- From: Web Security Context Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Fri, 14 Dec 2007 21:42:39 +0000 (GMT)
- To: public-wsc-wg@w3.org
ISSUE-134: Let others besides industry define AAC criteria [wsc-xit] http://www.w3.org/2006/WSC/track/issues/ Raised by: Mary Ellen Zurko On product: wsc-xit "designed to establish accountability in accordance with an industry standard set of criteria" Is "industry standard" too constraining? What about government standards, and standard standards? Do we really mean to leave them out? I wouldn't, so if we do, I'd like to know why? I'm throwing this comment in here to, just to be sure I get an answer: "It is further assumed that Issuer and Subject information included in Augmented Assurance Certificates is valid, and intended to be displayed to users." What does valid mean in this context? Does it refer to checking the chain (and URL), or something else? "intended to be displayed to users" is interesting, given our charter. Does this really mean the low bar it implies; strings that are intended for human consumption (but no particular understanding)?
Received on Friday, 14 December 2007 21:42:55 UTC