- From: Ivan Herman <ivan@w3.org>
- Date: Tue, 11 Apr 2017 17:38:46 +0200
- To: Bill McCoy <bmccoy@w3.org>
- Cc: W3C Digital Publishing IG <public-digipub-ig@w3.org>, W3C Publishing Business Group <public-publishingbg@w3.org>, Garth Conboy <garth@google.com>, Rick Johnson <rick.johnson@ingramcontent.com>
- Message-Id: <4C128218-225E-46C1-9168-210822FA77EB@w3.org>
B.t.w., the relevant issue has been closed with the satisfaction of the commenter! Ivan > On 11 Apr 2017, at 17:19, Ivan Herman <ivan@w3.org> wrote: > >> >> On 11 Apr 2017, at 16:16, Bill McCoy <bmccoy@w3.org> wrote: >> >> >> >> -----Original Message----- >> From: Ivan Herman [mailto:ivan@w3.org] >> Sent: Tuesday, April 11, 2017 6:58 AM >> To: Bill McCoy <bmccoy@w3.org> >> Cc: W3C Digital Publishing IG <public-digipub-ig@w3.org>; W3C Publishing >> Business Group <public-publishingbg@w3.org>; Garth Conboy >> <garth@google.com>; Rick Johnson <rick.johnson@ingramcontent.com> >> Subject: Re: Some new issues raised on the charter >> >> >>> On 11 Apr 2017, at 15:35, Bill McCoy <bmccoy@w3.org> wrote: >>> >>> In EPUB 3 the lack of explicit definition of the runtime security >>> model had been noted as an infelicity and IDPF folks had been >>> following the work in the W3C System Applications WG [1] in particular >>> the draft of Web Applications Runtime and Security Model [2], since >>> there was felt to be significant overlap between security issues in >>> so-called "system applications" (with client-side resources and >>> potentially offline) and portable publications. However, the Systems >>> Applications WG was disbanded and its specs in my understanding aren't >>> proceeding, which may be a cautionary note with how much the new WG wants >> to tackle in this area. >>> Nevertheless, something in the proposed charter that notes more >>> clearly that addressing rigorously defining the security model is in >>> scope for the WG could be useful and perhaps a better way to address >>> Google's concern than trying to precisely define things like origin in >>> the WG charter itself (since the charter is not the place to specify >> solutions). >> >> We have to be careful, though. The response may be (and should be, actually) >> that the WG should avoid re-inventing things by itself and should reuse >> whatever is being defined elsewhere on the subject. In this sense, the issue >> raised in #63, ie, adding an explicit liaison to the Web App Security WG, is >> indeed important. >> >> Do you think that this is not enough? >> >> Bill: I agree that adding explicit liaison to the Web App Security WG is >> important and it may be sufficient. But I'm not sure whether >> offline/packaged content use cases are presently in scope for the Web App >> Security WG (given demise of work on "system applications") and I would not >> like to have that end up a blocker for if it was deemed out of scope for our >> WG to define our own security model if there is nothing to reuse. > > I do not think it is out of scope. We clearly say that security is to be solved; at this point I believe this is all we need… > > Ivan > > > > >> >> Ivan >> >> >>> >>> --Bill >>> >>> [1] https://www.w3.org/2012/sysapps/ >>> [2] https://www.w3.org/TR/runtime/ >>> >>> -----Original Message----- >>> From: Ivan Herman [mailto:ivan@w3.org] >>> Sent: Tuesday, April 11, 2017 4:56 AM >>> To: W3C Digital Publishing IG <public-digipub-ig@w3.org>; W3C >>> Publishing Business Group <public-publishingbg@w3.org> >>> Cc: Garth Conboy <garth@google.com>; Rick Johnson >>> <rick.johnson@ingramcontent.com> >>> Subject: Re: Some new issues raised on the charter >>> Importance: High >>> >>> I have re-read issue 61, and I have put in a proposal for resolution >>> to that one, too. >>> >>> Ivan >>> >>>> On 11 Apr 2017, at 08:23, Ivan Herman <ivan@w3.org> wrote: >>>> >>>> Three new issues have been raised on the charter last night (coming >>>> from >>> Google). We have to handle those ASAP. >>>> >>>> I have commented and proposed a solution for two out of three, namely >>>> >>>> https://github.com/w3c/dpubwg-charter/issues/62 >>>> https://github.com/w3c/dpubwg-charter/issues/63 >>>> >>>> I have not commented on >>>> >>>> https://github.com/w3c/dpubwg-charter/issues/61 >>>> >>>> because I would like a security expert to answer that question. >>> Unfortunately, Leonard is unavailable this week, we should try to >>> settle that without him around. >>>> >>>> I do not think any of those issues are hugely complex, and can be >>>> handled >>> (I hope) with editorial changes, but they have to be treated nevertheless. >>> Please, look at these. >>>> >>>> Thanks >>>> >>>> Ivan >>>> >>>> ---- >>>> Ivan Herman, W3C >>>> Publishing@W3C Technical Lead >>>> Home: http://www.w3.org/People/Ivan/ >>>> mobile: +31-641044153 >>>> ORCID ID: http://orcid.org/0000-0003-0782-2704 >>>> >>>> >>>> >>>> >>> >>> >>> ---- >>> Ivan Herman, W3C >>> Publishing@W3C Technical Lead >>> Home: http://www.w3.org/People/Ivan/ >>> mobile: +31-641044153 >>> ORCID ID: http://orcid.org/0000-0003-0782-2704 >>> >>> >>> >>> >>> >>> >> >> >> ---- >> Ivan Herman, W3C >> Publishing@W3C Technical Lead >> Home: http://www.w3.org/People/Ivan/ >> mobile: +31-641044153 >> ORCID ID: http://orcid.org/0000-0003-0782-2704 > > > ---- > Ivan Herman, W3C > Publishing@W3C Technical Lead > Home: http://www.w3.org/People/Ivan/ > mobile: +31-641044153 > ORCID ID: http://orcid.org/0000-0003-0782-2704 ---- Ivan Herman, W3C Publishing@W3C Technical Lead Home: http://www.w3.org/People/Ivan/ mobile: +31-641044153 ORCID ID: http://orcid.org/0000-0003-0782-2704
Received on Tuesday, 11 April 2017 15:39:03 UTC