Re: Question re: Comments USE-Cases from Mary Ellen Zurko on 2007-04-04 (public-wsc-wg@w3.org from April 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Wed, 4 Apr 2007 09:33:18 -0400
To: ryonaitis@hisoftware.com
Cc: public-wsc-wg@w3.org
Message-ID: <OF7E8F0667.CE2BC853-ON852572B3.004A393A-852572B3.004A770B@LocalDomain>

Hi Robert,
I know that the IETF (another standards type body) defines words like MUST 
and SHOULD in their documents. I don't know if W3C does along those lines, 
if anything. It's my impression that standards need to use strong words 
when referring to what is required to claim compliance with a standard. 
This is "just" a note, not a recommendation, but strong statement still 
seem called for, imo. 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




"Robert Yonaitis" <ryonaitis@hisoftware.com> 
Sent by: public-wsc-wg-request@w3.org
04/03/2007 02:43 PM

To
<public-wsc-wg@w3.org>
cc

Subject
Question re: Comments USE-Cases






Hello All:
 
It appears that my posts are going through to the list now and to 
celebrate this fact I will ask a question. I have been reviewing the 
document  http://www.w3.org/TR/wsc-usecases/   Section six (6) says USE 
cases and there have been comments regarding other sections. So for my 
question: Should one be commenting on the full : "Web Security Experience, 
Indicators and Trust: Scope and Use Cases" document?  If so here is my 
first comment, I am not sure if this is a editing question or a goals 
question.
 
 
2.2 Relevance of security information
The Working Group will analyze common use cases to determine what security 
information a user requires to proceed safely and recommend security 
information that should, or should not, be presented in each case.
 
When we say "What security information a user requires to proceed" isn't 
this a bit to strong, could this not create the presumption of liability 
for people working on this document. Wouldn't it be better to say 
something more vague:
 
"what security information a user at least in part requires to proceed 
safely"
 
** Note I am not a lawyer, but the word requires (the way it was used) 
seems to strong to me.
 
 
 
Thanks,
 
 
Robert B Yonaitis
Founder and CTO
HiSoftware
http://www.hisoftware.com/co/yonaitis.htm 
603-496-7414
 



The information in this transmittal (including attachments, if any) is 
privileged and confidential and is intended only for the recipient(s) 
listed above.  Any review, use, disclosure, distribution or copying of 
this transmittal is prohibited except by or on behalf of the intended 
recipient.  If you have received this transmittal in error, please notify 
me immediately by reply email and destroy all copies of the transmittal. 
Thank you.

Received on Wednesday, 4 April 2007 13:33:25 UTC