Closed plehegar closed 1 month ago
We discussed the rechartering at TPAC, noting a few additions and removals from our deliverables: https://github.com/w3c/webappsec/blob/main/meetings/2023/2023-09-15-TPAC-minutes.md#rechartering.
Pull requests for the comments from TPAC 2023: https://github.com/w3c/webappsec/pull/635
Securer Contexts
shall have class specno comment or request from i18n
(from PING) Security and privacy model for cookies , Permissions best practices and APIs, and End-to-End Encryption email should be coordinated with the Privacy IG/WG.
(from PING) some timelines are in 2022....
no comments from APA.
All comments have been addressed. Requesting approval from TilT.
1st sentence of Success Criteria in charter template seems missing from this draft? (on criteria to advance to PR; no mention about no intended to advance to REC)
1st sentence of Success Criteria in charter template seems missing from this draft?
I had assumed this was because the template makes it conditional:
Remove this clause if the Group does not intend to move to REC:
But then, in Deliverables, both options are removed!
Choose one: Expected completion indicates when the deliverable is projected to become a Recommendation, or otherwise reach a stable state The Working Group intends to publish the latest state of their work as Candidate Recommendation (with Snapshots) and does not intend to advance their documents to Recommendation .
The charter history is not yet completed. At least new deliverables like Passkey Endpoints Well-Known URL should be mentioned as changes of this version.
But then, in Deliverables, both options are removed!
Choose one: Expected completion indicates when the deliverable is projected to become a Recommendation, or otherwise reach a stable state The Working Group intends to publish the latest state of their work as Candidate Recommendation (with Snapshots) and does not intend to advance their documents to Recommendation .
I notice, in the changes for the previous charter:
Moved most specs to snapshot (evergreen) publication.
so please add back
The Working Group intends to publish the latest state of their work as Candidate Recommendation (with Snapshots) and does not intend to advance their documents to Recommendation .
I fixed the charter. see https://github.com/w3c/webappsec/pull/641/files
Charter review started: https://lists.w3.org/Archives/Public/public-new-work/2024Feb/0000.html
Deadline is 2024-03-02.
We received 2 requests for changes, including one substantive, https://github.com/w3c/webappsec/issues/645 and https://github.com/w3c/webappsec/issues/646
@marcoscaceres , is there an actual proposal for email encryption that we can link from the WebAppSec charter ?
status: there is an unforeseen delay on this, the proposed changes won't come out until April 3rd.
Following the AC Review, we are proposing the following changes
Remove "Off-The-Record Response Header Field" from the charter. It will be proposed as an addition to the Privacy Working Group separately.
Remove "End-to-end encryption email" from the charter. This was lacking an actual proposal and might be added in a future revision of the charter.
Deadline to comment on those proposed changes is April 17.
https://lists.w3.org/Archives/Member/member-charters-review/2024Apr/0000.html
no additional comments were received. Next step is for W3C to announce the new charter.
Although the charter has already been revised, security is embedded in the fact that this is a group that develops security standards. Therefore, security is part of its mission statement.
Of course, from a methodological point of view, even a security feature can lead to additional security problems (such as the bad lock example in OSSTMM).
New charter proposal, reviewers please take note.
Charter Review
Charter:
What kind of charter is this? Check the relevant box / remove irrelevant branches.
Horizontal Reviews: apply the Github label "Horizontal review requested" to request reviews for accessibility (a11y), internationalization (i18n), privacy, and security. Also add a "card" for this issue to the Strategy Funnel.
Communities suggested for outreach: None
Known or potential areas of concern: None
Where would charter proponents like to see issues raised? (this strategy funnel issue, a different github repo, email, ...) webappsec repo
Anything else we should think about as we review? Nope
cc @mikewest @dveditz