ACTION-344: Alert TAG chair when CORS and/or UMP goes to LC to trigger security review

I've had this action item for about 15 months now, and thought I'd
give a brief report.

Here's the discussion where the action was assigned:
http://www.w3.org/2001/tag/2009/12/08-tagmem-minutes.html#item03

I've been monitoring the webapps list for progress, and both CORS and
UMP appear to be stalled. Here is what I've been able to figure out:

UMP last call requested April 2010
 http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0026.html
 The ensuing discussion led to creation of Webapps issue 108 on confused deputy
 vulnerability (still in RAISED state).  The latest I found on the
status of issue 108
 was http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/0762.html

UMP latest WD: Jan 2010
 http://www.w3.org/TR/2010/WD-UMP-20100126/

CORS latest WD: July 2010
 http://www.w3.org/TR/2010/WD-cors-20100727/

There are more recent editors' drafts of each.

W3C process document 6.2.7 Working Group "Heartbeat" Requirement:
 http://www.w3.org/2005/10/Process-20051014/groups#three-month-rule
 "Each Working Group should publish in the W3C technical reports index a
 new draft of each active technical report at least once every three
 months."

I've also been monitoring the public-web-security list and have seen
nothing there related to UMP or CORS.

I'll continue to keep my eye on this and will let the TAG chair know
as soon as a last call document is published.

Best
Jonathan

Received on Monday, 21 March 2011 16:19:58 UTC