Re: "Requirements for Powerful Features" strawman.

Interesting timing. The TAG has just started discussing this; it was the topic for our call a few hours ago (I didn’t make it, as it was 5am here).

We have a strawman document here:
  https://gist.github.com/mnot/38df717849b775eec3a4

My .02 - I think this needs to be a TAG finding for visibility, but REC track has charms too; maybe a joint deliverable makes sense. Adding Dan for his thoughts.

Cheers,


> On 21 Nov 2014, at 7:33 am, Mike West <mkwst@google.com> wrote:
> 
> Well, it's normative for the other spec, and it would go into that spec's test suite. Service Workers check that the registration algorithm fails over HTTP, WebCrypto does the same.
> 
> This spec, in and of itself, probably can't support a test suite.
> 
> So, it's normative but not in and of itself. It's a supporting document.
> 
> I think it's worth publishing on a rec track, but I'd be fine with it coming out through the TAG instead. +chaals,mnot for opinions.
> 
> -mike
> 
> --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
> 
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
> 
> On Thu, Nov 20, 2014 at 8:48 PM, Brad Hill <hillbrad@fb.com> wrote:
> No strong opinions here.  If it's normative, it probably belongs here, if it is non-normative, having it be a TAG finding vs. a WG Note might carry more impact.
> 
> From: Mike West <mkwst@google.com>
> Date: Thursday, November 20, 2014 at 11:45 AM
> To: Bradley Hill <hillbrad@fb.com>
> Cc: Chris Palmer <palmer@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
> Subject: Re: "Requirements for Powerful Features" strawman.
> 
> There are normative algorithms which I expect Service Worker, Web Crypto, EME, and other future specs to point to when outlining restrictions on their use (copy/pasted out of the MIX document, with slight adjustments).
> 
> There will be non-normative portions outlining which categories of feature ought to opt-into such restrictions and why.
> 
> WebAppSec seems like a natural home for this kind of document. If you think it ought to go to the TAG instead, but it seems pretty clearly covered by the draft charter we're all pretty happy with. :)
> 
> -mike
> 
> --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
> 
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
> 
> On Thu, Nov 20, 2014 at 8:40 PM, Brad Hill <hillbrad@fb.com> wrote:
> Sorry - I need to take some time and read it through, but quickly, is this
> a normative document as extracted?  Can we write test cases and
> demonstrate conformance?
> 
> On 11/20/14, 11:16 AM, "Chris Palmer" <palmer@google.com> wrote:
> 
> >On Thu, Nov 20, 2014 at 9:51 AM, Mike West <mkwst@google.com> wrote:
> >
> >> Seems clearly covered by "features which require a verifiably secure
> >> environment".
> >>
> >> I'd prefer doing it here, but I'm easy. If folks think the TAG should
> >> publish, I'm sure they'll be happy to do so.
> >
> >I'm fine with publishing it wherever and however, but I do think it
> >should be a separate document.
> 
> 
> 

--
Mark Nottingham   http://www.mnot.net/

Received on Thursday, 20 November 2014 20:42:47 UTC