Re: ISSUE-189 (SharedSecretWithWhom): shared secret from UA of web site? [wsc-xit] from Mary Ellen Zurko on 2008-03-21 (public-wsc-wg@w3.org from March 2008)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Fri, 21 Mar 2008 10:22:29 -0400
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: public-wsc-wg@w3.org
Message-ID: <OF344A08E0.276C9DD5-ON85257413.004EE99A-85257413.004EF6AF@LocalDomain>

Yes thanks, that's good. In all ways - that's also the right fix. 

From:
Stephen Farrell <stephen.farrell@cs.tcd.ie>
To:
Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date:
03/20/2008 01:21 PM
Subject:
Re: ISSUE-189 (SharedSecretWithWhom): shared secret from UA of web site? 
[wsc-xit]

Sure. Once I know what's needed, since I thought that the
issue was "good" already:-)

Mary Ellen Zurko wrote:
>
> Can I get you to update this to follow our best practices?
> http://www.w3.org/2006/WSC/wiki/WriteGoodIssue
>
> It will help me understand just what this issue is about.

I raised the issue because the text (1st para of [1]) isn't
clear as to whether or not the shared secret is between the
user and UA or the user and web site. (It talks about both.)

Subsequent sentences just talk about a user/UA secret.

I guess one possible change would be to make this section
only consider user/UA secrets and not mention user/site
secrets at all.

Would adding that suggestion get sufficient "goodness"?

Ta,
S.

[1]
http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sharedsecret-goodpractice

>
> From: Web Security Context Working Group Issue Tracker
> <sysbot+tracker@w3.org>
> To:   public-wsc-wg@w3.org
> Date: 03/19/2008 11:39 AM
> Subject:      ISSUE-189 (SharedSecretWithWhom): shared secret from UA of 
web
> site? [wsc-xit]
>
>
> ------------------------------------------------------------------------
>
>
>
>
> ISSUE-189 (SharedSecretWithWhom): shared secret from UA of web site?
> [wsc-xit]
>
> http://www.w3.org/2006/WSC/track/issues/
>
> Raised by: Stephen Farrell
> On product: wsc-xit
>
>
> The current 7.1.2 [1] seems to be vague as to whether the
> shared secret is shared with the UA or site.
>
> Would it be a good/bad idea to ask that this be made clear
> to the user (where "this" = "whether the secret is between
> user and UA or user and site").
>
> TLR: Reckons that MEZ's input is needed here since she edited
> this last.
>
> [1]
> 
http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sharedsecret-goodpractice

>
>
>
>
>
>

Received on Friday, 21 March 2008 14:23:09 UTC