Cover ERCIM News 66

ERCIM News 66

July 2006
Special theme:
European Digital Library
Contents

This issue in pdf
(68 pages; 14,3Mb)

Subscription

Archive:
Cover ERCIM News 65
previous issue:
Number 65
April 2006
Special theme: Space Exploration

previous issues online

Next issue:
October 2006

Next Special theme:
Embedded Intelligence

Call for the next issue

About ERCIM News

Valid XHTML 1.1

W3C Web Security Workshop Report

W3C held a workshop on 'Transparency and Usability of Web Authentication' 15-16 March 2006, in order to identify steps W3C can take to improve Web Security from the user-facing end of the spectrum. Most workshop participants came from the security and browser vendor community, such as Google, HP, IBM, KDE, Microsoft, Mozilla, Nokia, Opera, VeriSign, Yahoo!, etc., as well as leaders of the online finance actors.

Workshop participants.
Workshop participants.

The workshop program was structured into seven sessions and an open discussion of next steps. Participants considered shortcomings in the usability of current browser-based authentication technologies. Requirements for and limitations of possible improvements were also presented by a number of speakers. Approaches for concrete improvements included leveraging (secure) metadata; a number of proposals for changes to browser user interfaces and behaviors; protocol changes; and new approaches to identity online.

Based on the discussions, W3C staff is currently engaging those present at the workshop and other W3C Members in discussions that may lead to Working Group charters in three areas: Form-filler support; Secure Chrome; and Secure Metadata.

'Form-filler support' would enable browsers to reliably recognize log-in forms. This ability would allow browser-side credential management that is more reliable and usable than current heuristics-based form filling mechanisms. Browsers could also use this capability to launch advanced and security-focused user interfaces for credential entry.

Work on secure chrome and secure metadata would identify a baseline set of security context information that should be presented to the user, and best practices for the display of this information to the user. Work in this area may also cover restrictions on scripting capabilities that are known to make faking security indicators particularly easy.

The workshop, hosted by Citigroup, was chaired by Dan Schutzer (FSTC) and Thomas Roessler (W3C).

Link:
Workshop report: http://www.w3.org/2005/Security/usability-ws/report