Difference between revisions of "Web Site Identity"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title and Meme== The current manner in which a Web Site can be identified by a User is badly broken. ==Context== * The day when a personal computer was for run...")
 
(Organizational Support)
(12 intermediate revisions by the same user not shown)
Line 3: Line 3:
  
 
==Context==
 
==Context==
* The day when a personal computer was for running application for the user is long gone, never to return.
+
* When Tim Berners-Lee created the world wide web the existing Universal Resource Locator ([[URL]]] already existed for machine-machine discovery.
* Today a personal computer depends on cloud based service for nearly all of its functionality.
+
* No one expected that the Web would grow to the point where 5 year old children were getting URLs on kids TV.
* Web Site security is becoming widely known as Cyber-Security, probably because that sounds more important somehow.
+
* It is way past time to stop blaming the [[User]] for not understanding the complex syntax of the URL and give them something helpful.
* This page will only consider the use of a trusted [[User Agent]], typically a web browser from a well-known and trusted vendor.
 
* For the case of the user allowing a [[Native App]] to be installed on their personal device, see the page [[Native App Security]].
 
  
 
==Problems==
 
==Problems==
 +
Wired interviewed Google engineers have decided to do something about the horrendous state of [[Web Site Identity]] <ref>Lily Hay Newman, ''Google Wants to Kill the URL.'' (2018-09-04) Wired Magazine https://www.wired.com/story/google-wants-to-kill-the-url?mbid=nl_090418_daily_list3_p3&CNDID=45183233</ref>
 +
<blockquote>"People have a really hard time understanding URLs," says Adrienne Porter Felt, Chrome's engineering manager. "They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity."</blockquote>
 +
 
==Solutions==
 
==Solutions==
* The [[Web Site]] exposes its name in a manner that allows the user to make a meaningful trust decision.
+
* The page [[EV Cert]]s is yet to be written.
* Most browsers come with a feature that will evaluate any file downloaded to a computer based on a set of constantly updated filters installed in the cloud.
+
* Good solutions to this problem are not obvious and have never really be tried before in a way that will work across all the world languages.
 +
* Google's focus in late 2018 is to identify all the ways that [[User]]s interact with the address bar and the display names in web links.
 +
* Chrome and the [[FIDO U2F]] protocol are trying to define an "origin chip" showing the main domain name, with the full URL available with a click.
  
 
==References==
 
==References==
 
===Organizational Support===
 
===Organizational Support===
# [https://www.owasp.org/index.php/Main_Page The Open Web Application Security Project (OWASP)] is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software.
+
# Part of [[Web Site Security]]
# [https://www.nationalisacs.org/ ISAC]s are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.
+
 
 +
==References==
 +
 
 +
[[Category:Glossary]]
 +
[[Category:Identifier]]

Revision as of 15:08, 8 December 2018

Full Title and Meme

The current manner in which a Web Site can be identified by a User is badly broken.

Context

  • When Tim Berners-Lee created the world wide web the existing Universal Resource Locator (URL] already existed for machine-machine discovery.
  • No one expected that the Web would grow to the point where 5 year old children were getting URLs on kids TV.
  • It is way past time to stop blaming the User for not understanding the complex syntax of the URL and give them something helpful.

Problems

Wired interviewed Google engineers have decided to do something about the horrendous state of Web Site Identity [1]

"People have a really hard time understanding URLs," says Adrienne Porter Felt, Chrome's engineering manager. "They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity."

Solutions

  • The page EV Certs is yet to be written.
  • Good solutions to this problem are not obvious and have never really be tried before in a way that will work across all the world languages.
  • Google's focus in late 2018 is to identify all the ways that Users interact with the address bar and the display names in web links.
  • Chrome and the FIDO U2F protocol are trying to define an "origin chip" showing the main domain name, with the full URL available with a click.

References

Organizational Support

  1. Part of Web Site Security

References

  1. Lily Hay Newman, Google Wants to Kill the URL. (2018-09-04) Wired Magazine https://www.wired.com/story/google-wants-to-kill-the-url?mbid=nl_090418_daily_list3_p3&CNDID=45183233
Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Web_Site_Identity&oldid=4418"