W3C home > Mailing lists > Public > public-publishingbg@w3.org > April 2017

RE: Some new issues raised on the charter

From: Bill McCoy <bmccoy@w3.org>
Date: Tue, 11 Apr 2017 07:16:06 -0700
To: "'Ivan Herman'" <ivan@w3.org>
Cc: "'W3C Digital Publishing IG'" <public-digipub-ig@w3.org>, "'W3C Publishing Business Group'" <public-publishingbg@w3.org>, "'Garth Conboy'" <garth@google.com>, "'Rick Johnson'" <rick.johnson@ingramcontent.com>
Message-ID: <019901d2b2ce$2a02cf40$7e086dc0$@w3.org>


-----Original Message-----
From: Ivan Herman [mailto:ivan@w3.org] 
Sent: Tuesday, April 11, 2017 6:58 AM
To: Bill McCoy <bmccoy@w3.org>
Cc: W3C Digital Publishing IG <public-digipub-ig@w3.org>; W3C Publishing
Business Group <public-publishingbg@w3.org>; Garth Conboy
<garth@google.com>; Rick Johnson <rick.johnson@ingramcontent.com>
Subject: Re: Some new issues raised on the charter


> On 11 Apr 2017, at 15:35, Bill McCoy <bmccoy@w3.org> wrote:
> 
> In EPUB 3 the lack of explicit definition of the runtime security 
> model had been noted as an infelicity and IDPF folks had been 
> following the work in the W3C System Applications WG [1] in particular 
> the draft of Web Applications Runtime and Security Model [2], since 
> there was felt to be significant overlap between security issues in 
> so-called "system applications" (with client-side resources and 
> potentially offline) and portable publications.  However, the Systems 
> Applications WG was disbanded and its specs in my understanding aren't 
> proceeding, which may be a cautionary note with how much the new WG wants
to tackle in this area.
> Nevertheless, something in the proposed charter that notes more 
> clearly that addressing rigorously defining the security model is in 
> scope  for the WG could be useful and perhaps a better way to address 
> Google's concern than trying to precisely define things like origin in 
> the WG charter itself (since the charter is not the place to specify
solutions).

We have to be careful, though. The response may be (and should be, actually)
that the WG should avoid re-inventing things by itself and should reuse
whatever is being defined elsewhere on the subject. In this sense, the issue
raised in #63, ie, adding an explicit liaison to the Web App Security WG, is
indeed important.

Do you think that this is not enough?

Bill: I agree that adding explicit liaison to the Web App Security WG is
important and it may be sufficient. But  I'm not sure whether
offline/packaged content use cases are presently in scope for the Web App
Security WG (given demise of work on "system applications") and I would not
like to have that end up a blocker for if it was deemed out of scope for our
WG to define our own security model if there is nothing to reuse. 

Ivan


> 
> --Bill
> 
> [1] https://www.w3.org/2012/sysapps/
> [2] https://www.w3.org/TR/runtime/
> 
> -----Original Message-----
> From: Ivan Herman [mailto:ivan@w3.org]
> Sent: Tuesday, April 11, 2017 4:56 AM
> To: W3C Digital Publishing IG <public-digipub-ig@w3.org>; W3C 
> Publishing Business Group <public-publishingbg@w3.org>
> Cc: Garth Conboy <garth@google.com>; Rick Johnson 
> <rick.johnson@ingramcontent.com>
> Subject: Re: Some new issues raised on the charter
> Importance: High
> 
> I have re-read issue 61, and I have put in a proposal for resolution 
> to that one, too.
> 
> Ivan
> 
>> On 11 Apr 2017, at 08:23, Ivan Herman <ivan@w3.org> wrote:
>> 
>> Three new issues have been raised on the charter last night (coming 
>> from
> Google). We have to handle those ASAP.
>> 
>> I have commented and proposed a solution for two out of three, namely
>> 
>> https://github.com/w3c/dpubwg-charter/issues/62
>> https://github.com/w3c/dpubwg-charter/issues/63
>> 
>> I have not commented on
>> 
>> https://github.com/w3c/dpubwg-charter/issues/61
>> 
>> because I would like a security expert to answer that question.
> Unfortunately, Leonard is unavailable this week, we should try to 
> settle that without him around.
>> 
>> I do not think any of those issues are hugely complex, and can be 
>> handled
> (I hope) with editorial changes, but they have to be treated nevertheless.
> Please, look at these.
>> 
>> Thanks
>> 
>> Ivan
>> 
>> ----
>> Ivan Herman, W3C
>> Publishing@W3C Technical Lead
>> Home: http://www.w3.org/People/Ivan/
>> mobile: +31-641044153
>> ORCID ID: http://orcid.org/0000-0003-0782-2704
>> 
>> 
>> 
>> 
> 
> 
> ----
> Ivan Herman, W3C
> Publishing@W3C Technical Lead
> Home: http://www.w3.org/People/Ivan/
> mobile: +31-641044153
> ORCID ID: http://orcid.org/0000-0003-0782-2704
> 
> 
> 
> 
> 
> 


----
Ivan Herman, W3C
Publishing@W3C Technical Lead
Home: http://www.w3.org/People/Ivan/
mobile: +31-641044153
ORCID ID: http://orcid.org/0000-0003-0782-2704
Received on Tuesday, 11 April 2017 14:16:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 11 April 2017 14:16:19 UTC