A method for web security context patterns development from user interface Guidelines based on structural and textual analysis

Abstract

Currently, only a small number of user agents present information on the web security context to the user in an easy way for understandability. W3C has created WSC-UI documents as a security suggestion standard for web security context. The application in designing user agents to be secure requires human resources in identifying specifications, which takes much time and expense, and may also result in incompleteness. Security patterns have been used to collect solutions to recurring problems. Therefore, this research proposes a method for creating web security context patterns, based on WSC-UI documents, and identifying the relationship structure of the patterns. The proposed patterns are validated and refined according to the initial validation list. The developers can specify the security requirements based on the proposed patterns according to the specified application approach, for the benefits in designing a user agent to be aware of the web security context.