[api] REQ 5.2, REQ 5.3 and REQ 6 v.s. HTML5


This is trying to close the loop of 3 yellow "?"s of REQ 5.2, REQ 5.3 and REQ 6 v.s. HTML5.

REQ 5.2: Application Authentication
REQ 5.3: Subscriber Authentication
REQ 6: Device Authentication

I suggest that we leave those 3 "?"s blank, i.e. N/A, because from HTML5 Spec perspective (not the suite of Specs of HTML5 Family), although there are descriptions of security related issues (primarily cross origin) and guidance in related sections, and dedicated section 1.9.1 and 1.9.2 to describe the guidance of writing secure web apps and common pitfalls to avoid when using the scripting APIs, however, the HTML5 Spec itself doesn't address the area of application authentication, subscriber authentication and device authentication. It relies on other specs and techniques to cover those authentication requirements.

Thus I suggest to leave them blank.


Bin Hu | Service Standards | AT&T

Received on Tuesday, 10 December 2013 05:28:10 UTC