David, All,
Regarding, why is the WAF WG working on the AC [AC-spec] spec, I
think some history is important -
Our work began after the Team held a Project Review [AC-PR] in April
2006. The review was chaired by Thomas Roessler and the Chair of the
AC task force (Brad Porter) presented slides [Brad] that identified a
small set of Use Cases that would be in scope as well as the basic
architecture of the proposed work that was based on a related WG Note
by the VB WG [AC-Note]. A few weeks later Tim approved publication of
the the first WD.
Clearly the Team could have blocked that FPWD pending an AC review. I
can't speak for them but based on the relatively small set of UCs we
identified at the time and the desire not to have different competing
specs (i.e. one for VB, one for XBL2, one for XHR), the task/spec
envisioned didn't seem large enough to form a new WG. If we wanted to
ignore other UCs and prior work and just solely address WAF's AC-
related requirements i.e. XBL2, then we could have embedded something
like the AC spec directly in the XBL2 spec. If we had done so, we
wouldn't be discussing this issue (=is this work explicit in the
Charter) but don't think such a short-sighted position would have
been wise. Lastly, hindsight is always 20/20 and if we were able to
predict the future in April 2006 e.g. we knew that new technologies
such as JSONRequest could be potentially relevant, then perhaps a
different choice would have been made.
Regarding transparency i.e. the the implication this work was
intentionally "flown low on the radar screen" - I'm surprised by this
assertion because I've done what I believe is more than due diligence
to publicize this spec. In particular, during the May 2006 AC meeting
I made a presentation about this work [AC-PR]. The work was also
discussed or mentioned in Domain reports or presentations at the May
2006, November 2007 and May 2007 AC meetings. Additionally, I
included an overview of the spec in my WAF WG presentations at
WWW2006 [WWW2006] and WWW2007 [WWW2007], in June 2007 we explicitly
asked the TAG to review the spec [TAG-Request], we invited the WSC WG
and XML Security Maintenance WG to our TPAC f2f meeting, we have
directly engaged with the POWDER WG and this spec was also mentioned
on several of the W3C's Newsletters and NewsWires.
Thus, I would appreciate it if you would please send me the pointer
(s) to the evidence that substantiates your claim:
[[
I see considerable evidence that the specification has "flown low on
the radar"
]]
Regarding the need for UCs and Requirements - as you know, I agree
with you (as I've stated on the WG's member and public mail lists)
and I appreciate you volunteering to help with that task so thanks
again.
Regarding work item granularity for a WG - as Nokia's AC rep I have
at times struggled with the related issues including: Team overhead,
allocation of Nokia's resources, IPR concerns, etc. It's a
interesting balancing act and surely a single spec (or spec family)
per WG is appropriate at times but could also introduce unacceptable
overhead if taken to the extreme.
BTW, during last November's TPAC meeting, I encouraged Hal to join
the WAF WG and explained to him that one reason we do not enforce the
Good Standing requirement is to facilitate people like him that only
want to participate on a specific spec.
Regards, Art Barstow
---
[AC-spec] <http://www.w3.org/TR/access-control/>
[AC-PR] <http://www.w3.org/2006/04/27-access-control-minutes>
[AC-Note] <http://www.w3.org/TR/2005/NOTE-access-control-20050613/>
[Brad] <http://www.w3.org/2006/04/27-access-control/Overview.html>
[WWW2006] <http://www.w3.org/2006/Talks/0524-www-WAF.pdf>
[WWW2007] <http://www.w3.org/2007/Talks/WWW2007-WAF-May-09.pdf>
[TAG-Request] <http://lists.w3.org/Archives/Public/www-tag/2007Jun/
0114.html>
On Jan 11, 2008, at 8:00 PM, ext David Orchard wrote:
I'm Bcc:ing the AC List because I believe that other AC members may be
interested in my comments, but I don't want WG members to accidentally
cc the AC list.
My comments are mainly that the charter is too broad in scope and too
undefined in deliverables. The broadness of scope of the current WAF
charter has precluded our organization from significantly
participating
in the Working Group, and this rechartering exacerbates the problem
going forward. In our case, Hal Lockhart is a supremely qualified
person to work on Access Control but has spent little time on that
area
of work because the current WAF is so broad in scope. In another
example, we have other people who are qualified and interested in the
Widgets work but are unable to participate for the same reasons.
The usual solution for the problem of a very broad scope in charter is
to refactor into more WGs with smaller charters. I prefer that but
I'm
also open to other solutions that increase the participation in
deliverying items under the W3C Process. I'm very uncomfortable with
the current charter scope and single WG process.
As an example of the problems of broad and open scope, I am
disappointed
by the way that Access Control was added to the Working Groups
deliverables without AC review and the usual deliverables of
requirements and use cases. It seems that almost immediately after
WAF
was chartered [1] in November 2005, it immediately took over
editing the
"Authorizing Read Access to XML Content Using the <?access-control?>
Processing Instruction 1.0" document, as roughly described in [2]. I
realize that the charter says "Given that the rich Web client area
is in
a phase of rapid development, the Working Group may become aware of
the
urgent need for standardization of a technology not explicitly
listed in
this charter, but still in the scope of the Working Group", but I fail
to see why such urgency that an AC review and normal process can be
ignored. In the Access Control case, it was added almost immediately
after chartering in December 2005 and has been worked on sporadically
since then and we are now at January 2008. I see considerable
evidence
that the specification has "flown low on the radar" and there are
still
many differences of opinion about fundamental requirements. AC review
and publication of Requirements and Use Cases are good triggers for
early review and consensus building, and we did not see those. This
lack of process on Access Control has meant that we have not
tracked the
work nearly as closely as we would have liked, though we are now
trying
to rectify that.
I would like the AC consulted whenever a deliverable is added. I'd
like
to see a more rigorous process that includes early publication of
requirements and use cases for each deliverable.
Cheers,
Dave
[1] http://www.w3.org/2006/appformats/admin/charter.html
[2]
http://lists.w3.org/Archives/Public/public-appformats/2005Dec/
0004.html
