W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: "Requirements for Powerful Features" strawman.

From: Mark Watson <watsonm@netflix.com>
Date: Thu, 20 Nov 2014 12:58:17 -0800
Message-ID: <CAEnTvdDCX0h_WLs62eQsWGk4ZR0Wo+6qQy_25r+PneDxXDOeBA@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Brad Hill <hillbrad@fb.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Nov 20, 2014 at 9:51 AM, Mike West <mkwst@google.com> wrote:

> Seems clearly covered by "features which require a verifiably secure
> environment".
>
​As per my other comment, I think language like this would be a much better
​- more precise, less judgmental - than "powerful".

Btw, I'm not sure WebCrypto is good to include as an example, since the
WebCrypto WG decided at TPAC not to require an authenticated origin
(although the bug is still marked as open).

...Mark




> I'd prefer doing it here, but I'm easy. If folks think the TAG should
> publish, I'm sure they'll be happy to do so.
>
> -mike
> On Nov 20, 2014 6:39 PM, "Brad Hill" <hillbrad@fb.com> wrote:
>
>>  Do you think that "Powerful Features" belongs as a WebAppSec
>> deliverable – and should be added to our draft charter – or as a TAG
>> finding?
>>
>>   From: Mike West <mkwst@google.com>
>> Date: Thursday, November 20, 2014 at 5:21 AM
>> To: "public-webappsec@w3.org" <public-webappsec@w3.org>
>> Subject: "Requirements for Powerful Features" strawman.
>> Resent-From: <public-webappsec@w3.org>
>> Resent-Date: Thursday, November 20, 2014 at 5:22 AM
>>
>>   After talking a bit more with Anne and others, I'm coming around to
>> the opinion that we should break the "powerful features" bit out of MIX. In
>> particular, the notion that we need to explain what constitutes a "powerful
>> feature" pushes this right out of MIX in my mind; it was always tangential,
>> and if we need to define the category (and I agree that we do), then MIX
>> isn't the right place for it.
>>
>>  I've slapped together a strawman at
>> https://w3c.github.io/webappsec/specs/powerfulfeatures/
>> <https://urldefense.proofpoint.com/v1/url?u=https://w3c.github.io/webappsec/specs/powerfulfeatures/&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=Uny70yXyxUKM6QderEO9EitGs%2Fm7TkCqYt%2BJnGFSFSo%3D%0A&s=0fcecb0074cfb96997dfb36ca84714e3b5a266f1480943ceb8cb7d410eec3d39>
>> with lots of TODO text. If folks agree that a separate document is
>> worthwhile, I'll remove the copy/pasted bits from MIX, clean up the
>> strawman, and issue a CfC to publish a FPWD.
>>
>>  Thanks!
>>
>>  --
>> Mike West <mkwst@google.com>
>> Google+: https://mkw.st/+
>> <https://urldefense.proofpoint.com/v1/url?u=https://mkw.st/%2B&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=Uny70yXyxUKM6QderEO9EitGs%2Fm7TkCqYt%2BJnGFSFSo%3D%0A&s=1dab00db52d0d48e6baf746f4ff9a01f6e3eced390c7139ced53ecba90e1c5f2>, Twitter:
>> @mikewest, Cell: +49 162 10 255 91
>>
>>  Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
>> Registergericht und -nummer: Hamburg, HRB 86891
>> Sitz der Gesellschaft: Hamburg
>> Geschäftsführer: Graham Law, Christine Elizabeth Flores
>> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>>
>>
Received on Thursday, 20 November 2014 20:58:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC