Re: ISSUE-47: define extension interface for content-scanning tools (public comment) from Mary Ellen Zurko on 2007-04-18 (public-wsc-wg@w3.org from April 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Wed, 18 Apr 2007 16:44:26 -0400
To: Web Security Context WG <public-wsc-wg@w3.org>
Message-ID: <OFB0133123.3EB670A7-ON852572C1.0071E9BA-852572C1.0071F1B5@LocalDomain>

Identical to ISSUE-46 - cut and paste error. 

          Mez

Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
Lotus/WPLC Security Strategy and Patent Innovation Architect




Web Security Context Issue Tracker <dean+cgi@w3.org> 
Sent by: public-wsc-wg-request@w3.org
04/16/2007 06:46 AM
Please respond to
Web Security Context WG <public-wsc-wg@w3.org>


To
public-wsc-wg@w3.org
cc

Subject
ISSUE-47: define extension interface for content-scanning tools (public 
comment)








ISSUE-47: define extension interface for content-scanning tools (public 
comment)

http://www.w3.org/2006/WSC/Group/track/issues/47

Raised by: Bill Doyle
On product: Note: use cases etc.

>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.org

http://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html

define extension interface for content-scanning tools 
where it says, in 5.5 Content based detection
The Working Group will not recommend any checks on
   the content served by web sites.
please consider
I don't think that you mean people shouldn't check signatures on signed 
content.  What I think that you mean is that the filter queries or trip 
thresholds
for statistical techniques such as you discuss will not be published by 
the 
group.

You should consider providing a programmatic interface (perhaps a 
hypothesis 
lattice compatible with what a voice recognizer looks like in EMMA) for 
such 
tools to contribute to rational decision making about when to raise a 
warning, 
and in addition an interface where they can contribute message-content to 
the 
security infoset.
Why? 
The free-content areas drive trust.  Confidence schemes work in this 
domain. 
So there is an enduring value-added niche for such techniques.  The group 
should seek to define interfaces whereby third-party software can 
contribute 
its findings to the rollup summarized by your recommended presentation. 
Otherwise we will continue with the plethora of security helpers waving 
plackards in our faces.

Received on Wednesday, 18 April 2007 20:44:58 UTC