Security considerations #776
Comments
|
Amusingly a lot of the questions there assume that this document exists. I don't see any question that would be directly applicable other than 2.17 I guess. Did you have anything in particular in mind? |
|
@annevk I'm not sure I'm following your reply. Can you explain a bit more what you mean by The request isn't to complete the questionnare regarding the DOM spec in general (since, of course, its been around for a long time), but regarding the new functionality added / changed since the last time doc was revised / went through horizontal review. To my read, all the questions seem applicable in that regard. Does that help clarify the request? :) |
|
I do not recall it ever going through horizontal review. In any event, I have no clear idea on what a Security section might say. And what I meant is that the security questionnaire presupposes the architecture defined in DOM is there, which makes it hard to evaluate that architecture with those questions. |
|
@annevk whilst acknowledging that not all of the self-review questions will be relevant, in your best judgement and with your knowledge of the DOM standard, do you think there is information relating to security that should be drawn to the attention of people reading the spec? |
|
I don't think there is. It defines a lot of infrastructure and the potential security issues are with the users of that infrastructure, not the infrastructure itself. |
|
Thanks @annevk.
|
|
@samuelweiler and @Snyder unless you say otherwise by end of 31 October, we'll assume this satisfactorily concludes the security review of the DOM Standard review draft (ahead of its transition to CR). |
|
Thanks on both counts!
|
|
Reopening this rather than file a new issue, since I imagine the context is helpful. I still think having having doc authors do a self-analysis of security issues is helpful. I'm also not sure what that will look like, which is part of why we point back at the doc authors for the first pass. You might find RFC3552 Section 5 helpful. I'm not sure how much the usual TAG/PING questionnaire will help in this case, but it's worth looking through. |
samuelweiler
added
the
security-needs-resolution
|
@samuelweiler we already have #1013, no? |
We do. Since we process security and privacy considerations separately, it might be useful to have the separation (so that if, e.g., one section is complete and the other isn't, the tracking makes more sense), but I'm fine if you want to close this issue and just use #1013. |
|
Let's that one for now, since for all the discussion we've had, I've yet to see someone find an actual issue. |
Would you add a section summarizing areas of security interest within the DOM spec?
The below document might be of help:
https://www.w3.org/TR/security-privacy-questionnaire/
The text was updated successfully, but these errors were encountered: