W3C home > Mailing lists > Public > www-tag@w3.org > March 2011

Re: ACTION-344: Alert TAG chair when CORS and/or UMP goes to LC to trigger security review

From: Noah Mendelsohn <nrm@arcanedomain.com>
Date: Mon, 21 Mar 2011 16:40:56 -0400
Message-ID: <4D87B7D8.1090902@arcanedomain.com>
To: Jonathan Rees <jar@creativecommons.org>
CC: www-tag@w3.org
OK, thank you. Useful as this report is, I'm not convinced it needs telcon 
time just now. Do you agree? Either way is fine with me. Thanks.

Noah

On 3/21/2011 12:19 PM, Jonathan Rees wrote:
> I've had this action item for about 15 months now, and thought I'd
> give a brief report.
>
> Here's the discussion where the action was assigned:
> http://www.w3.org/2001/tag/2009/12/08-tagmem-minutes.html#item03
>
> I've been monitoring the webapps list for progress, and both CORS and
> UMP appear to be stalled. Here is what I've been able to figure out:
>
> UMP last call requested April 2010
>   http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0026.html
>   The ensuing discussion led to creation of Webapps issue 108 on confused deputy
>   vulnerability (still in RAISED state).  The latest I found on the
> status of issue 108
>   was http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/0762.html
>
> UMP latest WD: Jan 2010
>   http://www.w3.org/TR/2010/WD-UMP-20100126/
>
> CORS latest WD: July 2010
>   http://www.w3.org/TR/2010/WD-cors-20100727/
>
> There are more recent editors' drafts of each.
>
> W3C process document 6.2.7 Working Group "Heartbeat" Requirement:
>   http://www.w3.org/2005/10/Process-20051014/groups#three-month-rule
>   "Each Working Group should publish in the W3C technical reports index a
>   new draft of each active technical report at least once every three
>   months."
>
> I've also been monitoring the public-web-security list and have seen
> nothing there related to UMP or CORS.
>
> I'll continue to keep my eye on this and will let the TAG chair know
> as soon as a last call document is published.
>
> Best
> Jonathan
>
>
Received on Monday, 21 March 2011 20:41:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:34 GMT