Re: Current TAG election from Harry Halpin on 2014-01-03 (www-tag@w3.org from January 2014)

From: Harry Halpin <hhalpin@ibiblio.org>
Date: Fri, 3 Jan 2014 09:42:20 +0100
To: Robin Berjon <robin@w3.org>
Cc: Brian Kardell <bkardell@gmail.com>, Michael Smith <mike@w3.org>, "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <CAE1ny+5m9H-ta5y30Tn+r7GEXuSC1DoHAp1fEG0Y_9gdK+-0xQ@mail.gmail.com>

I'd just like to note that, as great as the current activity in JS
APIs is, we should also not be content in our current paradigms of web
development. For example, in the post-Snowden era, the Web Security
Model that completely trusts the server to control absolutely all
content on the client is clearly not suitable for all Web
applications.

 There's lots of work to be done to transform the Web and Javascript
into more secure and privacy-preserving platforms for coding
high-value applications - applications that currently are too risky to
responsibly be put on the Web. Problems that the Web has lived with
for years, such as multi-tier web programming (leading to SQL
injection attacks), no secure username-password entry in websites
(leading to hashcrackin), and the CA system are now no longer obscure
technical issues but causing massive breaches of trust in the Web
itself and so vital to solve via open standards.

Thus, it would be great if someone with real-world Web and Internet
security experience ran for the TAG. Or was even offered to the W3C as
a Fellow :)

   cheers,
      harry

On Thu, Jan 2, 2014 at 1:58 PM, Robin Berjon <robin@w3.org> wrote:
> On 31/12/2013 17:44 , Brian Kardell wrote:
>>
>> My claims are less grandiose than a total indictment of absolute failure
>> and I want to make sure they are understood in the proper vein.  As a
>> "whole" and despite theoretical goodness - the wider vision and approach
>> pursued by W3C during this period didn't work out.   In addition to a
>> lot of it just not getting implementation/adoption/lasting acceptance,
>> it led to fracturing and frustration in a whole lot of ways - some of
>> the most critical commentaries come from former editors/chairs/etc - not
>> just regarding the core browser technologies, but especially there.
>>   There has to be something we can learn from this.
>
>
> I certainly wish we would.
>
> Contrary to what is often said, people in the W3C community didn't turn
> their backs on browsers and HTML. It just so happened that after the first
> browser war, very little was going on in that space so that innovation had
> to happen elsewhere. IE did add a fair number of interesting features but
> they remained IE-only; meanwhile the others were largely busy (re)building
> the foundations of today's major browsers.
>
> When the browser space became competitive again, a lot of the intervening
> innovation was tossed out. If there's one thing that I think we should learn
> it's to go fish out the babies that were thrown out with the bathwater. Some
> of those were really useful, some solve rather hard problems that we still
> have today.
>
> --
> Robin Berjon - http://berjon.com/ - @robinberjon
>

Received on Friday, 3 January 2014 08:42:48 UTC