W3C home > Mailing lists > Public > www-tag@w3.org > March 2011

ACTION-344: Alert TAG chair when CORS and/or UMP goes to LC to trigger security review

From: Jonathan Rees <jar@creativecommons.org>
Date: Mon, 21 Mar 2011 12:19:20 -0400
Message-ID: <AANLkTikQs2f0OzL947eKHH5EKJRQ0aKn6a+AZ_DNPSqu@mail.gmail.com>
To: www-tag@w3.org
I've had this action item for about 15 months now, and thought I'd
give a brief report.

Here's the discussion where the action was assigned:
http://www.w3.org/2001/tag/2009/12/08-tagmem-minutes.html#item03

I've been monitoring the webapps list for progress, and both CORS and
UMP appear to be stalled. Here is what I've been able to figure out:

UMP last call requested April 2010
 http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0026.html
 The ensuing discussion led to creation of Webapps issue 108 on confused deputy
 vulnerability (still in RAISED state).  The latest I found on the
status of issue 108
 was http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/0762.html

UMP latest WD: Jan 2010
 http://www.w3.org/TR/2010/WD-UMP-20100126/

CORS latest WD: July 2010
 http://www.w3.org/TR/2010/WD-cors-20100727/

There are more recent editors' drafts of each.

W3C process document 6.2.7 Working Group "Heartbeat" Requirement:
 http://www.w3.org/2005/10/Process-20051014/groups#three-month-rule
 "Each Working Group should publish in the W3C technical reports index a
 new draft of each active technical report at least once every three
 months."

I've also been monitoring the public-web-security list and have seen
nothing there related to UMP or CORS.

I'll continue to keep my eye on this and will let the TAG chair know
as soon as a last call document is published.

Best
Jonathan
Received on Monday, 21 March 2011 16:19:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:37 UTC