W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

RE: Robustness - Review of note - do we need an assumption section?

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Mon, 9 Jul 2007 08:28:38 -0400
Cc: public-wsc-wg@w3.org
Message-ID: <OF3D391FBD.128ABE91-ON85257313.00447CC2-85257313.00448A5C@LocalDomain>
To: wdoyle@mitre.org
Everything's group owned (though some things have specific proponents). 
Please do make a pass at a rewrite of:
http://www.w3.org/TR/wsc-usecases/#bugs

          Mez





"Doyle, Bill" <wdoyle@mitre.org> 
Sent by: public-wsc-wg-request@w3.org
07/06/2007 01:23 PM

To
"Thomas Roessler" <tlr@w3.org>
cc
<public-wsc-wg@w3.org>
Subject
RE: Robustness - Review of note - do we need an assumption section?







Thx, that works for me. I can then reference it.

Do we have an owner for section 5.7? Should I make a first pass at
rewrite?

Cheers,

Bill D.
wdoyle@mitre.org



-----Original Message-----
From: Thomas Roessler [mailto:tlr@w3.org] 
Sent: Friday, July 06, 2007 1:14 PM
To: Doyle, Bill
Cc: public-wsc-wg@w3.org
Subject: Re: Robustness - Review of note - do we need an assumption
section?

On 2007-06-19 07:52:48 -0400, Doyle, Bill wrote:

> The WG knows that the user agent operates in a risk prone
> environment. We note items that are out of scope, but I don't see
> anything that states an expectation that the user agent requires
> a reliable platform.

> It is assumed that is that the user agent is operating on a
> platform that is functioning correctly. Since the web is a risk
> prone environment the user must take precautions implementing
> defense in depth techniques that include network, application and
> OS controls to ensure that the operating environment is reliable
> and will correctly interpret user and user agent requests.

That's, in fact, an excellent point.  It's somewhat inherent to 5.7,
where we declare "User agent exploits" out of scope.

It might be useful to rephrase that section roughly in the way that
you hint at, to be more explicit that this is actually a generic
assumption that we make, as opposed to a somewhat informal remark
about certain attacks.

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Monday, 9 July 2007 12:28:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:48 GMT