Re: "Requirements for Powerful Features" strawman. from Mark Watson on 2014-11-21 (public-webappsec@w3.org from November 2014)

From: Mark Watson <watsonm@netflix.com>
Date: Fri, 21 Nov 2014 07:47:25 -0800
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@fb.com>
Message-ID: <CAEnTvdAnYGH0v=1n4HbCtN-8Oi4HTZvRRXg_8+K4-isR43RpAw@mail.gmail.com>
On Fri, Nov 21, 2014 at 7:37 AM, Mike West <mkwst@google.com> wrote:

> What do you think of the direction the draft is taking here? It sounds
> similar to what you're asking for:
> http://w3c.github.io/webappsec/specs/powerfulfeatures/
>
That's the document I'm responding to.

The algorithm "May document use powerful features" pre-judges the kind of
questions I asked at the end of my mail below, whilst the discussions of
the definitions are still in progress (and particularly the definition of
"powerful features").

I think that algorithm would be better as a definition of "secure
environment" (of whatever is the best term). I.e. "Is Document a secure
environment?" returning Yes or No.

Then two things could happen:
(1) You agree on a universal definition of "Powerful features" and write
"Access to powerful features must only be allowed if the algorithm *is
Document a secure environment* returns YES."
(2) Individual features can refer to the "Is Document a secure environment"
algorithm for this or any other purpose, independent of the definition of
Powerful Features.

I think it might be hard to come up with a universally agreed definition of
"Powerful features", so by decoupling things you have option (2) in the
meantime.

...Mark




> -mike
> On Nov 21, 2014 4:26 PM, "Mark Watson" <watsonm@netflix.com> wrote:
>
>>
>>
>> On Nov 21, 2014, at 2:34 AM, Mike West <mkwst@google.com> wrote:
>>
>> "features which require a verifiably secure environment" is a mouthful,
>> and, if anything, it's _less_ precise than "powerful", since it doesn't
>> describe anything at all about the feature itself, instead focusing on the
>> consequence of whatever properties the feature possesses.
>>
>> Is there a single adjective other than "powerful" that you'd find less
>> judgemental? "risky" has the right connotations, but I suspect you'll like
>> it even less than "powerful". :)
>>
>>
>> I guess I would at least like to have a separation between the
>> description / definition of the properties of features and the definition
>> of the properties of a 'secure environment' or 'authenticated origin' or
>> whatever is the appropriate term for that.
>>
>> I don't think it is easy to find a definition of feature properties which
>> maps 1-1 with whatever is defined for a 'secure environment'.
>>
>> So, I'd have no objection if you write a definition of 'powerful
>> features' and a definition of 'secure environment' and then see if it makes
>> sense to say things like 'powerful features must be restricted to secure
>> environments' and 'non-powerful features must not be restricted to secure
>> environments' etc. but we need the definitions of both before we can answer
>> those questions and right now the definitions are conflated.
>>
>> ...Mark
>>
>>
>> -mike
>>
>> --
>> Mike West <mkwst@google.com>
>> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>>
>> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
>> Registergericht und -nummer: Hamburg, HRB 86891
>> Sitz der Gesellschaft: Hamburg
>> Geschäftsführer: Graham Law, Christine Elizabeth Flores
>> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>>
>> On Thu, Nov 20, 2014 at 9:58 PM, Mark Watson <watsonm@netflix.com> wrote:
>>
>>>
>>>
>>> On Thu, Nov 20, 2014 at 9:51 AM, Mike West <mkwst@google.com> wrote:
>>>
>>>> Seems clearly covered by "features which require a verifiably secure
>>>> environment".
>>>>
>>> As per my other comment, I think language like this would be a much
>>> better - more precise, less judgmental - than "powerful".
>>>
>>> Btw, I'm not sure WebCrypto is good to include as an example, since the
>>> WebCrypto WG decided at TPAC not to require an authenticated origin
>>> (although the bug is still marked as open).
>>>
>>> ...Mark
>>>
>>>
>>>
>>>
>>>> I'd prefer doing it here, but I'm easy. If folks think the TAG should
>>>> publish, I'm sure they'll be happy to do so.
>>>>
>>>> -mike
>>>> On Nov 20, 2014 6:39 PM, "Brad Hill" <hillbrad@fb.com> wrote:
>>>>
>>>>>  Do you think that "Powerful Features" belongs as a WebAppSec
>>>>> deliverable – and should be added to our draft charter – or as a TAG
>>>>> finding?
>>>>>
>>>>>   From: Mike West <mkwst@google.com>
>>>>> Date: Thursday, November 20, 2014 at 5:21 AM
>>>>> To: "public-webappsec@w3.org" <public-webappsec@w3.org>
>>>>> Subject: "Requirements for Powerful Features" strawman.
>>>>> Resent-From: <public-webappsec@w3.org>
>>>>> Resent-Date: Thursday, November 20, 2014 at 5:22 AM
>>>>>
>>>>>   After talking a bit more with Anne and others, I'm coming around to
>>>>> the opinion that we should break the "powerful features" bit out of MIX. In
>>>>> particular, the notion that we need to explain what constitutes a "powerful
>>>>> feature" pushes this right out of MIX in my mind; it was always tangential,
>>>>> and if we need to define the category (and I agree that we do), then MIX
>>>>> isn't the right place for it.
>>>>>
>>>>>  I've slapped together a strawman at
>>>>> https://w3c.github.io/webappsec/specs/powerfulfeatures/
>>>>> <https://urldefense.proofpoint.com/v1/url?u=https://w3c.github.io/webappsec/specs/powerfulfeatures/&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=Uny70yXyxUKM6QderEO9EitGs%2Fm7TkCqYt%2BJnGFSFSo%3D%0A&s=0fcecb0074cfb96997dfb36ca84714e3b5a266f1480943ceb8cb7d410eec3d39>
>>>>> with lots of TODO text. If folks agree that a separate document is
>>>>> worthwhile, I'll remove the copy/pasted bits from MIX, clean up the
>>>>> strawman, and issue a CfC to publish a FPWD.
>>>>>
>>>>>  Thanks!
>>>>>
>>>>>  --
>>>>> Mike West <mkwst@google.com>
>>>>> Google+: https://mkw.st/+
>>>>> <https://urldefense.proofpoint.com/v1/url?u=https://mkw.st/%2B&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=Uny70yXyxUKM6QderEO9EitGs%2Fm7TkCqYt%2BJnGFSFSo%3D%0A&s=1dab00db52d0d48e6baf746f4ff9a01f6e3eced390c7139ced53ecba90e1c5f2>, Twitter:
>>>>> @mikewest, Cell: +49 162 10 255 91
>>>>>
>>>>>  Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
>>>>> Registergericht und -nummer: Hamburg, HRB 86891
>>>>> Sitz der Gesellschaft: Hamburg
>>>>> Geschäftsführer: Graham Law, Christine Elizabeth Flores
>>>>> (Sorry; I'm legally required to add this exciting detail to emails.
>>>>> Bleh.)
>>>>>
>>>>>
>>>
>>
Received on Friday, 21 November 2014 15:47:54 UTC