Re: "Requirements for Powerful Features" strawman.

There are normative algorithms which I expect Service Worker, Web Crypto,
EME, and other future specs to point to when outlining restrictions on
their use (copy/pasted out of the MIX document, with slight adjustments).

There will be non-normative portions outlining which categories of feature
ought to opt-into such restrictions and why.

WebAppSec seems like a natural home for this kind of document. If you think
it ought to go to the TAG instead, but it seems pretty clearly covered by
the draft charter we're all pretty happy with. :)


Mike West <>
Google+:, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Thu, Nov 20, 2014 at 8:40 PM, Brad Hill <> wrote:

> Sorry - I need to take some time and read it through, but quickly, is this
> a normative document as extracted?  Can we write test cases and
> demonstrate conformance?
> On 11/20/14, 11:16 AM, "Chris Palmer" <> wrote:
> >On Thu, Nov 20, 2014 at 9:51 AM, Mike West <> wrote:
> >
> >> Seems clearly covered by "features which require a verifiably secure
> >> environment".
> >>
> >> I'd prefer doing it here, but I'm easy. If folks think the TAG should
> >> publish, I'm sure they'll be happy to do so.
> >
> >I'm fine with publishing it wherever and however, but I do think it
> >should be a separate document.

Received on Thursday, 20 November 2014 19:45:58 UTC