Re: "Requirements for Powerful Features" strawman. from Mike West on 2014-11-20 (public-webappsec@w3.org from November 2014)

From: Mike West <mkwst@google.com>
Date: Thu, 20 Nov 2014 18:51:47 +0100
To: Brad Hill <hillbrad@fb.com>
Cc: public-webappsec@w3.org
Message-ID: <CAKXHy=crDmes6XD5k7TMhSp7Vhrga6xjfAnaBjHYWFqw4opw9Q@mail.gmail.com>

Seems clearly covered by "features which require a verifiably secure
environment".

I'd prefer doing it here, but I'm easy. If folks think the TAG should
publish, I'm sure they'll be happy to do so.

-mike
On Nov 20, 2014 6:39 PM, "Brad Hill" <hillbrad@fb.com> wrote:

>  Do you think that "Powerful Features" belongs as a WebAppSec deliverable
> – and should be added to our draft charter – or as a TAG finding?
>
>   From: Mike West <mkwst@google.com>
> Date: Thursday, November 20, 2014 at 5:21 AM
> To: "public-webappsec@w3.org" <public-webappsec@w3.org>
> Subject: "Requirements for Powerful Features" strawman.
> Resent-From: <public-webappsec@w3.org>
> Resent-Date: Thursday, November 20, 2014 at 5:22 AM
>
>   After talking a bit more with Anne and others, I'm coming around to the
> opinion that we should break the "powerful features" bit out of MIX. In
> particular, the notion that we need to explain what constitutes a "powerful
> feature" pushes this right out of MIX in my mind; it was always tangential,
> and if we need to define the category (and I agree that we do), then MIX
> isn't the right place for it.
>
>  I've slapped together a strawman at
> https://w3c.github.io/webappsec/specs/powerfulfeatures/
> <https://urldefense.proofpoint.com/v1/url?u=https://w3c.github.io/webappsec/specs/powerfulfeatures/&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=Uny70yXyxUKM6QderEO9EitGs%2Fm7TkCqYt%2BJnGFSFSo%3D%0A&s=0fcecb0074cfb96997dfb36ca84714e3b5a266f1480943ceb8cb7d410eec3d39>
> with lots of TODO text. If folks agree that a separate document is
> worthwhile, I'll remove the copy/pasted bits from MIX, clean up the
> strawman, and issue a CfC to publish a FPWD.
>
>  Thanks!
>
>  --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+
> <https://urldefense.proofpoint.com/v1/url?u=https://mkw.st/%2B&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=Uny70yXyxUKM6QderEO9EitGs%2Fm7TkCqYt%2BJnGFSFSo%3D%0A&s=1dab00db52d0d48e6baf746f4ff9a01f6e3eced390c7139ced53ecba90e1c5f2>, Twitter:
> @mikewest, Cell: +49 162 10 255 91
>
>  Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>
>

Received on Thursday, 20 November 2014 17:52:15 UTC