Re: CORS/UMP to become joint WebApps and WebAppSec joint deliverable

On Jul 15, 2011, at 7:51 AM, Thomas Roessler wrote:

> On Jul 15, 2011, at 16:47 , Anne van Kesteren wrote:
> 
>> On Fri, 15 Jul 2011 14:43:13 +0200, Arthur Barstow <art.barstow@nokia.com> wrote:
>>> As indicated a year ago [1] and again at the end of last month [2], the proposal to create a new Web Application Security WG has moved forward with a formal AC review now underway and ending August 19.
>>> 
>>> The proposed charter includes making CORS and UMP a joint deliverable between the WebApps and WebAppSec WGs:
>>> 
>>> [[
>>> http://www.w3.org/2011/07/appsecwg-charter.html
>>> 
>>> Secure Cross-Domain Resource Sharing - Advance existing recommendations specifying mechanisms necessary for secure mashup applications, including the Cross-Origin Request Sharing (CORS) and Uniform Messaging Policy (UMP) Such recommendations will be harmonized and published as joint work with the W3C Web Applications Working Group.
>>> ]]
>> 
>> Does this mean twice as much email? 
> 
> Hope not -- the intent is that, for all intents and purposes, webappsec takes over the deliverable, but webapps needs to agree to formal publications.
> 
>> Joint deliverable seems even worse than moving it.
> 
> The goal of making this a joint deliverable is to preserve the patent commitments out of webapps.  This was a concern that came up when we proposed moving the document over to webappsec instead of making it a joint one.

Perhaps the charter should be edited to make this clear, so that AC reps will understand that Web Apps would no longer have operational control over these deliverables. (And incidentally, I don't see how that can validly be done without amending the Web Apps WG charter.)

Regards,
Maciej

Received on Monday, 1 August 2011 18:06:59 UTC