Difference between revisions of "Web Site Identity"

From MgmtWiki
Jump to: navigation, search
(Problems)
(Solutions)
Line 12: Line 12:
  
 
==Solutions==
 
==Solutions==
* The [[Web Site]] exposes its name in a manner that allows the user to make a meaningful trust decision.
+
* Good solutions to this problem are not obvious and have never really be tried before in a way that will work across all the world languages.
* Most browsers come with a feature that will evaluate any file downloaded to a computer based on a set of constantly updated filters installed in the cloud.
+
* Google's focus in late 2018 is to identify all the ways that [[User]]s interact with the address bar and the display names in web links.
 +
* Chrome and the [[FIDO U2F]] protocol are trying to define an "origin chip" showing the main domain name, with the full URL available with a click.
  
 
==References==
 
==References==

Revision as of 21:19, 4 September 2018

Full Title and Meme

The current manner in which a Web Site can be identified by a User is badly broken.

Context

  • When Tim Berners-Lee created the world wide web the existing Universal Resource Locator (URL] already existed for machine-machine discovery.
  • No one expected that the Web would grow to the point where 5 year old children were getting URLs on kids TV.

Problems

Wired interviewed Google engineers have decided to do something about the horrendous state of Web Site Identity [1]

"People have a really hard time understanding URLs," says Adrienne Porter Felt, Chrome's engineering manager. "They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity."

Solutions

  • Good solutions to this problem are not obvious and have never really be tried before in a way that will work across all the world languages.
  • Google's focus in late 2018 is to identify all the ways that Users interact with the address bar and the display names in web links.
  • Chrome and the FIDO U2F protocol are trying to define an "origin chip" showing the main domain name, with the full URL available with a click.

References

Organizational Support

  1. The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software.
  2. ISACs are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.


References

  1. Lily Hay Newman, Google Wants to Kill the URL. (2018-09-04) Wired Magazine https://www.wired.com/story/google-wants-to-kill-the-url?mbid=nl_090418_daily_list3_p3&CNDID=45183233
Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Web_Site_Identity&oldid=3126"