- From: Mary Ellen Zurko <mzurko@us.ibm.com>
- Date: Wed, 12 May 2010 07:40:34 -0400
- To: "Thomas Roessler <tlr" <tlr@w3.org>
- Cc: WSC WG public <public-wsc-wg@w3.org>
- Message-ID: <OFD62729E8.2F292FBD-ON85257721.00401BD9-85257721.0040234C@LocalDomain>
Looks good to me; tx! Mez From: Thomas Roessler <tlr@w3.org> To: Mary Ellen Zurko/Westford/IBM@Lotus Cc: Thomas Roessler <tlr@w3.org>, WSC WG public <public-wsc-wg@w3.org> Date: 05/11/2010 12:29 PM Subject: Proposed SOTD for Proposed Recommendation I've just added this text to the editor's draft: > This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/. > > The W3C Membership and other interested parties are invited to review the document and send comments to public-usable-authentication@w3.org (with public archive) through @@. Advisory Committee Representatives should consult their WBS questionnaires. Note that substantive technical comments were expected during the Last Call review period that ended 31 March 2010. > > Please see the Working Group's Implementation Report. > > This document was developed by the Web Security Context WorkingaGroup. The Working Group expects to advance this Working Draft to Recommendation Status. > > To frame its development of this specification, the Working Group had previously published a use case note [WSC-USECASES]. This specification addresses most of the use cases and issues documented in that note by documenting best existing practice, with the following exceptions: > > ? This specification does not include advice for web site authors. > > ? This specification does not provide advice to address the issue explained in sections 9.1.2 Visually extending the chrome and 9.2.7 Information bar (aka: notification bar). > > Additionally, section 10.4 Implementation and testing of [WSC-USECASES] articulated an expectation that the recommendations in this specification would be subject to usability testing, at least on a low fidelity level, and that such testing would form part of the Candidate Recommendation exit criteria. Resources available to the Working Group at this point will not permit the group to conduct extensive usability testing. At the same time, the focus of this specification has shifted toward documenting best existing practice. > > For a list of changes to this document since its latest Last Call Working Draft, please refer to the diff document that is available. Notable changes made in response to last call comments include: > > @@ Note: Will add links to sections in the diff to this list of changes. @@ > > ? A clarification in the overview that the security properties of the local client state are out of scope. > ? Removing upgrades as defined in RFC 2817 from the definition of TLS-protected. > ? Reverting the conformance criteria for TLS indicator and identity signal to their Candidate Recommendation state of SHOULD in primary user interface, otherwise MUST in secondary user interface. (During the latest last call they had been changed to MUST in primary user interface.) > ? In errors that interrupt the user's flow of interaction, clarifying that user agents are to make a best effort to enable the user to easily return to the previous user agent state. > ? Referencing TLS-protected HTTP instead of HTTPS in the discussion of the security considerations of dynamic content changes from calls to the XMLHttpRequest API. > > Publication as a Proposed Recommendation does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress. > > This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy. -- Thomas Roessler, W3C <tlr@w3.org> (@roessler)
Received on Wednesday, 12 May 2010 11:41:11 UTC