W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

ISSUE-47: define extension interface for content-scanning tools (public comment)

From: Web Security Context Issue Tracker <dean+cgi@w3.org>
Date: Mon, 16 Apr 2007 10:46:50 +0000 (UTC)
To: public-wsc-wg@w3.org
Message-Id: <20070416104650.93A9813AC4@seamus.w3.org>


ISSUE-47: define extension interface for content-scanning tools (public comment)

http://www.w3.org/2006/WSC/Group/track/issues/47

Raised by: Bill Doyle
On product: Note: use cases etc.

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html

define extension interface for content-scanning tools 
where it says, in 5.5 Content based detection
The Working Group will not recommend any checks on
   the content served by web sites.
please consider
I don't think that you mean people shouldn't check signatures on signed 
content.  What I think that you mean is that the filter queries or trip 
thresholds
for statistical techniques such as you discuss will not be published by the 
group.

You should consider providing a programmatic interface (perhaps a hypothesis 
lattice compatible with what a voice recognizer looks like in EMMA) for such 
tools to contribute to rational decision making about when to raise a warning, 
and in addition an interface where they can contribute message-content to the 
security infoset.
Why? 
The free-content areas drive trust.  Confidence schemes work in this domain.  
So there is an enduring value-added niche for such techniques.  The group 
should seek to define interfaces whereby third-party software can contribute 
its findings to the rollup summarized by your recommended presentation.  
Otherwise we will continue with the plethora of security helpers waving 
plackards in our faces.
Received on Monday, 16 April 2007 10:46:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:46 GMT