- From: Ivan Herman <ivan@w3.org>
- Date: Tue, 11 Apr 2017 15:58:01 +0200
- To: Bill McCoy <bmccoy@w3.org>
- Cc: W3C Digital Publishing IG <public-digipub-ig@w3.org>, W3C Publishing Business Group <public-publishingbg@w3.org>, Garth Conboy <garth@google.com>, Rick Johnson <rick.johnson@ingramcontent.com>
- Message-Id: <0900A1B5-0B7E-47BD-899E-633F7C5E99ED@w3.org>
> On 11 Apr 2017, at 15:35, Bill McCoy <bmccoy@w3.org> wrote: > > In EPUB 3 the lack of explicit definition of the runtime security model had > been noted as an infelicity and IDPF folks had been following the work in > the W3C System Applications WG [1] in particular the draft of Web > Applications Runtime and Security Model [2], since there was felt to be > significant overlap between security issues in so-called "system > applications" (with client-side resources and potentially offline) and > portable publications. However, the Systems Applications WG was disbanded > and its specs in my understanding aren't proceeding, which may be a > cautionary note with how much the new WG wants to tackle in this area. > Nevertheless, something in the proposed charter that notes more clearly that > addressing rigorously defining the security model is in scope for the WG > could be useful and perhaps a better way to address Google's concern than > trying to precisely define things like origin in the WG charter itself > (since the charter is not the place to specify solutions). We have to be careful, though. The response may be (and should be, actually) that the WG should avoid re-inventing things by itself and should reuse whatever is being defined elsewhere on the subject. In this sense, the issue raised in #63, ie, adding an explicit liaison to the Web App Security WG, is indeed important. Do you think that this is not enough? Ivan > > --Bill > > [1] https://www.w3.org/2012/sysapps/ > [2] https://www.w3.org/TR/runtime/ > > -----Original Message----- > From: Ivan Herman [mailto:ivan@w3.org] > Sent: Tuesday, April 11, 2017 4:56 AM > To: W3C Digital Publishing IG <public-digipub-ig@w3.org>; W3C Publishing > Business Group <public-publishingbg@w3.org> > Cc: Garth Conboy <garth@google.com>; Rick Johnson > <rick.johnson@ingramcontent.com> > Subject: Re: Some new issues raised on the charter > Importance: High > > I have re-read issue 61, and I have put in a proposal for resolution to that > one, too. > > Ivan > >> On 11 Apr 2017, at 08:23, Ivan Herman <ivan@w3.org> wrote: >> >> Three new issues have been raised on the charter last night (coming from > Google). We have to handle those ASAP. >> >> I have commented and proposed a solution for two out of three, namely >> >> https://github.com/w3c/dpubwg-charter/issues/62 >> https://github.com/w3c/dpubwg-charter/issues/63 >> >> I have not commented on >> >> https://github.com/w3c/dpubwg-charter/issues/61 >> >> because I would like a security expert to answer that question. > Unfortunately, Leonard is unavailable this week, we should try to settle > that without him around. >> >> I do not think any of those issues are hugely complex, and can be handled > (I hope) with editorial changes, but they have to be treated nevertheless. > Please, look at these. >> >> Thanks >> >> Ivan >> >> ---- >> Ivan Herman, W3C >> Publishing@W3C Technical Lead >> Home: http://www.w3.org/People/Ivan/ >> mobile: +31-641044153 >> ORCID ID: http://orcid.org/0000-0003-0782-2704 >> >> >> >> > > > ---- > Ivan Herman, W3C > Publishing@W3C Technical Lead > Home: http://www.w3.org/People/Ivan/ > mobile: +31-641044153 > ORCID ID: http://orcid.org/0000-0003-0782-2704 > > > > > > ---- Ivan Herman, W3C Publishing@W3C Technical Lead Home: http://www.w3.org/People/Ivan/ mobile: +31-641044153 ORCID ID: http://orcid.org/0000-0003-0782-2704
Received on Tuesday, 11 April 2017 13:58:16 UTC