Re: Note review point - Scoping non-UI recs from Johnathan Nightingale on 2007-04-09 (public-wsc-wg@w3.org from April 2007)

From: Johnathan Nightingale <johnath@mozilla.com>
Date: Mon, 9 Apr 2007 10:15:12 -0700
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
Message-Id: <BE1B5119-957A-4B17-B833-2B399020449A@mozilla.com>

Please do mark me as a "have".  And I take your point about scoping  
and section 5.4 - on further reading it's pretty clearly out of our  
scope.  Still a nice idea, but not for our recs.  :)

Cheers,

J

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com



On 6-Apr-07, at 6:26 AM, Mary Ellen Zurko wrote:

>
> I overlooked this mail when I raised issue 25:
>
> http://www.w3.org/2006/WSC/Group/track/issues/25
>
> Is this your review? If so, I'll make you a "have".
>
>           Mez
>
> Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
> Lotus/WPLC Security Strategy and Patent Innovation Architect
>
>
>
> Johnathan Nightingale <johnath@mozilla.com>
> Sent by: public-wsc-wg-request@w3.org
> 04/04/2007 11:03 AM
>
> To
> W3C WSC W3C WSC Public <public-wsc-wg@w3.org>
> cc
> Subject
> Note review point - Scoping non-UI recs
>
>
>
>
>
>
> Just one thing I wanted to raise for discussion, from my last review
> of the note.
>
> Scope (§4 & §5)
>
> It is not clear to me from the content on scoping whether we consider
> recommendations that don't require UI as being in-scope.  Example:
>
>    There is conversation in the community around mozilla supporting
> a "noscript" tag that would allow sites like myspace to disable
> javascript execution on sites with user-supplied content.  There
> wouldn't be any UI hit here, the user agent would just quietly not
> execute potentially-dangerous code.
>
> Putting aside the question of whether this particular recommendation
> would fall afoul of the "no introducing new technology" section 5.4,
> it seems like "user agents quietly fixing things" might be a fertile
> ground for recommendations.  Indeed, my own opinion is that a lot of
> web security issues are best handled quietly by the user agent
> instead of putting confusing information or questions to the user.
>
> Does the group consider this kind of recommendation to be in scope,
> or do we concern ourselves only with interactions that explicitly
> include information/questions for the user?  In either event, it
> might be worthwhile to introduce clarifying language.  If a consensus
> is reached for or against, I will take an action to propose a text
> change to the group.
>
> Cheers,
>
> Johnathan
>
> ---
> Johnathan Nightingale
> Human Shield
> johnath@mozilla.com
>
>
>
>
>

Received on Monday, 9 April 2007 17:15:29 UTC