Re: [waf] Draft of merged Web Apps WG charter available

David, All,

Regarding, why is the WAF WG working on the AC [AC-spec] spec, I  
think some history is important -

Our work began after the Team held a Project Review [AC-PR] in April  
2006. The review was chaired by Thomas Roessler and the Chair of the  
AC task force (Brad Porter) presented slides [Brad] that identified a  
small set of Use Cases that would be in scope as well as the basic  
architecture of the proposed work that was based on a related WG Note  
by the VB WG [AC-Note]. A few weeks later Tim approved publication of  
the the first WD.

Clearly the Team could have blocked that FPWD pending an AC review. I  
can't speak for them but based on the relatively small set of UCs we  
identified at the time and the desire not to have different competing  
specs (i.e. one for VB, one for XBL2, one for XHR), the task/spec  
envisioned didn't seem large enough to form a new WG. If we wanted to  
ignore other UCs and prior work and just solely address WAF's AC- 
related requirements i.e. XBL2, then we could have embedded something  
like the AC spec directly in the XBL2 spec. If we had done so, we  
wouldn't be discussing this issue (=is this work explicit in the  
Charter) but don't think such a short-sighted position would have  
been wise. Lastly, hindsight is always 20/20 and if we were able to  
predict the future in April 2006 e.g. we knew that new technologies  
such as JSONRequest could be potentially relevant, then perhaps a  
different choice would have been made.

Regarding transparency i.e. the the implication this work was  
intentionally "flown low on the radar screen" - I'm surprised by this  
assertion because I've done what I believe is more than due diligence  
to publicize this spec. In particular, during the May 2006 AC meeting  
I made a presentation about this work [AC-PR]. The work was also  
discussed or mentioned in Domain reports or presentations at the May  
2006, November 2007 and May 2007 AC meetings. Additionally, I  
included an overview of the spec in my WAF WG presentations at  
WWW2006 [WWW2006] and WWW2007 [WWW2007], in June 2007 we explicitly  
asked the TAG to review the spec [TAG-Request], we invited the WSC WG  
and XML Security Maintenance WG to our TPAC f2f meeting, we have  
directly engaged with the POWDER WG and this spec was also mentioned  
on several of the W3C's Newsletters and NewsWires.

Thus, I would appreciate it if you would please send me the pointer 
(s) to the evidence that substantiates your claim:

I see considerable evidence that the specification has "flown low on  
the radar"

Regarding the need for UCs and Requirements - as you know, I agree  
with you (as I've stated on the WG's member and public mail lists)  
and I appreciate you volunteering to help with that task so thanks  

Regarding work item granularity for a WG - as Nokia's AC rep I have  
at times struggled with the related issues including: Team overhead,  
allocation of Nokia's resources, IPR concerns, etc. It's a  
interesting balancing act and surely a single spec (or spec family)  
per WG is appropriate at times but could also introduce unacceptable  
overhead if taken to the extreme.

BTW, during last November's TPAC meeting, I encouraged Hal to join  
the WAF WG and explained to him that one reason we do not enforce the  
Good Standing requirement is to facilitate people like him that only  
want to participate on a specific spec.

Regards, Art Barstow

[AC-spec] <>
[AC-PR] <>
[AC-Note] <>
[Brad] <>
[WWW2006] <>
[WWW2007] <>
[TAG-Request] < 

On Jan 11, 2008, at 8:00 PM, ext David Orchard wrote:

> I'm Bcc:ing the AC List because I believe that other AC members may be
> interested in my comments, but I don't want WG members to accidentally
> cc the AC list.
> My comments are mainly that the charter is too broad in scope and too
> undefined in deliverables.  The broadness of scope of the current WAF
> charter has precluded our organization from significantly  
> participating
> in the Working Group, and this rechartering exacerbates the problem
> going forward.  In our case, Hal Lockhart is a supremely qualified
> person to work on Access Control but has spent little time on that  
> area
> of work because the current WAF is so broad in scope.  In another
> example, we have other people who are qualified and interested in the
> Widgets work but are unable to participate for the same reasons.
> The usual solution for the problem of a very broad scope in charter is
> to refactor into more WGs with smaller charters.  I prefer that but  
> I'm
> also open to other solutions that increase the participation in
> deliverying items under the W3C Process.  I'm very uncomfortable with
> the current charter scope and single WG process.
> As an example of the problems of broad and open scope, I am  
> disappointed
> by the way that Access Control was added to the Working Groups
> deliverables without AC review and the usual deliverables of
> requirements and use cases.  It seems that almost immediately after  
> was chartered [1] in November 2005, it immediately took over  
> editing the
> "Authorizing Read Access to XML Content Using the <?access-control?>
> Processing Instruction 1.0" document, as roughly described in [2].  I
> realize that the charter says "Given that the rich Web client area  
> is in
> a phase of rapid development, the Working Group may become aware of  
> the
> urgent need for standardization of a technology not explicitly  
> listed in
> this charter, but still in the scope of the Working Group", but I fail
> to see why such urgency that an AC review and normal process can be
> ignored.  In the Access Control case, it was added almost immediately
> after chartering in December 2005 and has been worked on sporadically
> since then and we are now at January 2008.  I see considerable  
> evidence
> that the specification has "flown low on the radar" and there are  
> still
> many differences of opinion about fundamental requirements.  AC review
> and publication of Requirements and Use Cases are good triggers for
> early review and consensus building, and we did not see those.  This
> lack of process on Access Control has meant that we have not  
> tracked the
> work nearly as closely as we would have liked, though we are now  
> trying
> to rectify that.
> I would like the AC consulted whenever a deliverable is added.  I'd  
> like
> to see a more rigorous process that includes early publication of
> requirements and use cases for each deliverable.
> Cheers,
> Dave
> [1]
> [2]
> 0004.html

Received on Saturday, 12 January 2008 20:57:17 UTC