- From: (unknown charset) Alex Rousskov <rousskov@measurement-factory.com>
- Date: Fri, 28 Mar 2003 09:41:55 -0700 (MST)
- To: (unknown charset) www-qa@w3.org
On Fri, 28 Mar 2003, Dominique [ISO-8859-1] Hazaël-Massieux wrote: > Issues regarding the scope of specGL: > > - LC-1: should there be considerations about security? > > Analysis: > > This is clearly out of the scope of the document ["enhance the > clarity, implementability, and testability of TRs"] and of our > charter ["* improving the quality of W3C specifications (with > respect to conformance statement, test assertions, > tutorial/examples, formal representation of languages, etc.)"]. Dominique, I disagree with your interpretation of the WG charter. IMO, requiring "Security Considerations" sections in TRs is a "quality of W3C specifications" issue. Both spec writers and implementors need to be forced to think about security issues because those issues are overlooked otherwise. The "(with respect to ...)" items you quote have "etc." for a good reason. IMO, the same is true for recommending or requiring _any_ specific section in TRs -- QA WG should be in a position to recommend basic structure of a typical TR (i.e., a list of required sections). If QA WG cannot do that, who can? And SpecGL is _the_ place to make such a recommendation. I also disagree with your interpretation of the SpecGL scope. A "Security Considerations" section does enhance the clarity of TRs (because all concerns are listed in a single place) and does help implementors (because they are likely to miss important implementation caveats without it). If you think it does not, why do we have "Security Considerations" sections at all? To guide crackers to possible vulnerabilities?! Presence of a "Security Considerations" section should be a checkpoint in SpecGL, IMO. Thanks, Alex. P.S. I suspect the very same reasoning applies to a "Accessibility Considerations" section. -- | HTTP performance - Web Polygraph benchmark www.measurement-factory.com | HTTP compliance+ - Co-Advisor test suite | all of the above - PolyBox appliance
Received on Friday, 28 March 2003 11:42:08 UTC