ISSUE-10: Scope sections: \"Web\" in sections 4.1 and 5.1; \"entity identification\" in 4.3 from Web Security Context Issue Tracker on 2007-02-07 (public-wsc-wg@w3.org from February 2007)

From: Web Security Context Issue Tracker <dean+cgi@w3.org>
Date: Wed, 7 Feb 2007 01:14:09 +0000 (GMT)
To: public-wsc-wg@w3.org
Message-Id: <20070207011409.DD892BDA8@w3c4.w3.org>

ISSUE-10: Scope sections: "Web" in sections 4.1 and 5.1; "entity identification" in 4.3

http://www.w3.org/2006/WSC/Group/track/issues/10

Raised by: Thomas Roessler
On product: Use Cases / Scenarios / Assumptions

I'm concerned about the way in which we currently draw the line between Web and
non-Web protocols.  Let me note that I don't disagree with what (I believe) is
meant by these sections, but that I'm unhappy about the way this is presented.

- When asking "what is the web?", I'd like us to refer to webarch [1].

- The notion of Web and non-Web protocols is a murky one, given that web
architecture lives from having URIs that can sit on top of just about any
protocol. Instead of going down this particular rathole (which the current draft
gets dangerously close to), I'd suggest that we simply say that we consider HTTP
(and HTTPS) the center of our scope; that we consider low-level protocols and
telephone signaling (SS7, ISDN, NANP) clearly out of scope; and that the
presentation of context information for any other protocols is a non-goal: I.e.,
if something happens to be useful for POP or FTP or gopher (e.g., display of
properties of a pop:// URI that is about to be dereferenced; information about
an FTP session if it was used instead of HTTP, etc), then that's fine, but we
won't invest any significant amount of time into it.

Note that this proposal implies pruning references to "Web protocols" and
"non-Web protocols", and moving some of the material that's currently under
"scope" into "goals/non-goals".

(This goes back to Hal's remarks in the 7 February telephone conference about
encountering unknown protocols.)

- I'd like to propose the following edit for 4.3, Entity Identification: "A web
browsing session is like a conversation, where, dereferencing resources, the
user converses with various entities, some known, others newly encountered. Each
resource that the user interacts with is identified by a URI. Through specifics
of the underlying protocol (including DNS names or SSL certificates), other
designators are bound to the resources dereferenced and the entities that
provide these resources."  Then continue with the current text at "Recommending".

1. http://www.w3.org/TR/webarch/

Received on Wednesday, 7 February 2007 01:14:10 UTC