- From: Ian Fette <ifette@google.com>
- Date: Thu, 13 Sep 2007 16:15:40 -0700
- To: "Close, Tyler J." <tyler.close@hp.com>
- Cc: "WSC WG" <public-wsc-wg@w3.org>
- Message-ID: <bbeaa26f0709131615g6a426485m242f509d740fde87@mail.gmail.com>
Tyler, straight from the use-case document: This Note refines the objectives for the Web Security Context Working Group deliverables. It elaborates upon the group's charter<http://www.w3.org/2005/Security/wsc-charter>to explain what the group aims to achieve, what technologies may be used and how proposals will be evaluated. This elaboration is limited to the group's technical work and does not cover additional activities the group intends to engage in, such as ongoing outreach and education. "objectives for the WSCWG deliverables". My objective is for us to make a recommendation on what sorts of things browsers can do to warn people in these (malware) cases. This is not even dictating UI, it could be as simple as "Browsers should explain that previously good sites can be compromised" or "If you go forth, you might be compromised and you may have no way of knowing this at first, i.e. the site will not look "bad" to you." I am trying to say "I want the group to aim to achieve the goal of making a recommendation as to what to do in this circumstance." I am not trying to say "Browsers should do X in this circumstance." I agree that this is different from PII bar, for exactly that reason. That's the first part of the sentence - what I want the group to achieve. The second part of the sentence is "what technologies may be used." Originally I said blacklists, but you had a problem with that. So I made it technology agnostic, and yet you still have a problem. Oh well. Third part is how proposals will be evaluated - my use case says that a proposal for how to handle this case will involve giving guidance on what warnings to display to user. I've hit all the points. What's the problem? On 9/13/07, Close, Tyler J. <tyler.close@hp.com> wrote: > > > > Hi Ian, > > Ian Fette wrote: > > The use cases say "This is something we should consider looking at." > > Perhaps that's the core of our disagreement. The use-cases are *not* the > proposals we will consider. The use-cases are the tests we will consider > when judging proposals. My PII bar proposal is a recommendation > proposal, not a use case. You are currently proposing a use-case, a way > of testing proposals. I suggest you instead make a recommendation > proposal. > > Please consider the difference between a test and the thing being > tested. I hope you will then reconsider the statements you made in the > rest of your email. > > --Tyler > >
Received on Thursday, 13 September 2007 23:16:00 UTC