- From: Doyle, Bill <wdoyle@mitre.org>
- Date: Mon, 26 Mar 2007 12:37:48 -0400
- To: "Johnathan Nightingale" <johnath@mozilla.com>, "Web Security Context WG" <public-wsc-wg@w3.org>
Yes, I agree that it is security context within WSC charter and scope - maybe needs a heading change. I agree that section 7 is not an exhaustive list even within the context of the WG Charter and Scope, but it provides a good starting point. I helped write portion of the wiki "Documenting Status Quo" in order to craft an outline with some text as to why specific security services, capabilities and issues are of interest and actively being pursued by the WG. Not sure if that wiki doc helps or not to set the security context stage. Bill D -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Johnathan Nightingale Sent: Monday, March 26, 2007 9:45 AM To: Web Security Context WG Subject: Re: ISSUE-20: Potential additions to Available Security Information No objection to the additions, though they start to get a little out of the "web" context when you talk about traceroute data. Maybe some catch-all is appropriate here, "Network diagnostic information (e.g. ping, traceroute, etc)" or equivalent? Catch-alls are intrinsically non-exhaustive, but I would think it obvious that we mean "exhaustive" within some context. Maybe not? As for rephrasing the term in the first place, my only note would be that whatever we rephrase it to should continue to imply that this list is an important and comprehensive piece of work. Honestly, section 7 is a reference I've already used multiple times in my own conversations - I think it's important that we persist in our efforts to keep it comprehensive. Basically, my feeling is that the list could be a valuable deliverable on its own, and the kind of thing that is very much up the w3's alley. Cheers, Johnathan --- Johnathan Nightingale Human Shield johnath@mozilla.com On 26-Mar-07, at 9:28 AM, Web Security Context Issue Tracker wrote: > > > ISSUE-20: Potential additions to Available Security Information > > http://www.w3.org/2006/WSC/Group/track/issues/20 > > Raised by: Mary Ellen Zurko > On product: Note: use cases etc. > > http://lists.w3.org/Archives/Public/public-usable- > authentication/2007Mar/0032.html - > In section 7, are you that confident that you can claim it's truly an > exhaustive list? :) For cookies, do you want to explicitly call > out "both > those sent and server requests to store"? DNS can also provide > reverse-mapping addresses; if example.com has IP address 1.2.3.4, does > 4.3.2.1.in-addr.arpa map to example.com? Also IP ping/traceroute > can show > packet flows ("since when is Citibank HQ in Uzbekistan"?) Also, IP/ > geo > mapping facilities. These aren't commonly done, but since you mention > repuation service... > > We should probably rephrase the "exhaustive". Any pushback on the > suggested > additions? > > > > >
Received on Monday, 26 March 2007 16:37:57 UTC