W3C home > Mailing lists > Public > public-wsc-wg@w3.org > December 2006

Re: What problems are we trying to solve?

From: Thomas Roessler <tlr@w3.org>
Date: Fri, 8 Dec 2006 19:54:41 +0100
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: public-wsc-wg@w3.org
Message-ID: <20061208185441.GG17975@raktajino.does-not-exist.org>

Well, in looking at security context information (and how to present
it), we might arrive at the conclusion that there is just nothing
useful out there in some particular circumstance.  That conclusion
would be something to document.

On the other hand, I agree that the charter doesn't even go near
specifying any kind of sophisticated, IDS-like processing of context
information.

Cheers,
-- 
Thomas Roessler, W3C  <tlr@w3.org>






On 2006-12-08 08:22:10 -0500, Mary Ellen Zurko wrote:
> From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
> To: Thomas Roessler <tlr@w3.org>
> Cc: public-wsc-wg@w3.org
> Date: Fri, 8 Dec 2006 08:22:10 -0500
> Subject: Re: What problems are we trying to solve?
> X-Spam-Level: 
> 
> > when I had first seen your list, I had read that point with an
> > emphasis on "discovered an attack", and had thought of heuristic
> > techniques, IDS-like stuff, and so on.
> 
> Yes, that aspect too is out of scope.
> 
> > I do think that discussion on how user agents ought to react to
> > failures of security protocols is in scope -- the prime example here
> > being the MITM detection in SSL which is subverted by giving users
> > an override button that they'll of course push.
> 
> It's my understanding that the charter defines our scope (our goals can be 
> more targetted than the scope allows for). Is my understanding wrong? If 
> not, what part of the charter supports that?
>         Mez
> 
Received on Friday, 8 December 2006 18:54:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:44 GMT