- From: Brad Hill <hillbrad@fb.com>
- Date: Thu, 20 Nov 2014 19:48:52 +0000
- To: Mike West <mkwst@google.com>
- CC: Chris Palmer <palmer@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <D0938570.1436%hillbrad@fb.com>
No strong opinions here. If it's normative, it probably belongs here, if it is non-normative, having it be a TAG finding vs. a WG Note might carry more impact. From: Mike West <mkwst@google.com<mailto:mkwst@google.com>> Date: Thursday, November 20, 2014 at 11:45 AM To: Bradley Hill <hillbrad@fb.com<mailto:hillbrad@fb.com>> Cc: Chris Palmer <palmer@google.com<mailto:palmer@google.com>>, "public-webappsec@w3.org<mailto:public-webappsec@w3.org>" <public-webappsec@w3.org<mailto:public-webappsec@w3.org>> Subject: Re: "Requirements for Powerful Features" strawman. There are normative algorithms which I expect Service Worker, Web Crypto, EME, and other future specs to point to when outlining restrictions on their use (copy/pasted out of the MIX document, with slight adjustments). There will be non-normative portions outlining which categories of feature ought to opt-into such restrictions and why. WebAppSec seems like a natural home for this kind of document. If you think it ought to go to the TAG instead, but it seems pretty clearly covered by the draft charter we're all pretty happy with. :) -mike -- Mike West <mkwst@google.com<mailto:mkwst@google.com>> Google+: https://mkw.st/+<https://urldefense.proofpoint.com/v1/url?u=https://mkw.st/%2B&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=SXo0mEZ7QIs5uoV8kVnVHsGDI1Q0WaIQRYDwPz5FCK4%3D%0A&s=54b280fcd50ea6e013f0871eae41c3ba3760e017ad9e42cf8b4a34d9fa8ce3b2>, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Thu, Nov 20, 2014 at 8:40 PM, Brad Hill <hillbrad@fb.com<mailto:hillbrad@fb.com>> wrote: Sorry - I need to take some time and read it through, but quickly, is this a normative document as extracted? Can we write test cases and demonstrate conformance? On 11/20/14, 11:16 AM, "Chris Palmer" <palmer@google.com<mailto:palmer@google.com>> wrote: >On Thu, Nov 20, 2014 at 9:51 AM, Mike West <mkwst@google.com<mailto:mkwst@google.com>> wrote: > >> Seems clearly covered by "features which require a verifiably secure >> environment". >> >> I'd prefer doing it here, but I'm easy. If folks think the TAG should >> publish, I'm sure they'll be happy to do so. > >I'm fine with publishing it wherever and however, but I do think it >should be a separate document.
Received on Thursday, 20 November 2014 19:49:19 UTC