- From: Mark Nottingham <mnot@mnot.net>
- Date: Sun, 23 Nov 2014 19:35:00 +1100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Mike West <mkwst@google.com>, Daniel Appelquist <appelquist@gmail.com>, Brad Hill <hillbrad@fb.com>, Chaals from Yandex <chaals@yandex-team.ru>, Chris Palmer <palmer@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
> On 21 Nov 2014, at 6:49 pm, Anne van Kesteren <annevk@annevk.nl> wrote: > > On Thu, Nov 20, 2014 at 9:42 PM, Mark Nottingham <mnot@mnot.net> wrote: >> My .02 - I think this needs to be a TAG finding for visibility, but REC track has charms too; maybe a joint deliverable makes sense. Adding Dan for his thoughts. > > Given that it's something that needs to be implemented, it seems > highly inappropriate as finding. Yes, we came to the same conclusion. I think a finding, if we produce one, would be a high-level policy-ish document; WebAppSec would define the implementation (presumably with TAG input). See update: https://gist.github.com/mnot/38df717849b775eec3a4 Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Sunday, 23 November 2014 08:35:30 UTC