Re: Follow-up to TAG meeting on Powerful Features

I'd be happy to have Yan help out with the document! I've added her to the
document in
https://github.com/w3c/webappsec/commit/90a27a3b54b985b3469b6e63a0869115beae9e9b
.

What changes do we need to WebAppSec's charter to enable this kind of
cooperation? If there's copy/pastable boilerplate, I'm happy to do the
copy/pasting.

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Wed, Feb 18, 2015 at 2:39 PM, Wendy Seltzer <wseltzer@w3.org> wrote:

> Thanks Yan and Brad,
> +mkwst as current editor
>
> Who wants to take the next action to propose a charter amendment and
> description of work-mode?
>
> --Wendy
>
>
> On 02/17/2015 02:52 PM, Yan Zhu wrote:
> > I am happy with Brad's proposal that the TAG review new CRs against the
> criteria in the Powerful Features document [1] and raise objections with
> the working groups accordingly. I have no opinion on whether the language
> is normative or not.
> >
> > As Daniel Appelquist mentioned, I volunteered on behalf of TAG to become
> a co-editor of the Powerful Features document if that is what webappsec
> would prefer. I am also fine with just shepherding recommendation reviews
> through the TAG.
> > [1] http://www.w3.org/TR/powerful-features/#is-feature-powerful
> >
> > On Tuesday, February 17, 2015 10:07 AM, Brad Hill <hillbrad@gmail.com>
> wrote:
> >
> >
> >
> > That's not exactly how I remembered it, and I'm not sure if that will
> address Mozilla's concerns.
> >
> > I think that Mozilla is correct that controversies will almost certainly
> arise around this kind of decision, and there is a very real tension to
> resolve.  It's not unreasonable to be concerned about normative language
> coming from a group from a self-selected group with a very particular point
> of view being applied to override hard-fought consensus from other groups.
> >
> > I think this is exactly the kind of issue that the TAG is designed to
> address, and which, as a group elected by the membership at large, has the
> legitimacy to do so.
> >
> > I believe it makes sense for this to be delivered as a joint deliverable
> with the TAG, to help ensure it receives the widest possible review and
> "puts on notice" the W3C community that new Recommendations will be
> assessed against these criteria so that they can have these discussions in
> their own groups, early in their process.
> >
> > I think the expectation should be that, while non-normative, the TAG
> will review new Candidate Recommendations against these criteria and may
> object or ask a group to revisit a decision to make a feature available in
> insecure contexts, if it believes that the group has not diligently applied
> the rubric.  And that the WebAppSec WG (and Security and Privacy IGs!) may
> be called on to assist the TAG as subject matter experts, but will not be
> responsible for the final decision.
> >
> > The language of the document will not be normative, but the consensus of
> the community in behalf of the Web, as represented by the TAG, will.
> >
> > -Brad
> >
> >
> > On Tue Feb 17 2015 at 7:30:54 AM Daniel Appelquist <dan@torgo.com>
> wrote:
> >
> > Hi Wendy -
> >>
> >>
> >> As captured in our raw minutes (
> http://www.w3.org/2015/02/12-tagmem-minutes.html) I believe Yan stepped
> forward to play that role. I think it’s up to the WebAppSec group chairs to
> determine whether that should be a co-editorship. My suggestion was to use
> the packaging spec (http://www.w3.org/TR/web-packaging/) as a template
> for what a joint deliverable could look like (check out the Status section
> of that document).
> >>
> >>
> >> Dan
> >>
> >>
> >> On 16 Feb 2015, at 10:07, Wendy Seltzer <wseltzer@w3.org> wrote:
> >>>
> >>> Hi Dan and TAG, cc WebAppSec,
> >>>
> >>> Thanks for inviting discussion on "Requirements for Powerful Features"
> >>> at the recent TAG meeting.
> >>>
> >>> As a proposed way forward, I heard TAG express interest in working with
> >>> WebAppSec on the specification, to edit a joint product in which the
> >>> requirements for "Is [insert feature here] powerful?" could be
> >>> normative. That way, we'd combine the TAG's insight on architectural
> >>> considerations with WebAppSec's security expertise.
> >>>
> >>> If that's a correct recollection, who from the TAG would be interested
> >>> in working with WebAppSec, and how can I help to bring you on-board?
> >>>
> >>> Best,
> >>> --Wendy
> >>>
> >>> --
> >>> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
> >>> Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
> >>> http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
> >>>
> >>>
> >>
> >
>
>
> --
> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
> Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
> http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
>
>

Received on Wednesday, 18 February 2015 14:05:46 UTC