W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: "Requirements for Powerful Features" strawman.

From: Mike West <mkwst@google.com>
Date: Thu, 20 Nov 2014 21:33:25 +0100
Message-ID: <CAKXHy=dfG_qKYpaR+EbKg1727WfbWyiGs=0cg2C0bkb_1G+Vyg@mail.gmail.com>
To: Brad Hill <hillbrad@fb.com>, Chaals from Yandex <chaals@yandex-team.ru>, Mark Nottingham <mnot@mnot.net>
Cc: Chris Palmer <palmer@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Well, it's normative for the other spec, and it would go into that spec's
test suite. Service Workers check that the registration algorithm fails
over HTTP, WebCrypto does the same.

This spec, in and of itself, probably can't support a test suite.

So, it's normative but not in and of itself. It's a supporting document.

I think it's worth publishing on a rec track, but I'd be fine with it
coming out through the TAG instead. +chaals,mnot for opinions.

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Thu, Nov 20, 2014 at 8:48 PM, Brad Hill <hillbrad@fb.com> wrote:

>  No strong opinions here.  If it's normative, it probably belongs here,
> if it is non-normative, having it be a TAG finding vs. a WG Note might
> carry more impact.
>
>   From: Mike West <mkwst@google.com>
> Date: Thursday, November 20, 2014 at 11:45 AM
> To: Bradley Hill <hillbrad@fb.com>
> Cc: Chris Palmer <palmer@google.com>, "public-webappsec@w3.org" <
> public-webappsec@w3.org>
> Subject: Re: "Requirements for Powerful Features" strawman.
>
>   There are normative algorithms which I expect Service Worker, Web
> Crypto, EME, and other future specs to point to when outlining restrictions
> on their use (copy/pasted out of the MIX document, with slight
> adjustments).
>
>  There will be non-normative portions outlining which categories of
> feature ought to opt-into such restrictions and why.
>
>  WebAppSec seems like a natural home for this kind of document. If you
> think it ought to go to the TAG instead, but it seems pretty clearly
> covered by the draft charter we're all pretty happy with. :)
>
>  -mike
>
>  --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+
> <https://urldefense.proofpoint.com/v1/url?u=https://mkw.st/%2B&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=SXo0mEZ7QIs5uoV8kVnVHsGDI1Q0WaIQRYDwPz5FCK4%3D%0A&s=54b280fcd50ea6e013f0871eae41c3ba3760e017ad9e42cf8b4a34d9fa8ce3b2>, Twitter:
> @mikewest, Cell: +49 162 10 255 91
>
>  Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>
> On Thu, Nov 20, 2014 at 8:40 PM, Brad Hill <hillbrad@fb.com> wrote:
>
>> Sorry - I need to take some time and read it through, but quickly, is this
>> a normative document as extracted?  Can we write test cases and
>> demonstrate conformance?
>>
>> On 11/20/14, 11:16 AM, "Chris Palmer" <palmer@google.com> wrote:
>>
>> >On Thu, Nov 20, 2014 at 9:51 AM, Mike West <mkwst@google.com> wrote:
>> >
>> >> Seems clearly covered by "features which require a verifiably secure
>> >> environment".
>> >>
>> >> I'd prefer doing it here, but I'm easy. If folks think the TAG should
>> >> publish, I'm sure they'll be happy to do so.
>> >
>> >I'm fine with publishing it wherever and however, but I do think it
>> >should be a separate document.
>>
>>
>
Received on Thursday, 20 November 2014 20:34:15 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC