- From: Mike West <mkwst@google.com>
- Date: Wed, 18 Feb 2015 15:04:56 +0100
- To: Wendy Seltzer <wseltzer@w3.org>
- Cc: Yan Zhu <yzhu@yahoo-inc.com>, Brad Hill <hillbrad@gmail.com>, Daniel Appelquist <dan@torgo.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, TAG List <www-tag@w3.org>
- Message-ID: <CAKXHy=dBvXn7iq5gri=+JSinUttxV_AjMkvsDYyLXW+4FrObbw@mail.gmail.com>
I'd be happy to have Yan help out with the document! I've added her to the document in https://github.com/w3c/webappsec/commit/90a27a3b54b985b3469b6e63a0869115beae9e9b . What changes do we need to WebAppSec's charter to enable this kind of cooperation? If there's copy/pastable boilerplate, I'm happy to do the copy/pasting. -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Wed, Feb 18, 2015 at 2:39 PM, Wendy Seltzer <wseltzer@w3.org> wrote: > Thanks Yan and Brad, > +mkwst as current editor > > Who wants to take the next action to propose a charter amendment and > description of work-mode? > > --Wendy > > > On 02/17/2015 02:52 PM, Yan Zhu wrote: > > I am happy with Brad's proposal that the TAG review new CRs against the > criteria in the Powerful Features document [1] and raise objections with > the working groups accordingly. I have no opinion on whether the language > is normative or not. > > > > As Daniel Appelquist mentioned, I volunteered on behalf of TAG to become > a co-editor of the Powerful Features document if that is what webappsec > would prefer. I am also fine with just shepherding recommendation reviews > through the TAG. > > [1] http://www.w3.org/TR/powerful-features/#is-feature-powerful > > > > On Tuesday, February 17, 2015 10:07 AM, Brad Hill <hillbrad@gmail.com> > wrote: > > > > > > > > That's not exactly how I remembered it, and I'm not sure if that will > address Mozilla's concerns. > > > > I think that Mozilla is correct that controversies will almost certainly > arise around this kind of decision, and there is a very real tension to > resolve. It's not unreasonable to be concerned about normative language > coming from a group from a self-selected group with a very particular point > of view being applied to override hard-fought consensus from other groups. > > > > I think this is exactly the kind of issue that the TAG is designed to > address, and which, as a group elected by the membership at large, has the > legitimacy to do so. > > > > I believe it makes sense for this to be delivered as a joint deliverable > with the TAG, to help ensure it receives the widest possible review and > "puts on notice" the W3C community that new Recommendations will be > assessed against these criteria so that they can have these discussions in > their own groups, early in their process. > > > > I think the expectation should be that, while non-normative, the TAG > will review new Candidate Recommendations against these criteria and may > object or ask a group to revisit a decision to make a feature available in > insecure contexts, if it believes that the group has not diligently applied > the rubric. And that the WebAppSec WG (and Security and Privacy IGs!) may > be called on to assist the TAG as subject matter experts, but will not be > responsible for the final decision. > > > > The language of the document will not be normative, but the consensus of > the community in behalf of the Web, as represented by the TAG, will. > > > > -Brad > > > > > > On Tue Feb 17 2015 at 7:30:54 AM Daniel Appelquist <dan@torgo.com> > wrote: > > > > Hi Wendy - > >> > >> > >> As captured in our raw minutes ( > http://www.w3.org/2015/02/12-tagmem-minutes.html) I believe Yan stepped > forward to play that role. I think it’s up to the WebAppSec group chairs to > determine whether that should be a co-editorship. My suggestion was to use > the packaging spec (http://www.w3.org/TR/web-packaging/) as a template > for what a joint deliverable could look like (check out the Status section > of that document). > >> > >> > >> Dan > >> > >> > >> On 16 Feb 2015, at 10:07, Wendy Seltzer <wseltzer@w3.org> wrote: > >>> > >>> Hi Dan and TAG, cc WebAppSec, > >>> > >>> Thanks for inviting discussion on "Requirements for Powerful Features" > >>> at the recent TAG meeting. > >>> > >>> As a proposed way forward, I heard TAG express interest in working with > >>> WebAppSec on the specification, to edit a joint product in which the > >>> requirements for "Is [insert feature here] powerful?" could be > >>> normative. That way, we'd combine the TAG's insight on architectural > >>> considerations with WebAppSec's security expertise. > >>> > >>> If that's a correct recollection, who from the TAG would be interested > >>> in working with WebAppSec, and how can I help to bring you on-board? > >>> > >>> Best, > >>> --Wendy > >>> > >>> -- > >>> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) > >>> Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) > >>> http://wendy.seltzer.org/ +1.617.863.0613 (mobile) > >>> > >>> > >> > > > > > -- > Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) > Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) > http://wendy.seltzer.org/ +1.617.863.0613 (mobile) > >
Received on Wednesday, 18 February 2015 14:05:46 UTC