ACTION-344: Alert TAG chair when CORS and/or UMP goes to LC to trigger security review

I've had this action item for about 15 months now, and thought I'd
give a brief report.

Here's the discussion where the action was assigned:

I've been monitoring the webapps list for progress, and both CORS and
UMP appear to be stalled. Here is what I've been able to figure out:

UMP last call requested April 2010
 The ensuing discussion led to creation of Webapps issue 108 on confused deputy
 vulnerability (still in RAISED state).  The latest I found on the
status of issue 108

UMP latest WD: Jan 2010

CORS latest WD: July 2010

There are more recent editors' drafts of each.

W3C process document 6.2.7 Working Group "Heartbeat" Requirement:
 "Each Working Group should publish in the W3C technical reports index a
 new draft of each active technical report at least once every three

I've also been monitoring the public-web-security list and have seen
nothing there related to UMP or CORS.

I'll continue to keep my eye on this and will let the TAG chair know
as soon as a last call document is published.


Received on Monday, 21 March 2011 16:19:58 UTC