Re: ACTION-344: Alert TAG chair when CORS and/or UMP goes to LC to trigger security review

On Mar/21/2011 12:19 PM, ext Jonathan Rees wrote:
> UMP latest WD: Jan 2010
>   http://www.w3.org/TR/2010/WD-UMP-20100126/
>
> CORS latest WD: July 2010
>   http://www.w3.org/TR/2010/WD-cors-20100727/
>
> There are more recent editors' drafts of each.

The versions in /TR/ include links to their latest Editor's Draft:

   http://dev.w3.org/2006/waf/access-control/
   http://dev.w3.org/2006/waf/UMP/

If someone is interested in these specs, the EDs are the correct version 
to use.
> I've also been monitoring the public-web-security list and have seen
> nothing there related to UMP or CORS.

Currently, public-webapps is the right list for related discussions.

These two specs are explicit deliverables in the proposed Web 
Application Security WG [WebAppSec] (last updated July 2010). Several 
months ago I  asked W3C Staff for an update/status of this proposed WG 
but never received a reply.

Earlier this month, both Noah and I both asked the Staff about the 
status of this proposed WG and I didn't receive a reply.

Noah - if you got a response please share it.
> I'll continue to keep my eye on this and will let the TAG chair know
> as soon as a last call document is published.

I didn't know about your action and I will certainly notify you when 
WebApps publishes a LCWD of these specs.

FYI, some implementation data for these specs is provided in:

   
http://www.w3.org/Security/wiki/Comparison_of_CORS_and_UMP#Implementation_Data

-Art Barstow

[WebAppSec] http://www.w3.org/2010/07/appsecwg-charter#deliverables

Received on Wednesday, 23 March 2011 00:32:25 UTC