Re: Formalizing requirements for specification changes. from Simone Onofri on 2025-12-04 (public-webappsec@w3.org from December 2025)

From: Simone Onofri <simone@w3.org>
Date: Thu, 4 Dec 2025 12:27:14 +0100
To: Mike West <mkwst@google.com>
Cc: Web Application Security Working Group <public-webappsec@w3.org>, Dan Veditz <dveditz@mozilla.com>
Message-Id: <9278971D-4805-4717-AC61-B2AA551F6A54@w3.org>

Hi Mike,

thank you for the reminder, I was discussing this with Francios - which is responsible for the process execution - and there are few comments:
 - As per the charter, we should use Software and Document License
 - It can be important to add other success criteria listed in the chatert (e.g., security, privacy, accessibility, internationalization, etc.), following the design principles from the TAG


Can we invite him to the next call for further details?

Thanks,

Simone


> On 4 Dec 2025, at 09:17, Mike West <mkwst@google.com> wrote:
> 
> Hey folks!
> 
> I'm pinging this thread for visibility after the US holidays. In the absence of objections or substantive feedback, I plan to push the templates sketched in https://github.com/mikewest/webappsec-templates/tree/main to WebAppSec's repositories on Monday. I'd appreciate y'all weighing in, either positively or negatively, on https://github.com/w3c/webappsec/issues/688. :)
> 
> Thanks!
> 
> -mike
> 
> 
> On Thu, Nov 27, 2025 at 11:50 AM Mike West <mkwst@google.com> wrote:
> After some more discussion at TPAC, I think we landed on general agreement in the room that it would be reasonable to formalize requirements for specifications we think have moved beyond incubation into a more "living" model, and also that leaning heavily on WHATWG's well-proven templates was probably a good idea.
> To that end, I put https://github.com/mikewest/webappsec-templates/tree/main together as a demonstration of a proposal for us to add to specs' repositories. It does ~3 things:
>     • Creates a template for pull requests that asks for signals from browser engines, web platform tests, bugs to be filed against implementers, and a bug to be filed against MDN.
>     • Creates two issue templates: one for "issues", another for "features". This division seems quite helpful for WHATWG specs, and I think it's reasonable to push our specs in the same direction.
>     • Additions to our CONTRIBUTING.md that make those requirements clear.
> Based on our experience with Subresource Integrity, I'd suggest that we merge these templates into most* of our specs.
> WDYT? https://github.com/w3c/webappsec/issues/688 would be a fantastic place to weigh in.
> *DBSC is the only one that seems to me to still be in enough flux that it might benefit from a lower bar, but I'd ask that specification's editors to weigh in on that).
> -mike

Received on Thursday, 4 December 2025 11:27:47 UTC