RE: [W3C Web Security IG] call for comments on Security Review Process and Security Guidelines

Stephen,
Thanks for your feedback.
I believe that PM should be taken into account into the guidelines, but the RFC7258 is just stating that one should pay attention to it, there is no 'opretaional' recommendation inside. As such, this will not help the editors and chairs to fill their 'security recommendation' section. I would rather add in the guideline the fact that "editors and chair should monitor deliverables related to RFC7258."
As soon as you guys will have delivered something, we will consider adding it to our guidelines.
Would that work for you ?
Regards,
Virginie

-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
Sent: mercredi 28 mai 2014 21:57
To: GALINDO Virginie; public-web-security@w3.org
Cc: 'Wendy Seltzer'
Subject: Re: [W3C Web Security IG] call for comments on Security Review Process and Security Guidelines


Wrt [2]. How'd you feel about also adding RFC7258 as another guideline? FWIW, as a non-member of W3C, I think that'd be a fine thing.

I hope (not promising) that the IETF might produce a companion document for RFC 3552 as guidelines for PM, but that will take some time if it happens.

S.


On 28/05/14 16:57, GALINDO Virginie wrote:
> Dear all,
>
> As we received our first requests for conducting security review on Web RTC and Manifest specifications, I think it is time for this IG to confirm that the tools proposed on our wiki are relevant to start security review. This is why I am calling for comments on :
>
> -          Security Review Process [1] : allowing the other groups to request security review and setting up a frame for the review and reviewer
>
> -          Security Guidelines [2] : supporting editors and chairs to fill in the Security Consideration section in their deliverable
>
> Lets give us *15 days* to collect comments on this mailing list ( I will edit those tools accordingly on the wiki).
> After that first period, those tools will be our basis for beta testing our security reviews.
> Hope to see your active contributions here.
>
> Regards,
> Virginie
> Gemalto
> Co-chair of Web Security IG
>
> [1] Security Review process
> http://www.w3.org/Security/wiki/IG/W3C_spec_review
> [2] Security Guidelines
> https://www.w3.org/Security/wiki/IG/W3C_spec_review/Security_Guideline
> s
>
> ________________________________
> This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
>
________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

Received on Monday, 2 June 2014 12:18:54 UTC