W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

RE: BIKESHED: Rename "Powerful features"?

From: Crispin Cowan <crispin@microsoft.com>
Date: Wed, 18 Feb 2015 20:44:38 +0000
To: Mike West <mkwst@google.com>, Mark Watson <watsonm@netflix.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>, Yan Zhu <yzhu@yahoo-inc.com>, Brian Smith <brian@briansmith.org>
Message-ID: <BN3PR0301MB12206197A9BAA585D28EF316BD2C0@BN3PR0301MB1220.namprd03.prod.outlook.com>
How about we go to the required semantics, and then reverse-engineer a name?

I have not read the spec. Rather than giving excuses or whining about it ☺ I will use it as a forcing function: someone plese post no more than 100 words why some “powerful” features need Foo treatment, and other “!powerful” features need bar treatment. From there we hopefully can derive a good name for this feature property.

Why 100 words? If it takes more than that, then I submit the concept isn’t baked yet.

From: Mike West [mailto:mkwst@google.com]
Sent: Wednesday, February 18, 2015 8:03 AM
To: Mark Watson
Cc: public-webappsec@w3.org; Yan Zhu; Crispin Cowan; Brian Smith
Subject: Re: BIKESHED: Rename "Powerful features"?

On Wed, Feb 18, 2015 at 4:49 PM, Mark Watson <watsonm@netflix.com<mailto:watsonm@netflix.com>> wrote:
I'm sorry you feel this is a "bikeshed"

That was supposed to be a joke. :) I thought your concerns were reasonable, and I think it's worth bringing them back to the group explicitly.

- the objective is to *avoid* future pointless nebulous discussions of the kind "is X 'powerful' ?" in favor of a more concrete "does X require a secure context ?". "Secure context" is a term we can own and define rigorously, "powerful" is not.

I think you underestimate the ability of people to argue about terms. :) "Secure" is certainly something that folks can and will debate. See, for instance, the long, long threads discussing opportunistic encryption. Is that secure? I certainly have an opinion, and I know completely reasonable folks who completely disagree with me.

You could reasonably drop the qualifier "sufficiently" on the grounds that we don't generally bother writing specs for things that are "insufficient" and you could name the section "Features requiring secure contexts".

I think at some point we need to accept that we're defining a term. If it's the case that defining "sufficiently secure" is as likely to cause debate as defining "powerful feature", then let's leave things as they are, because "POWER" is a totally radical name for a spec.

--
Mike West <mkwst@google.com<mailto:mkwst@google.com>>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 18 February 2015 20:45:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC