Re: Proposed SOTD for Proposed Recommendation from Mary Ellen Zurko on 2010-05-12 (public-wsc-wg@w3.org from May 2010)

From: Mary Ellen Zurko <mzurko@us.ibm.com>
Date: Wed, 12 May 2010 07:40:34 -0400
To: "Thomas Roessler <tlr" <tlr@w3.org>
Cc: WSC WG public <public-wsc-wg@w3.org>
Message-ID: <OFD62729E8.2F292FBD-ON85257721.00401BD9-85257721.0040234C@LocalDomain>
Looks good to me; tx!

          Mez





From:   Thomas Roessler <tlr@w3.org>
To:     Mary Ellen Zurko/Westford/IBM@Lotus
Cc:     Thomas Roessler <tlr@w3.org>, WSC WG public <public-wsc-wg@w3.org>
Date:   05/11/2010 12:29 PM
Subject:        Proposed SOTD for Proposed Recommendation



I've just added this text to the editor's draft:

> This section describes the status of this document at the time of its 
publication. Other documents may supersede this document. A list of 
current W3C publications and the latest revision of this technical report 
can be found in the W3C technical reports index at http://www.w3.org/TR/.
> 
> The W3C Membership and other interested parties are invited to review 
the document and send comments to public-usable-authentication@w3.org 
(with public archive) through @@. Advisory Committee Representatives 
should consult their WBS questionnaires. Note that substantive technical 
comments were expected during the Last Call review period that ended 31 
March 2010.
> 
> Please see the Working Group's Implementation Report.
> 
> This document was developed by the Web Security Context WorkingaGroup. 
The Working Group expects to advance this Working Draft to Recommendation 
Status.
> 
> To frame its development of this specification, the Working Group had 
previously published a use case note [WSC-USECASES]. This specification 
addresses most of the use cases and issues documented in that note by 
documenting best existing practice, with the following exceptions:
> 
>                ? This specification does not include advice for web site 
authors.
> 
>                ? This specification does not provide advice to address 
the issue explained in sections 9.1.2 Visually extending the chrome and 
9.2.7 Information bar (aka: notification bar).
> 
> Additionally, section 10.4 Implementation and testing of [WSC-USECASES] 
articulated an expectation that the recommendations in this specification 
would be subject to usability testing, at least on a low fidelity level, 
and that such testing would form part of the Candidate Recommendation exit 
criteria. Resources available to the Working Group at this point will not 
permit the group to conduct extensive usability testing. At the same time, 
the focus of this specification has shifted toward documenting best 
existing practice.
> 
> For a list of changes to this document since its latest Last Call 
Working Draft, please refer to the diff document that is available. 
Notable changes made in response to last call comments include:
> 
> @@ Note: Will add links to sections in the diff to this list of changes. 
@@
> 
>                ? A clarification in the overview that the security 
properties of the local client state are out of scope.
>                ? Removing upgrades as defined in RFC 2817 from the 
definition of TLS-protected.
>                ? Reverting the conformance criteria for TLS indicator 
and identity signal to their Candidate Recommendation state of SHOULD in 
primary user interface, otherwise MUST in secondary user interface. 
(During the latest last call they had been changed to MUST in primary user 
interface.)
>                ? In errors that interrupt the user's flow of 
interaction, clarifying that user agents are to make a best effort to 
enable the user to easily return to the previous user agent state.
>                ? Referencing TLS-protected HTTP instead of HTTPS in the 
discussion of the security considerations of dynamic content changes from 
calls to the XMLHttpRequest API.
> 
> Publication as a Proposed Recommendation does not imply endorsement by 
the W3C Membership. This is a draft document and may be updated, replaced 
or obsoleted by other documents at any time. It is inappropriate to cite 
this document as other than work in progress.
> 
> This document was produced by a group operating under the 5 February 
2004 W3C Patent Policy. W3C maintains a public list of any patent 
disclosures made in connection with the deliverables of the group; that 
page also includes instructions for disclosing a patent. An individual who 
has actual knowledge of a patent which the individual believes contains 
Essential Claim(s) must disclose the information in accordance with 
section 6 of the W3C Patent Policy.


--
Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)
Received on Wednesday, 12 May 2010 11:41:11 UTC