W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

[webappsec] Re-chartering discussions at TPAC

From: Brad Hill <hillbrad@gmail.com>
Date: Wed, 17 Sep 2014 15:11:28 -0700
Message-ID: <CAEeYn8hnum+LEUZEz86obessM3CiJ6wAoDE-tJRZ92ncKA06tw@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
It's that time again - the WebAppSec WG's charter has expired and we
are operating under a temporary extension.

We'll devote some of our TPAC agenda time to revisiting the charter,
but now is the time to start thinking about what work we'd like to be
doing in the next year or two and make suggestions to the list.
(perhaps this, for exmaple?
http://blog.joelweinberger.us/2013/08/suborigins-for-privilege-separation-in.html
)

There is also charter drafting and related work going on in other
areas where we may want to have joint deliverables or take on
projects.  The discussions related to the recent Web Cryptography Next
Steps workshop is happening on pubic-web-security@w3.org:

To join the mailing list, please send an email to:

public-web-security-request@w3.org

with the subject "subscribe"

Also, there's been work going on about permissions models that may be
relevant, see the message included immediately below that may be of
interest.

-Brad


---- Message original ----
Objet : Update on permissions
Envoyé : 17 sept. 2014 15:48
De : Dominique Hazael-Massieux <dom@w3.org>
À : public-web-mobile@w3.org
Cc : dsr@w3.org



Hi,

As you may know, there has been quite a bit of work around permissions
recently.

Two weeks ago, the SysApps Working Group organized a meeting on this
very topic; the minutes of that meeting are available at:
http://www.w3.org/2014/07/permissions/minutes

Among the identified next steps, I've noted:
* work on documenting the existing practices of managing permissions
across Web APIs (on which I've committed to work, hopefully with help
from others)

* a TPAC break out session on the topic

* proposed work (in WebApps? DAP?) on a permissions detection API
http://lists.w3.org/Archives/Public/public-webapps/2014JulSep/0389.html

I also gave a presentation last week at the Extensible Web Summit on
this topic, based on the research I had started earlier this year (and
that I completed a bit for that occasion):
https://www.w3.org/2014/Talks/dhm-permissions/
https://github.com/dontcallmedom/web-permissions-req/

This led to a break out session that was minuted at:
http://oksoclap.com/p/ews-berlin-permissionsSession which pointed toward
some further ideas on how to simplify the management of permissions.

Dom
Received on Wednesday, 17 September 2014 22:11:59 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC