Re: "Requirements for Powerful Features" strawman.

On Fri, Nov 21, 2014 at 4:47 PM, Mark Watson <watsonm@netflix.com> wrote:
>
> The algorithm "May document use powerful features" pre-judges the kind of
> questions I asked at the end of my mail below, whilst the discussions of
> the definitions are still in progress (and particularly the definition of
> "powerful features").
>

Ah, you're talking about the algorithm names. Now I understand the concern,
thank you for explaining. I've changed these in
https://github.com/w3c/webappsec/commit/7872ee53dbe6fb1e1b92e219c4ff24e9172ff553
to "Is |document| a sufficiently secure context?" and "Is |environment
settings object| a sufficiently secure context?" respectively.


> I think it might be hard to come up with a universally agreed definition
> of "Powerful features", so by decoupling things you have option (2) in the
> meantime.
>

I'm more optimistic on this point than you seem to be, but I totally agree
with the thrust of the critique: the document currently separates the
outline of "powerful features"[1] and the requirements for secure
contexts[2] in a way that I hope now addresses your concerns.

[1]:
https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-feature-powerful
[2]: https://w3c.github.io/webappsec/specs/powerfulfeatures/#algorithms

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Friday, 21 November 2014 16:19:40 UTC