Re: ACTION-344: Alert TAG chair when CORS and/or UMP goes to LC to trigger security review

I was not asking for telcon time or anything else. It was just a status update.

Jonathan

On Mon, Mar 21, 2011 at 4:40 PM, Noah Mendelsohn <nrm@arcanedomain.com> wrote:
> OK, thank you. Useful as this report is, I'm not convinced it needs telcon
> time just now. Do you agree? Either way is fine with me. Thanks.
>
> Noah
>
> On 3/21/2011 12:19 PM, Jonathan Rees wrote:
>>
>> I've had this action item for about 15 months now, and thought I'd
>> give a brief report.
>>
>> Here's the discussion where the action was assigned:
>> http://www.w3.org/2001/tag/2009/12/08-tagmem-minutes.html#item03
>>
>> I've been monitoring the webapps list for progress, and both CORS and
>> UMP appear to be stalled. Here is what I've been able to figure out:
>>
>> UMP last call requested April 2010
>>  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0026.html
>>  The ensuing discussion led to creation of Webapps issue 108 on confused
>> deputy
>>  vulnerability (still in RAISED state).  The latest I found on the
>> status of issue 108
>>  was
>> http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/0762.html
>>
>> UMP latest WD: Jan 2010
>>  http://www.w3.org/TR/2010/WD-UMP-20100126/
>>
>> CORS latest WD: July 2010
>>  http://www.w3.org/TR/2010/WD-cors-20100727/
>>
>> There are more recent editors' drafts of each.
>>
>> W3C process document 6.2.7 Working Group "Heartbeat" Requirement:
>>  http://www.w3.org/2005/10/Process-20051014/groups#three-month-rule
>>  "Each Working Group should publish in the W3C technical reports index a
>>  new draft of each active technical report at least once every three
>>  months."
>>
>> I've also been monitoring the public-web-security list and have seen
>> nothing there related to UMP or CORS.
>>
>> I'll continue to keep my eye on this and will let the TAG chair know
>> as soon as a last call document is published.
>>
>> Best
>> Jonathan
>>
>>
>

Received on Monday, 21 March 2011 21:06:47 UTC