updated editor's draft: IdentitySignal from Thomas Roessler on 2007-08-08 (public-wsc-wg@w3.org from August 2007)

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 8 Aug 2007 20:14:20 +0200
To: public-wsc-wg@w3.org
Message-ID: <20070808181420.GI14409@raktajino.does-not-exist.org>

Per ACTION-279, ACTION-280, I've updated the editor's draft in the
light of today's discussions:

  @@Web Security Context@@
  Editor's Draft $Date: 2007/08/08 18:03:14 $
  http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#IdentitySignal

Changes:

- There are now two sections, one for the overall signal, one for
  what goes in it.  The "Requirements/Techniques" distinction is
  gone for now, and I wonder if it will survive anywhere.

- Both are less bullet point and more narrative than in the past.

- I've tried to capture the various points that were made during the
  call.  Essentially, we now say:
  
  * there SHOULD be an identity signal in primary chrome
  * if there isn't, there MUST be one in secondary chrome
  * the primary chrome requirement is limited to use cases when
    there's any chrome at all; presentation mode is called out as
    a non-normative example
  * here's what you should take into account for the content of that
    signal

- The constraint that information in the signal must be trustworthy
  is the very first paragraph under "Identity Signal Content"

- For logotypes, both MAY and SHOULD are in square brackets, as are
  the different types of logotypes.

Some open points:

- Some people said "identity" was the wrong word to use here.  I
  very much hope somebody comes up with a better buzzword.  For now,
  I'm keeping it, but with more square brackets.

- I don't like the headlines of the sections.  Please be creative.

- There was no discussion on the treatment of "weakly protected"
  interactions; therefore, that text has stayed as it was.

Please note that I haven't yet reviewed the minutes.  I intend to do
that prior to next week's call, and it might lead to further
changes.

Also, note that the following issues in tracker apply to this
rewritten material:

- ISSUE-96 -- Should support for logotypes be a SHOULD or a MAY?
- ISSUE-97 -- Should logotypes be tied to EV certificates?
- ISSUE-98 -- Which kind of logotype should be preferred?
- ISSUE-99 -- What certificate fields must be included in the
              identity signal?

Comments are, as always, welcome; best when fresh off the call. ;-)

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Wednesday, 8 August 2007 18:14:23 UTC