that makes them do the wrong thing.Now, when will we fix Opera’s too-draconian-for-real-usage cookie privacy prefs? 🙂
I wonder, Mr. Pettersen, if you have a set of URL’s which Opera users, like me, can use to verify that their copy is displaying the appropriate security notation in the address slot, and bringing up theright information in pop-ups when this security notation is selected?I was trying to find an IMPROPER site, to see what my copy of Opera looks like when I am connected to something dangerous.I would find such a little “test suite” informative–mostly for my own edification and protection.