RE: ISSUE-20: Client and Server model [Access Control] from Jon Ferraiolo on 2008-01-04 (public-appformats@w3.org from January 2008)

From: Jon Ferraiolo <jferrai@us.ibm.com>
Date: Fri, 4 Jan 2008 10:56:39 -0800
To: "David Orchard" <dorchard@bea.com>
Cc: "Anne van Kesteren" <annevk@opera.com>, "Web Application Formats Working Group WG" <public-appformats@w3.org>, public-appformats-request@w3.org
Message-ID: <OFBC14C4AB.A3C0A1A8-ON882573C6.00674A84-882573C6.00681076@us.ibm.com>

+1, regretfully.

Having participated on the other side of standards efforts in the past
where public discussion delayed the advancement of specifications, I have
empathy for the WAF WG, but I agree with Dave that key issues that come up
during WD and LC phases need to be resolved before allowing a spec to go to
CR. When a spec goes to CR, there should be no major open issues and the WG
should be convinced that the spec is fully good-to-go, except possibly when
the WG sees a chance that some features in the spec might be
removed/postponed if implementers can't get the feature working soon enough
and some features might be revised in minor fashion based on implementation
feedback (but if not very minor, then there needs to be a new WD).

Jon

public-appformats-request@w3.org wrote on 01/04/2008 10:47:10 AM:

>
> I don't understand why you think CR is the right time for this issue.
> CR is a time to test whether the specification works and there are a WG
> specific number of interoperable implementations.  That is way past the
> time for doing major design decisions like whether PEP should only be
> server or may be client.  If the specification changes substantially at
> CR, such as changing a PEP decision, then the spec would go way back to
> WD.  Perhaps a half year change to go through WD, LC, CR again?
>
> Dave
>
> > -----Original Message-----
> > From: public-appformats-request@w3.org
> > [mailto:public-appformats-request@w3.org] On Behalf Of Anne
> > van Kesteren
> > Sent: Friday, January 04, 2008 10:42 AM
> > To: Web Application Formats Working Group WG
> > Subject: Re: ISSUE-20: Client and Server model [Access Control]
> >
> >
> > On Fri, 04 Jan 2008 14:48:13 +0100, Web Application Formats
> > Working Group Issue Tracker <sysbot+tracker@w3.org> wrote:
> > > ISSUE-20: Client and Server model [Access Control]
> > >
> > > http://www.w3.org/2005/06/tracker/waf/issues/
> > >
> > > Raised by: Arthur Barstow
> > > On product: Access Control
> > >
> > > Issues have been raised regarding client (i.e. browser)
> > versus server
> > > aspects of the model. For example, would it better and
> > simple for the
> > > policy enforcement point to be the server rather than the
> > client, etc.
> >
> > As stated earlier we should address this when go to Candidate
> > Recommendation. It seems unlikely that we get closure on this.
> >
> >
> > --
> > Anne van Kesteren
> > <http://annevankesteren.nl/>
> > <http://www.opera.com/>
> >
> >
>

Received on Friday, 4 January 2008 18:58:19 UTC