- From: Brad Hill <hillbrad@gmail.com>
- Date: Tue, 17 Feb 2015 18:04:55 +0000
- To: Daniel Appelquist <dan@torgo.com>, Wendy Seltzer <wseltzer@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, TAG List <www-tag@w3.org>
- Message-ID: <CAEeYn8h18VxKbMu1+EUVOUjArEvWkMTZamJOJ=Mo-SBkO4XV6A@mail.gmail.com>
That's not exactly how I remembered it, and I'm not sure if that will address Mozilla's concerns. I think that Mozilla is correct that controversies will almost certainly arise around this kind of decision, and there is a very real tension to resolve. It's not unreasonable to be concerned about normative language coming from a group from a self-selected group with a very particular point of view being applied to override hard-fought consensus from other groups. I think this is exactly the kind of issue that the TAG is designed to address, and which, as a group elected by the membership at large, has the legitimacy to do so. I believe it makes sense for this to be delivered as a joint deliverable with the TAG, to help ensure it receives the widest possible review and "puts on notice" the W3C community that new Recommendations will be assessed against these criteria so that they can have these discussions in their own groups, early in their process. I think the expectation should be that, while non-normative, the TAG will review new Candidate Recommendations against these criteria and may object or ask a group to revisit a decision to make a feature available in insecure contexts, if it believes that the group has not diligently applied the rubric. And that the WebAppSec WG (and Security and Privacy IGs!) may be called on to assist the TAG as subject matter experts, but will not be responsible for the final decision. The language of the document will not be normative, but the consensus of the community in behalf of the Web, as represented by the TAG, will. -Brad On Tue Feb 17 2015 at 7:30:54 AM Daniel Appelquist <dan@torgo.com> wrote: > Hi Wendy - > > As captured in our raw minutes ( > http://www.w3.org/2015/02/12-tagmem-minutes.html) I believe Yan stepped > forward to play that role. I think it’s up to the WebAppSec group chairs to > determine whether that should be a co-editorship. My suggestion was to use > the packaging spec (http://www.w3.org/TR/web-packaging/) as a template > for what a joint deliverable could look like (check out the Status section > of that document). > > Dan > > On 16 Feb 2015, at 10:07, Wendy Seltzer <wseltzer@w3.org> wrote: > > Hi Dan and TAG, cc WebAppSec, > > Thanks for inviting discussion on "Requirements for Powerful Features" > at the recent TAG meeting. > > As a proposed way forward, I heard TAG express interest in working with > WebAppSec on the specification, to edit a joint product in which the > requirements for "Is [insert feature here] powerful?" could be > normative. That way, we'd combine the TAG's insight on architectural > considerations with WebAppSec's security expertise. > > If that's a correct recollection, who from the TAG would be interested > in working with WebAppSec, and how can I help to bring you on-board? > > Best, > --Wendy > > -- > Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) > Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) > http://wendy.seltzer.org/ +1.617.863.0613 (mobile) > > >
Received on Tuesday, 17 February 2015 18:05:25 UTC