W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: "Requirements for Powerful Features" strawman.

From: Mike West <mkwst@google.com>
Date: Fri, 21 Nov 2014 17:12:56 +0100
Message-ID: <CAKXHy=e2sRS5Odwh4=BE4cLoyT6EEFzmenn0FY3h59cFQCc8BA@mail.gmail.com>
To: Mark Watson <watsonm@netflix.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@fb.com>
On Fri, Nov 21, 2014 at 4:47 PM, Mark Watson <watsonm@netflix.com> wrote:
> The algorithm "May document use powerful features" pre-judges the kind of
> questions I asked at the end of my mail below, whilst the discussions of
> the definitions are still in progress (and particularly the definition of
> "powerful features").

Ah, you're talking about the algorithm names. Now I understand the concern,
thank you for explaining. I've changed these in
to "Is |document| a sufficiently secure context?" and "Is |environment
settings object| a sufficiently secure context?" respectively.

> I think it might be hard to come up with a universally agreed definition
> of "Powerful features", so by decoupling things you have option (2) in the
> meantime.

I'm more optimistic on this point than you seem to be, but I totally agree
with the thrust of the critique: the document currently separates the
outline of "powerful features"[1] and the requirements for secure
contexts[2] in a way that I hope now addresses your concerns.

[2]: https://w3c.github.io/webappsec/specs/powerfulfeatures/#algorithms

Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 21 November 2014 16:19:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:43 UTC