Re: Security Use Cases - Very rough first draft

> On 19 Aug 2016, at 16:02, Leonard Rosenthol <lrosenth@adobe.com> wrote:
> 
> Baldur – great starting place. Thanks for all hard work.
> 
> I did, however, make numerous comments and corrections to the document that I hope you see as an attempt to improve the document towards inclusion with our master work.
> 
> The biggest issue is that you appear to see a PWP as having no origin – and that need not be the case.  There are many ways in which a PWP UA could (and should!) ensure that every PWP has an origin regardless of where it is hosted/loaded from.

Does this relate to the requirement we did set somewhere else, that we expect a PWP to carry (eg in its manifest) a canonical URI?

(Caveat: my knowledge about security issues are, alas!, very poor, so this may be something else…)

Ivan


> 
> Leonard
> 
> On 8/19/16, 8:34 AM, "Baldur Bjarnason" <baldur@rebus.foundation> wrote:
> 
>    Security Use Cases - Very rough first draft
> 
>    Here it is on Google Docs:
> 
>    https://docs.google.com/document/d/1i8vm8cg5iqxWgpPFRR3Qae5loj-DWcrsbBUIf2IeGaU/edit?usp=sharing
> 
>    Let me know if you can’t access it and I’ll find another way to share it with the list or fiddle with the sharing settings on the document itself.
> 
>    It’s a very rough draft, half-baked, doesn’t conform to spec style or structure etc. etc.
> 
>    All of the links included are there more as informative references for context and will have to be turned into proper spec references or removed in a later draft.
> 
>    If the scenarios seem paranoid downers then bear in mind that my biggest worry while writing it is that I might not be paranoid enough.
> 
>    - best
>    - Baldur Bjarnason
>      baldur@rebus.foundation
> 
> 
> 
> 
> 
> 
> 


----
Ivan Herman, W3C
Digital Publishing Lead
Home: http://www.w3.org/People/Ivan/
mobile: +31-641044153
ORCID ID: http://orcid.org/0000-0003-0782-2704