From 5e86f1cc1d6fc70c18d2267fb13c01d568ccb3ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tantek=20=C3=87elik?= Date: Fri, 18 Oct 2024 19:45:49 -0700 Subject: [PATCH 1/2] revert coord with AB to Process CG for process changes suggest reverting to prior proposed SING charter specifically on the matter of coordinating with the Process CG instead of the AB --- 2024/ig-security.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2024/ig-security.html b/2024/ig-security.html index 8d17795..caa9c1d 100644 --- a/2024/ig-security.html +++ b/2024/ig-security.html @@ -162,7 +162,7 @@

Scope

SING provides "horizontal review", offering groups on-request guidance on security issues and mitigations specific to their technologies. SING aims to offer this review as early in the technology development lifecycle as requested, observing that early feedback is often more helpful. SING may also seek out technologies that benefit from earlier security reviews and conduct such reviews on its initiative.

SING incubates standards work on security issues by collecting requirements, prototyping, and/or initiating the work within the IG and recommending that the W3C move the work into other groups when appropriate.

SING may recommend mitigations for security issues in existing features of the Web platform, up to and including their deprecation.

-

SING may provide input to the Advisory Board on process changes that will improve security in Web standards, e.g., by establishing particular requirements or threat models for identifying and mitigating security issues in W3C Recommendations.

+

SING may provide input to the W3C Process Community Group on process changes that will improve security in Web standards, e.g., by establishing particular requirements or threat models for identifying and mitigating security issues in W3C Recommendations.

SING may recommend to the W3C Advisory Committee and the W3C TAG regarding the security impact of proposed standards.

@@ -247,7 +247,7 @@

Coordination

W3C Groups

-
Advisory Board (AB)
This Interest Group will coordinate with the AB to improve the process for security reviews.
+
W3C Process Community Group (Process CG)
This Interest Group will coordinate with the Process CG to improve the process for security reviews.
Technical Architecture Group (TAG)
This Interest Group will collaborate with the TAG for the Self-Review Questionnaire: Security and Privacy, for a Threat Model related the Web Platform, and to harmonize and improve horizontal reviews.
Privacy Interest Group (PING)
This Interest Group will collaborate with PING for the Self-Review Questionnaire: Security and Privacy, for Threat Models related to Privacy and Harm, and to harmonize and improve horizontal reviews.
Web Application Security Working Group (WebAppSec)
This Interest Group will coordinate with WebAppSec for developing security features and mitigations, and for Threat Models related to the Web Platform.
From 208c25e9bc150bdb58e02a891dc03774b23f964e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tantek=20=C3=87elik?= Date: Mon, 21 Oct 2024 10:37:58 -0700 Subject: [PATCH 2/2] change to generic W3C Process input, rm CG coord per request from @simoneonofri, and explicit comments from @manusporny @frivoal that they can live with this option (not blocking) also --- 2024/ig-security.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/2024/ig-security.html b/2024/ig-security.html index caa9c1d..504846f 100644 --- a/2024/ig-security.html +++ b/2024/ig-security.html @@ -162,7 +162,7 @@

Scope

SING provides "horizontal review", offering groups on-request guidance on security issues and mitigations specific to their technologies. SING aims to offer this review as early in the technology development lifecycle as requested, observing that early feedback is often more helpful. SING may also seek out technologies that benefit from earlier security reviews and conduct such reviews on its initiative.

SING incubates standards work on security issues by collecting requirements, prototyping, and/or initiating the work within the IG and recommending that the W3C move the work into other groups when appropriate.

SING may recommend mitigations for security issues in existing features of the Web platform, up to and including their deprecation.

-

SING may provide input to the W3C Process Community Group on process changes that will improve security in Web standards, e.g., by establishing particular requirements or threat models for identifying and mitigating security issues in W3C Recommendations.

+

SING may provide input on W3C Process changes that will improve security in Web standards, e.g., by establishing particular requirements or threat models for identifying and mitigating security issues in W3C Recommendations.

SING may recommend to the W3C Advisory Committee and the W3C TAG regarding the security impact of proposed standards.

@@ -247,7 +247,6 @@

Coordination

W3C Groups

-
W3C Process Community Group (Process CG)
This Interest Group will coordinate with the Process CG to improve the process for security reviews.
Technical Architecture Group (TAG)
This Interest Group will collaborate with the TAG for the Self-Review Questionnaire: Security and Privacy, for a Threat Model related the Web Platform, and to harmonize and improve horizontal reviews.
Privacy Interest Group (PING)
This Interest Group will collaborate with PING for the Self-Review Questionnaire: Security and Privacy, for Threat Models related to Privacy and Harm, and to harmonize and improve horizontal reviews.
Web Application Security Working Group (WebAppSec)
This Interest Group will coordinate with WebAppSec for developing security features and mitigations, and for Threat Models related to the Web Platform.