Re: Normative references to Workers.

2015-09-15 Thread Tab Atkins Jr.
On Tue, Sep 15, 2015 at 10:31 AM, Mike West  wrote:
> The "Upgrade Insecure Requests" specification[1] references the WHATWG HTML
> spec for the
> "set up a worker environment settings object" algorithm[2], as the Web
> Workers Candidate Recommendation from May 2012[3] substantially predates the
> entire concept of a "settings object", and because the WHATWG is the group
> where work on Workers seems to be being done.
>
> This referential choice was flagged during a discussion of transitioning the
> Upgrade spec to CR, where it was noted that the Web Workers editor's draft
> from May 2014 does contain the referenced concept[4].
>
> It seems appropriate, then, to bring the question to this group: does
> WebApps intend to update the Workers draft in TR? If so, is there a path
> forward to aligning the Workers document with the work that's happened over
> the last year and a half in WHATWG? Alternatively, does WebApps intend to
> drop work on Workers in favor of the WHATWG's document?

Agreed with Hixie; the WHATWG spec is the most recent normative
version of that section, and should be referenced instead.  Remember,
there's nothing wrong with reffing WHATWG specs.  It will not delay or
hamper your publication or Rec-track advancement, despite the
occasional misinformed complaint from someone not aware of the
policies.

~TJ



Normative references to Workers.

2015-09-15 Thread Mike West
The "Upgrade Insecure Requests" specification[1] references the WHATWG HTML
spec for the
"set up a worker environment settings object" algorithm[2], as the Web
Workers Candidate Recommendation from May 2012[3] substantially predates
the entire concept of a "settings object", and because the WHATWG is the
group where work on Workers seems to be being done.

This referential choice was flagged during a discussion of transitioning
the Upgrade spec to CR, where it was noted that the Web Workers editor's
draft from May 2014 does contain the referenced concept[4].

It seems appropriate, then, to bring the question to this group: does
WebApps intend to update the Workers draft in TR? If so, is there a path
forward to aligning the Workers document with the work that's happened over
the last year and a half in WHATWG? Alternatively, does WebApps intend to
drop work on Workers in favor of the WHATWG's document?

It would be helpful if we could get some clarity here. :)

Thanks!

[1]: https://w3c.github.io/webappsec/specs/upgrade/
[2]:
https://html.spec.whatwg.org/multipage/workers.html#set-up-a-worker-environment-settings-object
[3]: http://www.w3.org/TR/workers/
[4]: https://w3c.github.io/workers/

--
Mike West , @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)


Re: Normative references to Workers.

2015-09-15 Thread Ian Hickson
On Tue, 15 Sep 2015, Mike West wrote:
> 
> It seems appropriate, then, to bring the question to this group: does
> WebApps intend to update the Workers draft in TR?

FWIW, I think the W3C should get out of the business of republishing 
WHATWG specifications. It's just adding confusion, especially since the 
W3C drafts are invariably out of date. IMHO the "Upgrade Insecure 
Requests" specification should just reference the WHATWG spec.

-- 
Ian Hickson   U+1047E)\._.,--,'``.fL
http://ln.hixie.ch/   U+263A/,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'



Re: Normative references to Workers.

2015-09-15 Thread Daniel Veditz
On Tue, Sep 15, 2015 at 11:25 AM, Tab Atkins Jr. 
wrote:

> ​there's nothing wrong with reffing WHATWG specs.  It will not delay
> ​ or hamper​
>
> publication or Rec-track advancement, despite the
> ​ occasional misinformed​
>
> complaint from someone not aware of the
> ​ ​
> policies.
>

​When the complaint comes from the office of the Director we have to assume
it's going to hamper us whether or not they are misinformed.

-Dan Veditz​


Re: Normative references to Workers.

2015-09-15 Thread Philippe Le Hegaret

On 09/15/2015 03:26 PM, Daniel Veditz wrote:

On Tue, Sep 15, 2015 at 11:25 AM, Tab Atkins Jr. > wrote:

​there's nothing wrong with reffing WHATWG specs.  It will not delay
​ or hamper​

publication or Rec-track advancement, despite the
​ occasional misinformed​

complaint from someone not aware of the
​ ​
policies.


​When the complaint comes from the office of the Director we have to
assume it's going to hamper us whether or not they are misinformed.


To be clear here: the point made was that the Web Application Security 
group never asked for a review from the Web Applications working group 
prior to asking for transition to CR. As a consequence, the WebApps 
group did not get an opportunity to review the Upgrade Insecure 
Resources specification [1], including the reference related to Web Workers.
As a reminder, there is an expectation that the specification has 
received wide review prior to the publication of a Candidate Recommendation.


Philippe

[1] http://www.w3.org/TR/upgrade-insecure-requests/