W3C home > Mailing lists > Public > public-w3process@w3.org > November 2014

Re: Require security review before FPWD

From: David Singer <singer@apple.com>
Date: Fri, 7 Nov 2014 12:08:03 +0000
Cc: Jeff Jaffe <jeff@w3.org>, GALINDO Virginie <virginie.galindo@gemalto.com>, Karl Dubost <karl@la-grange.net>, Anne van Kesteren <annevk@annevk.nl>, Philippe Le Hegaret <plh@w3.org>, public-w3process <public-w3process@w3.org>
Message-Id: <6F209920-1CDF-4332-91C7-0CE7864013E8@apple.com>
To: chaals@yandex-team.ru

On Nov 7, 2014, at 12:02 , chaals@yandex-team.ru wrote:

> 04.11.2014, 15:25, "Jeff Jaffe" <jeff@w3.org>:
>> On 11/4/2014 3:40 AM, GALINDO Virginie wrote:
>>> +1 for the guidelines,
>> Would the Security IG be the right place to develop those guidelines?
> They would be the obvious group to have them as a deliverable. But in the nature of things, they probably should look around for expertise in other groups to help make the guidelines as good as we can get them…
> cheers

I think the community as a whole should develop the guidelines, and if we don’t get input from the security IG then I am not sure we’d have a good set of guidelines.

But the model that ‘the XXX IG is responsible for developing the guidelines’ or, worse, ‘the primary responsibility for an XXX review lies with the YYY IG’, is flawed.  This is, in effect, signing up IGs for open-ended amounts of work.  The primary responsibility for ensuring that XXX has had consideration in a document, lies with the group that wants to publish that document, and in this case, the primary responsibility for developing requirements and guidelines in the process for XXX reviews lies with the group that is working on the process — the process G and the AB, with the AC and staff.

Yes, we want the security IG’s (and privacy IG’s, and…) help.  No, it is not their deliverable.

David Singer
Manager, Software Standards, Apple Inc.
Received on Friday, 7 November 2014 12:08:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:51:23 UTC