Re: [W3C Web Security IG] call for comments on Security Review Process and Security Guidelines from Stephen Farrell on 2014-05-28 (public-web-security@w3.org from May 2014)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Wed, 28 May 2014 20:56:50 +0100
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-web-security@w3.org" <public-web-security@w3.org>
CC: 'Wendy Seltzer' <wseltzer@w3.org>
Message-ID: <53863F82.9010204@cs.tcd.ie>

Wrt [2]. How'd you feel about also adding RFC7258 as another
guideline? FWIW, as a non-member of W3C, I think that'd be
a fine thing.

I hope (not promising) that the IETF might produce a companion
document for RFC 3552 as guidelines for PM, but that will take
some time if it happens.

S.


On 28/05/14 16:57, GALINDO Virginie wrote:
> Dear all,
> 
> As we received our first requests for conducting security review on Web RTC and Manifest specifications, I think it is time for this IG to confirm that the tools proposed on our wiki are relevant to start security review. This is why I am calling for comments on :
> 
> -          Security Review Process [1] : allowing the other groups to request security review and setting up a frame for the review and reviewer
> 
> -          Security Guidelines [2] : supporting editors and chairs to fill in the Security Consideration section in their deliverable
> 
> Lets give us *15 days* to collect comments on this mailing list ( I will edit those tools accordingly on the wiki).
> After that first period, those tools will be our basis for beta testing our security reviews.
> Hope to see your active contributions here.
> 
> Regards,
> Virginie
> Gemalto
> Co-chair of Web Security IG
> 
> [1] Security Review process http://www.w3.org/Security/wiki/IG/W3C_spec_review
> [2] Security Guidelines https://www.w3.org/Security/wiki/IG/W3C_spec_review/Security_Guidelines
> 
> ________________________________
> This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
>

Received on Wednesday, 28 May 2014 19:57:37 UTC