Re: ACTION-515 and ACTION-516: Publishing John Kemp's TAG work on security

Hi,

actually am not quite sure about the purpose of this document and how I 
can help.
Agree with Mark, the page is a basic introduction, but the aspired value 
and for whom and why is not clear to me.

If work/input is needed to help the IAB/TAG on the security topic or 
wiki pages, please let me know (with link to wiki/work item and aspired 
goals/results).

Btw. just fyi: a somewhat related doc in websec is 
http://tools.ietf.org/id/draft-hodges-websec-framework-reqs-00.txt 
(where we try to define requirements to be used by websec and W3C 
WebAppSec). But still very rough, i.e. work in progress.

Cheers, Tobias


Ps.: On a personal note: as websec chair, I will of course do my best 
for strong and close coordination with the W3C WebAppSec WG.



On 05/08/11 19:55, Mark Nottingham wrote:
> Personally?
>
> I think most of it is covered by existing work, or not (yet) on the radar.
>
> For the latter stuff, I'm not sure if pointing it out in those documents would be useful.
>
> However, perhaps if the TAG would establish a "Web Security Roadmap" document (or perhaps just a wiki page), it would be useful, if it were done in close consultation with the browser folks as well as security folk.
>
> Cheers,
>
>
>
> On 05/08/2011, at 11:51 AM, Larry Masinter wrote:
>
>> Is there anything in the document that you think is not already covered by existing websec or W3C documents that *should* be covered?
>>
>> -----Original Message-----
>> From: Mark Nottingham [mailto:mnot@mnot.net]
>> Sent: Friday, August 05, 2011 11:49 AM
>> To: Larry Masinter
>> Cc: John Kemp; Noah Mendelsohn; tobias.gondrom@gondrom.org; Thomas Roessler; www-tag@w3.org
>> Subject: Re: ACTION-515 and ACTION-516: Publishing John Kemp's TAG work on security
>>
>> Hmm. I'm not sure how I can help; it looks like introductory material to me.
>>
>>
>> On 05/08/2011, at 11:10 AM, Larry Masinter wrote:
>>
>>> I still have TAG action items to work on getting this document
>>> http://www.w3.org/2001/tag/2011/02/security-web.html
>>> progressed. My action items are:
>>>
>>> http://www.w3.org/2001/tag/group/track/actions/515 and
>>> http://www.w3.org/2001/tag/group/track/actions/516
>>>
>>> Looking over the document, though, I'm not sure what else I think should happen with this document. It's incomplete, of course, but I don't have any ideas of a path forward that would make it more useful than just as an introduction document to help establish the problem statement for the existing groups in W3C and IETF over web security.
>>>
>>> Larry
>>>
>>> -----Original Message-----
>>> From: Mark Nottingham [mailto:mnot@mnot.net]
>>> Sent: Monday, July 25, 2011 3:14 PM
>>> To: Larry Masinter
>>> Subject: Re: ACTION-515 and ACTION-516: Publishing John Kemp's TAG
>>> work on security
>>>
>>> It was brought to their attention, as well as the folks doing the security properties document in HTTPbis.
>>>
>>> Cheers,
>>>
>>>
>>> On 25/07/2011, at 6:05 PM, Larry Masinter wrote:
>>>
>>>> I forgot, I had an action item to get Kemp's security document into some other forum. Did this happen with websec? I thought I saw something in the IETF/W3C liaison meeting minutes...
>>>>
>>>>
>>>> ________________________________________
>>>> From: Noah Mendelsohn [nrm@arcanedomain.com]
>>>> Sent: Saturday, May 28, 2011 7:40 AM
>>>> To: John Kemp
>>>> Cc: Larry Masinter; www-tag@w3.org
>>>> Subject: Re: ACTION-515 and ACTION-516: Publishing John Kemp's TAG
>>>> work on security
>>>>
>>>> John Kemp wrote:
>>>>
>>>>> Speaking personally, I actually did some more work in attempting to
>>>>> address comments on the document from the F2F, but because I didn't
>>>>> see any telco agenda item, or generally know what I should/can do
>>>>> given that I'm no longer on the TAG, my work has tailed off to the
>>>>> point where I await instruction from the group as to what the point
>>>>> of my work should be. I believe that any work on security should
>>>>> form part of an ongoing TAG activity. I am willing to aid that
>>>>> activity by continuing to write about security on the Web, but I'd
>>>>> need someone on the TAG to ensure that the TAG continues to have
>>>>> interest in that work. If no such interest is present, I will
>>>>> continue to occasionally publish Web security items on my blog from time to time.
>>>> John, thank you, and please accept my apologies. I should have been
>>>> clearer that your contributions are always both welcome and
>>>> appreciated. Except for the fact that you no longer get a formal vote
>>>> in setting priorities and directions for the group, you should always
>>>> feel free and indeed encouraged both to move things forward when you
>>>> can, and to be proactive in contacting me and the group to make
>>>> suggestions for what you feel we should do (as any member of the
>>>> public can), or to discuss how you can contribute should you wish to.
>>>>
>>>> In this case, given where the actions have been assigned, I suggest
>>>> that you work with Larry (ACTION-515) and me to prepare for the
>>>> upcoming F2F suggestions on how we might best move forward, both with
>>>> the writing you have started and with broader TAG efforts relating to
>>>> security. Of course, there's no obligation on your part, but anything
>>>> you can do is gratefully accepted. Indeed, if you have the time and
>>>> inclination, you are welcome to join us in person for discussions of
>>>> security or anything else that may be of interest. Just let me know
>>>> in time to have Amy include you in the food count.
>>>>
>>>> Thank you!
>>>>
>>>> Noah
>>> --
>>> Mark Nottingham   http://www.mnot.net/
>>>
>>>
>>>
>> --
>> Mark Nottingham   http://www.mnot.net/
>>
>>
>>
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>

Received on Tuesday, 9 August 2011 19:42:26 UTC