Re: Security Use Cases - Very rough first draft from Leonard Rosenthol on 2016-08-19 (public-digipub-ig@w3.org from August 2016)

From: Leonard Rosenthol <lrosenth@adobe.com>
Date: Fri, 19 Aug 2016 15:37:34 +0000
To: Ivan Herman <ivan@w3.org>
CC: Baldur Bjarnason <baldur@rebus.foundation>, W3C Digital Publishing IG <public-digipub-ig@w3.org>
Message-ID: <732AAB5E-AD07-4E66-9237-3787D8648E73@adobe.com>

No, the canonical URL has nothing to do with the origin of the content in the web context in which it is being “hosted”.

However, I did end up pointing out the existence of that URL to Baldur during one of the discussion threads.   Also an issue came up where I raised our design for multiple manifests.

Leonard

On 8/19/16, 10:12 AM, "Ivan Herman" <ivan@w3.org> wrote:

    
    > On 19 Aug 2016, at 16:02, Leonard Rosenthol <lrosenth@adobe.com> wrote:
    > 
    > Baldur – great starting place. Thanks for all hard work.
    > 
    > I did, however, make numerous comments and corrections to the document that I hope you see as an attempt to improve the document towards inclusion with our master work.
    > 
    > The biggest issue is that you appear to see a PWP as having no origin – and that need not be the case.  There are many ways in which a PWP UA could (and should!) ensure that every PWP has an origin regardless of where it is hosted/loaded from.
    
    Does this relate to the requirement we did set somewhere else, that we expect a PWP to carry (eg in its manifest) a canonical URI?
    
    (Caveat: my knowledge about security issues are, alas!, very poor, so this may be something else…)
    
    Ivan
    
    
    > 
    > Leonard
    > 
    > On 8/19/16, 8:34 AM, "Baldur Bjarnason" <baldur@rebus.foundation> wrote:
    > 
    >    Security Use Cases - Very rough first draft
    > 
    >    Here it is on Google Docs:
    > 
    >    https://docs.google.com/document/d/1i8vm8cg5iqxWgpPFRR3Qae5loj-DWcrsbBUIf2IeGaU/edit?usp=sharing

    > 
    >    Let me know if you can’t access it and I’ll find another way to share it with the list or fiddle with the sharing settings on the document itself.
    > 
    >    It’s a very rough draft, half-baked, doesn’t conform to spec style or structure etc. etc.
    > 
    >    All of the links included are there more as informative references for context and will have to be turned into proper spec references or removed in a later draft.
    > 
    >    If the scenarios seem paranoid downers then bear in mind that my biggest worry while writing it is that I might not be paranoid enough.
    > 
    >    - best
    >    - Baldur Bjarnason
    >      baldur@rebus.foundation
    > 
    > 
    > 
    > 
    > 
    > 
    > 
    
    
    ----
    Ivan Herman, W3C
    Digital Publishing Lead
    Home: http://www.w3.org/People/Ivan/

    mobile: +31-641044153
    ORCID ID: http://orcid.org/0000-0003-0782-2704

Received on Friday, 19 August 2016 15:38:16 UTC