W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

Note review point - Scoping non-UI recs

From: Johnathan Nightingale <johnath@mozilla.com>
Date: Wed, 4 Apr 2007 11:03:29 -0400
Message-Id: <55F1ECB8-EEC3-4E51-AA6C-8F9EB638A4CD@mozilla.com>
To: W3C WSC W3C WSC Public <public-wsc-wg@w3.org>

Just one thing I wanted to raise for discussion, from my last review  
of the note.

Scope (4 & 5)

It is not clear to me from the content on scoping whether we consider  
recommendations that don't require UI as being in-scope.  Example:

    There is conversation in the community around mozilla supporting  
a "noscript" tag that would allow sites like myspace to disable  
javascript execution on sites with user-supplied content.  There  
wouldn't be any UI hit here, the user agent would just quietly not  
execute potentially-dangerous code.

Putting aside the question of whether this particular recommendation  
would fall afoul of the "no introducing new technology" section 5.4,  
it seems like "user agents quietly fixing things" might be a fertile  
ground for recommendations.  Indeed, my own opinion is that a lot of  
web security issues are best handled quietly by the user agent  
instead of putting confusing information or questions to the user.

Does the group consider this kind of recommendation to be in scope,  
or do we concern ourselves only with interactions that explicitly  
include information/questions for the user?  In either event, it  
might be worthwhile to introduce clarifying language.  If a consensus  
is reached for or against, I will take an action to propose a text  
change to the group.

Cheers,

Johnathan

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com
Received on Wednesday, 4 April 2007 15:03:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:46 GMT