Re: TAG response to your comments on "Issues of concern to the TAG" from Jeff Jaffe on 2012-02-21 (www-tag@w3.org from February 2012)

From: Jeff Jaffe <jeff@w3.org>
Date: Mon, 20 Feb 2012 20:42:40 -0500
To: Noah Mendelsohn <nrm@arcanedomain.com>
CC: "www-tag@w3.org" <www-tag@w3.org>, Thomas Roessler <tlr@w3.org>, Philippe Le Hegaret <plh@w3.org>, Mark Nottingham <mnot@mnot.net>
Message-ID: <4F42F690.4070303@w3.org>
Noah,

Thanks for the additional input.

This gives us a good framework to keep the focus on these key issues.  
In particular, we have a quarterly review of progress of strategic 
standards issues, and we need to put attention on these issues.

More comments in-line.

Jeff

On 2/20/2012 5:42 PM, Noah Mendelsohn wrote:
> Jeff,
>
> On its teleconference of 16 February 2012, the TAG considered the 
> questions
> you raised in your response [1] to our note titled "Issues of concern to
> the TAG". I have been asked to convey to you the following responses:
>
> Jeff Jaffe wrote [regarding weaknesses in the Certificate Authority 
> system]:
>
>> While this is clearly a problem for the Web, it is less clear to me who
>> the TAG thinks should be addressing the topic.  If the issues are SSL
>> security, it would presumably be addressed at the IETF.  Did the TAG
>> decompose the problem enough to identify who should be doing what?
>
> We agree that the technical work will likely happen outside the TAG and
> much of it will be outside the W3C. The TAG, and perhaps those in the
> Security Activity in W3C, need to continue to monitor the impact of these
> threats to the health of the Web, and to work with IETF and others to
> ensure that the solutions are as satisfactory as possible. We note that
> there is active liaison between the security directorate at IETF and the
> Security Activity at W3C, and of course there is also overall W3C to IETF
> coordination, which is managed on the W3C side by Philippe le Hegaret and
> Thomas Roessler, and for IETF by Mark Nottingham. We suggest that the W3C
> Security Activity ensure that other concerned WG's are aware of the
> problems with the CA system.

Thomas, I recommend that the T&S Domain monitor this issue.  Also, I 
recommend that at the quarterly review you report both on the impact on 
W3C specifications (see below), as well as the progress of the IETF 
liaison on this issue, and new TAG insights on this issue.

>
> Jeff Jaffe wrote [...also regarding the CA system...]:
>
>> Among many other important concerns, the impact on the W3C
>> specifications level needs to be assessed."
>
> We agree. We expect that individual working groups should take the 
> lead in
> dealing with impact on particular specifications, and as noted above, the
> TAG will continue to play an oversight role, being alert for new 
> issues, or
> for impact on specifications that others are missing.
>
> Jeff Jaffe wrote [regarding mobile Web apps. vs. native apps]:
>
>> This is a key area of concern.  Did the TAG produce a specific list of
>> features that would be appropriate for the Web platform to help it catch
>> up in areas where it is currently behind?
>
> Only insofar as we included a high-level list in our note [2] to you. We
> believe the people in charge of groups relating to mobile Web 
> applications
> are tracking these things in detail. Our goal in this note was to signal
> that, at a high level, there is both reason for concern about the likely
> success of our overall effort, and reason for optimism that a focused
> effort can succeed.

Philippe, I think the Interaction Domain should monitor this issue.  
Additionally, I recommend that you provide status as part of the 
quarterly strategic review of standards.  While I agree that the TAG 
list [2] is a good starter list, I also think that we need to do more to 
be specific on what new capabilities are needed.

>
> Jeff Jaffe wrote [regarding distributed extensibility and vendor 
> prefixes]:
>
>> Did the TAG discuss solutions? My instincts is that there is an
>> opportunity to address this by speeding up the pace of standardization.
>> If everyone is using the same approach - why should everyone call it
>> "webkit", why can't we just agree?
>
> In the particular case cited, which is CSS, there is very active work in
> the working group to improve the situation. If successful, that effort
> should settle the question of when to use -webkit and when not (we note
> that Webkit engines have 90+% market share on mobile, and that's
> contributing to the confusion between vendor-specific and ubiquitous
> features.) The TAG has at times started work in the general area of
> extensibility, but we are not currently focusing on this.
>
> Thank you very much.
>
> Noah Mendelsohn
> for the W3C Technical Architecture Group
>
> [1] http://lists.w3.org/Archives/Public/www-tag/2012Feb/0054.html
> [2] http://lists.w3.org/Archives/Public/www-tag/2012Feb/0049.html
>
> Tracker: this note addresses TAG ACTION-671
Received on Tuesday, 21 February 2012 01:42:49 UTC