W3C home > Mailing lists > Public > public-w3process@w3.org > November 2014

Re: Require security review before FPWD

From: Mike West <mkwst@google.com>
Date: Mon, 3 Nov 2014 16:18:47 +0100
Message-ID: <CAKXHy=d=SmRpTuA=YHOeDYKB4pqg=Sd9NuRc1NT4j+bb88u1mQ@mail.gmail.com>
To: David Singer <singer@apple.com>
Cc: Sam Ruby <rubys@intertwingly.net>, public-w3process <public-w3process@w3.org>
On Mon, Nov 3, 2014 at 4:08 PM, David Singer <singer@apple.com> wrote:

> On Nov 3, 2014, at 14:17 , Mike West <mkwst@google.com> wrote:
> > Skimming through this thread again, the concept of a questionnaire makes
> a lot of sense to me. I did a quick brain dump at
> https://github.com/mikewest/spec-questionnaire/blob/master/questionnaire.markdown
> which skims through some of the questions that come to mind regarding both
> security and privacy considerations.
> These are mostly questions for the review groups to assemble.

I don't really understand this response. The groups doing review would, of
course, need to decide whether these were the right questions to ask.
Specification authors/WGs would, of course, need to assemble answers to
these questions. I'm attempting to kick off a conversation around what set
of questions we as a group should care about. :)

If the goal is to get the WG thinking about the security and privacy
impacts of their specification, than these questions seem to be a
reasonable start to a conversation with whoever ends up reviewing the
specification. Perhaps even as part of an FPWD publication request?

> Obviously, the question of whether there are XXXX Considerations sections
> at all are more global.

Indeed. But it's an important question, because it's a pretty rare
specification that doesn't actually need one or both of these sections,
regardless of whether or not they're actually written. :)

Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 3 November 2014 15:19:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:35:12 UTC