- From: tom jones via GitHub <noreply@w3.org>
- Date: Mon, 30 Mar 2026 18:45:02 +0000
- To: public-security@w3.org
Interesting questions - not sure which fall into the scope of W3C, let alone into the scope of security ig. 1 & 2 seem out-of-scope. => whatever will be, will be and we need to deal with it. 3 - must agents be tied back to an entity that has liability? In general the Internet and the web do not require this. KYC and AML is one exception. Perhaps the exec committee could be asked to comment? Or do we just refine KYC to cover this case? 4 - i have often wondered about security versus privacy. What is the scope of a Threat Model? It seems the threats posed by (e.g.) web-mcp cover both. I do not believe it is helpful to try to create security concerns separate from privacy concerns. I guess we will see in that issue? -- GitHub Notification of comment by TomCJones Please view or discuss this issue at https://github.com/w3c/securityig/issues/27#issuecomment-4157322957 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 30 March 2026 18:45:03 UTC