W3C home > Mailing lists > Public > public-publishingbg@w3.org > April 2017

Re: Some new issues raised on the charter

From: Ivan Herman <ivan@w3.org>
Date: Tue, 11 Apr 2017 15:58:01 +0200
Cc: W3C Digital Publishing IG <public-digipub-ig@w3.org>, W3C Publishing Business Group <public-publishingbg@w3.org>, Garth Conboy <garth@google.com>, Rick Johnson <rick.johnson@ingramcontent.com>
Message-Id: <0900A1B5-0B7E-47BD-899E-633F7C5E99ED@w3.org>
To: Bill McCoy <bmccoy@w3.org>

> On 11 Apr 2017, at 15:35, Bill McCoy <bmccoy@w3.org> wrote:
> 
> In EPUB 3 the lack of explicit definition of the runtime security model had
> been noted as an infelicity and IDPF folks had been following the work in
> the W3C System Applications WG [1] in particular the draft of Web
> Applications Runtime and Security Model [2], since there was felt to be
> significant overlap between security issues in so-called "system
> applications" (with client-side resources and potentially offline) and
> portable publications.  However, the Systems Applications WG was disbanded
> and its specs in my understanding aren't proceeding, which may be a
> cautionary note with how much the new WG wants to tackle in this area.
> Nevertheless, something in the proposed charter that notes more clearly that
> addressing rigorously defining the security model is in scope  for the WG
> could be useful and perhaps a better way to address Google's concern than
> trying to precisely define things like origin in the WG charter itself
> (since the charter is not the place to specify solutions).

We have to be careful, though. The response may be (and should be, actually) that the WG should avoid re-inventing things by itself and should reuse whatever is being defined elsewhere on the subject. In this sense, the issue raised in #63, ie, adding an explicit liaison to the Web App Security WG, is indeed important.

Do you think that this is not enough?

Ivan


> 
> --Bill
> 
> [1] https://www.w3.org/2012/sysapps/
> [2] https://www.w3.org/TR/runtime/
> 
> -----Original Message-----
> From: Ivan Herman [mailto:ivan@w3.org]
> Sent: Tuesday, April 11, 2017 4:56 AM
> To: W3C Digital Publishing IG <public-digipub-ig@w3.org>; W3C Publishing
> Business Group <public-publishingbg@w3.org>
> Cc: Garth Conboy <garth@google.com>; Rick Johnson
> <rick.johnson@ingramcontent.com>
> Subject: Re: Some new issues raised on the charter
> Importance: High
> 
> I have re-read issue 61, and I have put in a proposal for resolution to that
> one, too.
> 
> Ivan
> 
>> On 11 Apr 2017, at 08:23, Ivan Herman <ivan@w3.org> wrote:
>> 
>> Three new issues have been raised on the charter last night (coming from
> Google). We have to handle those ASAP.
>> 
>> I have commented and proposed a solution for two out of three, namely
>> 
>> https://github.com/w3c/dpubwg-charter/issues/62
>> https://github.com/w3c/dpubwg-charter/issues/63
>> 
>> I have not commented on
>> 
>> https://github.com/w3c/dpubwg-charter/issues/61
>> 
>> because I would like a security expert to answer that question.
> Unfortunately, Leonard is unavailable this week, we should try to settle
> that without him around.
>> 
>> I do not think any of those issues are hugely complex, and can be handled
> (I hope) with editorial changes, but they have to be treated nevertheless.
> Please, look at these.
>> 
>> Thanks
>> 
>> Ivan
>> 
>> ----
>> Ivan Herman, W3C
>> Publishing@W3C Technical Lead
>> Home: http://www.w3.org/People/Ivan/
>> mobile: +31-641044153
>> ORCID ID: http://orcid.org/0000-0003-0782-2704
>> 
>> 
>> 
>> 
> 
> 
> ----
> Ivan Herman, W3C
> Publishing@W3C Technical Lead
> Home: http://www.w3.org/People/Ivan/
> mobile: +31-641044153
> ORCID ID: http://orcid.org/0000-0003-0782-2704
> 
> 
> 
> 
> 
> 


----
Ivan Herman, W3C
Publishing@W3C Technical Lead
Home: http://www.w3.org/People/Ivan/
mobile: +31-641044153
ORCID ID: http://orcid.org/0000-0003-0782-2704





Received on Tuesday, 11 April 2017 13:58:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 11 April 2017 13:58:15 UTC