- From: Brad Hill <hillbrad@gmail.com>
- Date: Wed, 17 Sep 2014 15:11:28 -0700
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
It's that time again - the WebAppSec WG's charter has expired and we are operating under a temporary extension. We'll devote some of our TPAC agenda time to revisiting the charter, but now is the time to start thinking about what work we'd like to be doing in the next year or two and make suggestions to the list. (perhaps this, for exmaple? http://blog.joelweinberger.us/2013/08/suborigins-for-privilege-separation-in.html ) There is also charter drafting and related work going on in other areas where we may want to have joint deliverables or take on projects. The discussions related to the recent Web Cryptography Next Steps workshop is happening on pubic-web-security@w3.org: To join the mailing list, please send an email to: public-web-security-request@w3.org with the subject "subscribe" Also, there's been work going on about permissions models that may be relevant, see the message included immediately below that may be of interest. -Brad ---- Message original ---- Objet : Update on permissions Envoyé : 17 sept. 2014 15:48 De : Dominique Hazael-Massieux <dom@w3.org> À : public-web-mobile@w3.org Cc : dsr@w3.org Hi, As you may know, there has been quite a bit of work around permissions recently. Two weeks ago, the SysApps Working Group organized a meeting on this very topic; the minutes of that meeting are available at: http://www.w3.org/2014/07/permissions/minutes Among the identified next steps, I've noted: * work on documenting the existing practices of managing permissions across Web APIs (on which I've committed to work, hopefully with help from others) * a TPAC break out session on the topic * proposed work (in WebApps? DAP?) on a permissions detection API http://lists.w3.org/Archives/Public/public-webapps/2014JulSep/0389.html I also gave a presentation last week at the Extensible Web Summit on this topic, based on the research I had started earlier this year (and that I completed a bit for that occasion): https://www.w3.org/2014/Talks/dhm-permissions/ https://github.com/dontcallmedom/web-permissions-req/ This led to a break out session that was minuted at: http://oksoclap.com/p/ews-berlin-permissionsSession which pointed toward some further ideas on how to simplify the management of permissions. Dom
Received on Wednesday, 17 September 2014 22:11:59 UTC