ISSUE-20: Potential additions to Available Security Information from Web Security Context Issue Tracker on 2007-03-26 (public-wsc-wg@w3.org from March 2007)

From: Web Security Context Issue Tracker <dean+cgi@w3.org>
Date: Mon, 26 Mar 2007 13:28:47 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20070326132847.54ECA6B646@tibor.w3.org>

ISSUE-20: Potential additions to Available Security Information

http://www.w3.org/2006/WSC/Group/track/issues/20

Raised by: Mary Ellen Zurko
On product: Note: use cases etc.

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Mar/0032.html - 
In section 7, are you that confident that you can claim it's truly an 
exhaustive list? :)  For cookies, do you want to explicitly call out "both 
those sent and server requests to store"?  DNS can also provide 
reverse-mapping addresses; if example.com has IP address 1.2.3.4, does 
4.3.2.1.in-addr.arpa map to example.com? Also IP ping/traceroute can show 
packet flows ("since when is Citibank HQ in Uzbekistan"?)  Also, IP/geo 
mapping facilities.  These aren't commonly done, but since you mention 
repuation service...

We should probably rephrase the "exhaustive". Any pushback on the suggested 
additions?

Received on Monday, 26 March 2007 13:28:58 UTC