Difference between revisions of "Web Site Identity"

From MgmtWiki
Jump to: navigation, search
(Solutions)
(Solutions)
Line 12: Line 12:
  
 
==Solutions==
 
==Solutions==
* The page [[EV Cert]]s
+
* The page [[EV Cert]]s is yet to be written.
 
* Good solutions to this problem are not obvious and have never really be tried before in a way that will work across all the world languages.
 
* Good solutions to this problem are not obvious and have never really be tried before in a way that will work across all the world languages.
 
* Google's focus in late 2018 is to identify all the ways that [[User]]s interact with the address bar and the display names in web links.
 
* Google's focus in late 2018 is to identify all the ways that [[User]]s interact with the address bar and the display names in web links.

Revision as of 20:22, 4 September 2018

Full Title and Meme

The current manner in which a Web Site can be identified by a User is badly broken.

Context

  • When Tim Berners-Lee created the world wide web the existing Universal Resource Locator (URL] already existed for machine-machine discovery.
  • No one expected that the Web would grow to the point where 5 year old children were getting URLs on kids TV.
  • It is way past time to stop blaming the User for not understanding the complex syntax of the URL and give them something helpful.

Problems

Wired interviewed Google engineers have decided to do something about the horrendous state of Web Site Identity [1]

"People have a really hard time understanding URLs," says Adrienne Porter Felt, Chrome's engineering manager. "They’re hard to read, it’s hard to know which part of them is supposed to be trusted, and in general I don’t think URLs are working as a good way to convey site identity. So we want to move toward a place where web identity is understandable by everyone—they know who they’re talking to when they’re using a website and they can reason about whether they can trust them. But this will mean big changes in how and when Chrome displays URLs. We want to challenge how URLs should be displayed and question it as we’re figuring out the right way to convey identity."

Solutions

  • The page EV Certs is yet to be written.
  • Good solutions to this problem are not obvious and have never really be tried before in a way that will work across all the world languages.
  • Google's focus in late 2018 is to identify all the ways that Users interact with the address bar and the display names in web links.
  • Chrome and the FIDO U2F protocol are trying to define an "origin chip" showing the main domain name, with the full URL available with a click.

References

Organizational Support

  1. The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software.
  2. ISACs are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.


References

  1. Lily Hay Newman, Google Wants to Kill the URL. (2018-09-04) Wired Magazine https://www.wired.com/story/google-wants-to-kill-the-url?mbid=nl_090418_daily_list3_p3&CNDID=45183233