Talk:Labs/Weave/Identity/Account Manager: Difference between revisions

Talk:Labs/Weave/Identity/Account Manager (view source)

497 bytes added , 28 May 2010

Confirmed users

68

edits

@@ Line 10: / Line 10: @@
 * I'd like to see much more clearly the difference between the situation where I am not connected AND not known by the RP (really anonymous), and the situation where I am not connected but known (e.g. as the last known user) by the RP. Question also raised in the section "23-Nov-2009"
-== Secure UI? ==
+== Secure UI?  ==
 Some "secure" dialogs would be nice - by secure I mean designed to inherently resist spoofing and phishing by presenting key actions in a way that can't be impersonated by scripts on a website.
 An example would be a dialog on a banking site that requests the user re-authenticate to complete a sensitive action.
-[[File:example_of_secure_dialog_for_am.png]]
+[[Image:Example of secure dialog for am.png]]
+*The UI&nbsp;would have to incorporate elements that make it distinctive from anything that a script or addon could spoof.
+*The UI would have to be designed to only work for site for which an existing account manager relationship existed. (The image part would probably be cached with the security certificate for the site at the time the site was added to account manager, so that the image would provide a RELIABLE visual cue to know that the action was associated with the existing site)
 [[User:Triona|Triona]] 10:46, 28 May 2010 (UTC)