RE: ISSUE-47: define extension interface for content-scanning tools (public comment) from Doyle, Bill on 2007-04-20 (public-wsc-wg@w3.org from April 2007)

From: Doyle, Bill <wdoyle@mitre.org>
Date: Fri, 20 Apr 2007 00:20:21 -0400
To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, "Web Security Context WG" <public-wsc-wg@w3.org>
Message-ID: <518C60F36D5DBC489E91563736BA4B5801691FB8@IMCSRV5.MITRE.ORG>

fixed the errors with issue 45 and issue 46.
 
text for 47 the duplicate was correct and closed - taken from issue 46 
 
Under "New security information", this is out of scope. 
 
 



________________________________

	From: public-wsc-wg-request@w3.org
[mailto:public-wsc-wg-request@w3.org] On Behalf Of Mary Ellen Zurko
	Sent: Wednesday, April 18, 2007 4:44 PM
	To: Web Security Context WG
	Subject: Re: ISSUE-47: define extension interface for
content-scanning tools (public comment)
	
	
	
	Identical to ISSUE-46 - cut and paste error. 
	
	          Mez
	
	Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l
333-6389)
	Lotus/WPLC Security Strategy and Patent Innovation Architect
	
	
	
	
Web Security Context Issue Tracker <dean+cgi@w3.org> 
Sent by: public-wsc-wg-request@w3.org 

04/16/2007 06:46 AM 
Please respond to
Web Security Context WG <public-wsc-wg@w3.org>


To
public-wsc-wg@w3.org 
cc
Subject
ISSUE-47: define extension interface for content-scanning tools (public
comment)

	




	
	
	ISSUE-47: define extension interface for content-scanning tools
(public comment)
	
	http://www.w3.org/2006/WSC/Group/track/issues/47
	
	Raised by: Bill Doyle
	On product: Note: use cases etc.
	
	>From public comments
	raised by: Al Gilman Alfred.S.Gilman@ieee.org
	
	http://lists.w3.org/Archives/Public/public-usable-
	authentication/2007Apr/0000.html
	
	define extension interface for content-scanning tools 
	where it says, in 5.5 Content based detection
	The Working Group will not recommend any checks on
	  the content served by web sites.
	please consider
	I don't think that you mean people shouldn't check signatures
on signed 
	content.  What I think that you mean is that the filter queries
or trip 
	thresholds
	for statistical techniques such as you discuss will not be
published by the 
	group.
	
	You should consider providing a programmatic interface (perhaps
a hypothesis 
	lattice compatible with what a voice recognizer looks like in
EMMA) for such 
	tools to contribute to rational decision making about when to
raise a warning, 
	and in addition an interface where they can contribute
message-content to the 
	security infoset.
	Why? 
	The free-content areas drive trust.  Confidence schemes work in
this domain.  
	So there is an enduring value-added niche for such techniques.
The group 
	should seek to define interfaces whereby third-party software
can contribute 
	its findings to the rollup summarized by your recommended
presentation.  
	Otherwise we will continue with the plethora of security
helpers waving 
	plackards in our faces.

Received on Friday, 20 April 2007 04:20:36 UTC