W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

RE: ISSUE-28: \"available security information\"

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Thu, 12 Apr 2007 15:45:44 -0400
Cc: "Web Security Context WG" <public-wsc-wg@w3.org>
Message-ID: <OF648D21EF.CBB93AA7-ON852572BA.0051D52F-852572BB.006C9029@LocalDomain>
To: tyler.close@hp.com
The only issue I have is that it will be a "point in time" statement. But 
the current timeline doesn't really say when wsc-usecases will be done. If 
we assume that wsc-usecases includes all information sources we consider, 
it is not "done" until November 2007. That would mean moving "finalize 
wsc-usecases" from May to November. Anyone see any issues with that? 


Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect

"Close, Tyler J." <tyler.close@hp.com> 
Sent by: public-wsc-wg-request@w3.org
04/10/2007 02:41 PM

"Web Security Context WG" <public-wsc-wg@w3.org>

RE: ISSUE-28: \"available security information\"

I think having an exhaustive list of all the information sources we can 
use when creating recommendations is valuable to ensure we're not 
neglecting a valuable source of information. In drafting the intro to this 
section, I purposely used the word "exhaustive" so as to draw a big fat 
target on my back. If there's something important that's not covered by 
this list we want to know about it and add it to the list if it is 
in-scope. I think it is a mistake to weasel word around "exhaustive" as 
that might discourage people from pointing out the discrepancies that we 
really want them to point out.
Thomas' ISSUE-28 picks at the word "exhaustive" without pointing out even 
a single omission. I guess we need a word even more provocative than 
"exhaustive", in order to get the feedback we need. ;)

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] 
On Behalf Of Johnathan Nightingale
Sent: Monday, April 09, 2007 3:52 PM
To: Timothy Hahn
Cc: Web Security Context WG
Subject: Re: ISSUE-28: \"available security information\"

Echoing comments I've made on the calls, I am also a fan of this section. 
Not only does it document the context in which recommendations were 
generated (Mez's point) but it is also a reasonably useful list to which 
to refer; at least for me.  I'm fine with changing the language though, so 
that we don't claim to be something we're not. 



Johnathan Nightingale
Human Shield

On 9-Apr-07, at 8:22 AM, Timothy Hahn wrote:

+1 on keeping the section. 

I think we could come up with a better adjective than "exhaustive". 
Perhaps "well known" or "known" would be sufficiently precise for now. 

Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530

"Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com> 
Sent by: public-wsc-wg-request@w3.org 
04/09/07 10:26 AM 

Web Security Context WG <public-wsc-wg@w3.org> 

Re: ISSUE-28: \"available security information\"

> However, in its current state, I'm inclined to consider this section 
> "exhaustive" (as the text claims it is), nor particularly useful.

I disagree on the utility. 

It's good to see an overview of the available security information that 
we've identified. Readers don't need to ask "have you thought about using 
x?", since they can just check the list. And it has useful references as 

I would argue against removing it, even in its current form. 

Received on Thursday, 12 April 2007 19:45:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:15 UTC