[api] REQ 5.2, REQ 5.3 and REQ 6 v.s. HTML5 from HU, BIN on 2013-12-10 (public-web-and-tv@w3.org from December 2013)

From: HU, BIN <bh526r@att.com>
Date: Tue, 10 Dec 2013 05:27:16 +0000
To: public-web-and-tv <public-web-and-tv@w3.org>
Message-ID: <179FD336116F754C876A9347238FE29A0111A78F@WABOTH9MSGUSR8L.ITServices.sbc.com>

Hello,

This is trying to close the loop of 3 yellow "?"s of REQ 5.2, REQ 5.3 and REQ 6 v.s. HTML5.

REQ 5.2: Application Authentication
REQ 5.3: Subscriber Authentication
REQ 6: Device Authentication

I suggest that we leave those 3 "?"s blank, i.e. N/A, because from HTML5 Spec perspective (not the suite of Specs of HTML5 Family), although there are descriptions of security related issues (primarily cross origin) and guidance in related sections, and dedicated section 1.9.1 and 1.9.2 to describe the guidance of writing secure web apps and common pitfalls to avoid when using the scripting APIs, however, the HTML5 Spec itself doesn't address the area of application authentication, subscriber authentication and device authentication. It relies on other specs and techniques to cover those authentication requirements.

Thus I suggest to leave them blank.

Thanks

Bin Hu | Service Standards | AT&T

Received on Tuesday, 10 December 2013 05:28:10 UTC