W3C home > Mailing lists > Public > public-publishingbg@w3.org > April 2017

Re: Some new issues raised on the charter

From: Ivan Herman <ivan@w3.org>
Date: Tue, 11 Apr 2017 17:38:46 +0200
Cc: W3C Digital Publishing IG <public-digipub-ig@w3.org>, W3C Publishing Business Group <public-publishingbg@w3.org>, Garth Conboy <garth@google.com>, Rick Johnson <rick.johnson@ingramcontent.com>
Message-Id: <4C128218-225E-46C1-9168-210822FA77EB@w3.org>
To: Bill McCoy <bmccoy@w3.org>
B.t.w., the relevant issue has been closed with the satisfaction of the commenter!

Ivan

> On 11 Apr 2017, at 17:19, Ivan Herman <ivan@w3.org> wrote:
> 
>> 
>> On 11 Apr 2017, at 16:16, Bill McCoy <bmccoy@w3.org> wrote:
>> 
>> 
>> 
>> -----Original Message-----
>> From: Ivan Herman [mailto:ivan@w3.org]
>> Sent: Tuesday, April 11, 2017 6:58 AM
>> To: Bill McCoy <bmccoy@w3.org>
>> Cc: W3C Digital Publishing IG <public-digipub-ig@w3.org>; W3C Publishing
>> Business Group <public-publishingbg@w3.org>; Garth Conboy
>> <garth@google.com>; Rick Johnson <rick.johnson@ingramcontent.com>
>> Subject: Re: Some new issues raised on the charter
>> 
>> 
>>> On 11 Apr 2017, at 15:35, Bill McCoy <bmccoy@w3.org> wrote:
>>> 
>>> In EPUB 3 the lack of explicit definition of the runtime security
>>> model had been noted as an infelicity and IDPF folks had been
>>> following the work in the W3C System Applications WG [1] in particular
>>> the draft of Web Applications Runtime and Security Model [2], since
>>> there was felt to be significant overlap between security issues in
>>> so-called "system applications" (with client-side resources and
>>> potentially offline) and portable publications.  However, the Systems
>>> Applications WG was disbanded and its specs in my understanding aren't
>>> proceeding, which may be a cautionary note with how much the new WG wants
>> to tackle in this area.
>>> Nevertheless, something in the proposed charter that notes more
>>> clearly that addressing rigorously defining the security model is in
>>> scope  for the WG could be useful and perhaps a better way to address
>>> Google's concern than trying to precisely define things like origin in
>>> the WG charter itself (since the charter is not the place to specify
>> solutions).
>> 
>> We have to be careful, though. The response may be (and should be, actually)
>> that the WG should avoid re-inventing things by itself and should reuse
>> whatever is being defined elsewhere on the subject. In this sense, the issue
>> raised in #63, ie, adding an explicit liaison to the Web App Security WG, is
>> indeed important.
>> 
>> Do you think that this is not enough?
>> 
>> Bill: I agree that adding explicit liaison to the Web App Security WG is
>> important and it may be sufficient. But  I'm not sure whether
>> offline/packaged content use cases are presently in scope for the Web App
>> Security WG (given demise of work on "system applications") and I would not
>> like to have that end up a blocker for if it was deemed out of scope for our
>> WG to define our own security model if there is nothing to reuse.
> 
> I do not think it is out of scope. We clearly say that security is to be solved; at this point I believe this is all we need…
> 
> Ivan
> 
> 
> 
> 
>> 
>> Ivan
>> 
>> 
>>> 
>>> --Bill
>>> 
>>> [1] https://www.w3.org/2012/sysapps/
>>> [2] https://www.w3.org/TR/runtime/
>>> 
>>> -----Original Message-----
>>> From: Ivan Herman [mailto:ivan@w3.org]
>>> Sent: Tuesday, April 11, 2017 4:56 AM
>>> To: W3C Digital Publishing IG <public-digipub-ig@w3.org>; W3C
>>> Publishing Business Group <public-publishingbg@w3.org>
>>> Cc: Garth Conboy <garth@google.com>; Rick Johnson
>>> <rick.johnson@ingramcontent.com>
>>> Subject: Re: Some new issues raised on the charter
>>> Importance: High
>>> 
>>> I have re-read issue 61, and I have put in a proposal for resolution
>>> to that one, too.
>>> 
>>> Ivan
>>> 
>>>> On 11 Apr 2017, at 08:23, Ivan Herman <ivan@w3.org> wrote:
>>>> 
>>>> Three new issues have been raised on the charter last night (coming
>>>> from
>>> Google). We have to handle those ASAP.
>>>> 
>>>> I have commented and proposed a solution for two out of three, namely
>>>> 
>>>> https://github.com/w3c/dpubwg-charter/issues/62
>>>> https://github.com/w3c/dpubwg-charter/issues/63
>>>> 
>>>> I have not commented on
>>>> 
>>>> https://github.com/w3c/dpubwg-charter/issues/61
>>>> 
>>>> because I would like a security expert to answer that question.
>>> Unfortunately, Leonard is unavailable this week, we should try to
>>> settle that without him around.
>>>> 
>>>> I do not think any of those issues are hugely complex, and can be
>>>> handled
>>> (I hope) with editorial changes, but they have to be treated nevertheless.
>>> Please, look at these.
>>>> 
>>>> Thanks
>>>> 
>>>> Ivan
>>>> 
>>>> ----
>>>> Ivan Herman, W3C
>>>> Publishing@W3C Technical Lead
>>>> Home: http://www.w3.org/People/Ivan/
>>>> mobile: +31-641044153
>>>> ORCID ID: http://orcid.org/0000-0003-0782-2704
>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> ----
>>> Ivan Herman, W3C
>>> Publishing@W3C Technical Lead
>>> Home: http://www.w3.org/People/Ivan/
>>> mobile: +31-641044153
>>> ORCID ID: http://orcid.org/0000-0003-0782-2704
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> ----
>> Ivan Herman, W3C
>> Publishing@W3C Technical Lead
>> Home: http://www.w3.org/People/Ivan/
>> mobile: +31-641044153
>> ORCID ID: http://orcid.org/0000-0003-0782-2704
> 
> 
> ----
> Ivan Herman, W3C
> Publishing@W3C Technical Lead
> Home: http://www.w3.org/People/Ivan/
> mobile: +31-641044153
> ORCID ID: http://orcid.org/0000-0003-0782-2704


----
Ivan Herman, W3C
Publishing@W3C Technical Lead
Home: http://www.w3.org/People/Ivan/
mobile: +31-641044153
ORCID ID: http://orcid.org/0000-0003-0782-2704





Received on Tuesday, 11 April 2017 15:39:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 11 April 2017 15:39:01 UTC