Re: Note review point - Scoping non-UI recs from Mary Ellen Zurko on 2007-04-06 (public-wsc-wg@w3.org from April 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Fri, 6 Apr 2007 09:35:25 -0400
To: "Johnathan Nightingale <johnath" <johnath@mozilla.com>
Cc: W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
Message-ID: <OF408D93F5.EE429CEA-ON852572B5.004A0599-852572B5.004AA720@LocalDomain>

Section 5.4 says it's out of scope (at least that's my reading). That's 
one of the reasons all active participants need to review wsc-usecases; so 
we're sure we get understanding and concensus on large items like this and 
don't circle around. 

As part of your review, you or anyone else can pushback on that item (or 
claim it needs further clarification and propose how it should be 
clarified). 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




Johnathan Nightingale <johnath@mozilla.com> 
Sent by: public-wsc-wg-request@w3.org
04/04/2007 11:03 AM

To
W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
cc

Subject
Note review point - Scoping non-UI recs







Just one thing I wanted to raise for discussion, from my last review 
of the note.

Scope (§4 & §5)

It is not clear to me from the content on scoping whether we consider 
recommendations that don't require UI as being in-scope.  Example:

    There is conversation in the community around mozilla supporting 
a "noscript" tag that would allow sites like myspace to disable 
javascript execution on sites with user-supplied content.  There 
wouldn't be any UI hit here, the user agent would just quietly not 
execute potentially-dangerous code.

Putting aside the question of whether this particular recommendation 
would fall afoul of the "no introducing new technology" section 5.4, 
it seems like "user agents quietly fixing things" might be a fertile 
ground for recommendations.  Indeed, my own opinion is that a lot of 
web security issues are best handled quietly by the user agent 
instead of putting confusing information or questions to the user.

Does the group consider this kind of recommendation to be in scope, 
or do we concern ourselves only with interactions that explicitly 
include information/questions for the user?  In either event, it 
might be worthwhile to introduce clarifying language.  If a consensus 
is reached for or against, I will take an action to propose a text 
change to the group.

Cheers,

Johnathan

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com

Received on Friday, 6 April 2007 13:35:33 UTC