Edit 3.3.2 Parse metadata in more detail #110
Conversation
baek9
changed the title
There was a problem hiding this comment.
This largely looks good to me, but I think you want to use https://infra.spec.whatwg.org/#strictly-split instead. (Note also that you cannot initialize a variable twice. After "Let" you'll have to use "Set", but this might no longer be a problem if you refactor to use split.)
Instead of "collect" and "substring", I thought of parsing a single However, this will parse the The specification does not explicitly define |
|
You'd have to split on |
That is, Along with the precise definition of |
|
@annevk I wrote new commit for the pull request, so please review it. |
|
I have accepted all of the feedback given by @annevk, thank you. And any other opinions? @domfarolino If not, it seems that it could be the final version of this PR. For the case of the IPR issue, I would like to agree with the non-participant license commitment for solving it. By the way, I have a request. I want to add my name to section 6, acknowledgments. Can I change the index.bs file? or is there another way to do it? |
|
@samuelweiler As the w3c team contact, can you help @baek9 with the non-participant license agreement? |
@domfarolino Please check again if there are any other opinions. If no further modifications are necessary, as mozfreddyb said, I will proceed with the non-participant license agreement with the help of samuelweiler. And I would also like to ask if the contribution #110 with #111(done), #112(in progress) would be enough to put my name in section 6. |
|
I think this looks fine to me, but I don't think I can submit a formal review, maybe because I don't have edit access to the repo? @samuelweiler can you please help @baek9 out with the non-participant license agreement? @annevk Does this look OK to you since your last review? |
Good question; I suppose that's up to the editors, but since there are 9 names in that list and 25 contributors to the spec, I am left to imagine that those names are of people who materially directed the scaffolding of this specification from perhaps the very beginning... but not sure. |
|
We should definitely acknowledge @baek9 for the issues and the effort towards addressing them. If others were overlooked we should add them too. |
There was a problem hiding this comment.
This still looks good to me. We could also start linking "for each" and such to Infra definitions, but that could also be further editorial cleanup.
We also want to replace "a hash function recognized by the user agent" with a definitive set of hash algorithms at some future point rather than leaving it up to user agents.
|
@annevk @domfarolino Thanks again for your review. However, I have not yet been notified of non-participant agreements. @samuelweiler Any help with non-participant license agreements would be appreciated. Thank you. |
|
@baek9 If you work for ETRI, the W3C prefers that you ask the W3C advisory-committee rep from ETRI — Kangchan Lee — to add you to the WebAppSec working group as a member. If you don’t know how to contact Kangchan, please let me know, and I can put you two in touch. Otherwise, if for some reason you’re unable to join the working group as a participant from ETRI, then please let me know, and we can work out a way for you to sign the non-participant license commitment as an individual. |
|
@sideshowbarker I am working at the Attached of Institute of ETRI. As much as the name is similar, it was part of ETRI, but now that a lot of time has passed, they are different. Therefore, participation in the WebAppSec Working Group is not a possible choice for me. For this reason, I would like to get non-participant license commitments. |
|
@baek9 OK, understand. Given that, please create and submit a new comment with the following content: "I Taeho Nam, commit to license all my Essential Claims both in the contribution I represent that I am legally entitled to grant the necessary licenses for my contribution as described in the Patent Policy, especially in Section 3.4 thereof. If my employer or any other party has rights to my contributions, I represent that I have received permission to make the relevant licensing commitments according to the W3C Patent Policy on behalf of such party as if it had made the contribution under this Agreement. I agree to comply with the disclosure obligations to the extent of my personal knowledge, as required by Section 6 of the Patent Policy. Copyright Grant. I grant to you a perpetual (for the duration of the applicable copyright), worldwide, non-exclusive, no-charge, royalty-free, copyright license, without any obligation for accounting to me, to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, distribute, and implement any Contribution to the full extent of my copyright interest in the Contribution. This Agreement shall be deemed to have been entered into and shall be interpreted and governed in all respects by the laws of The Commonwealth of Massachusetts and the United States of America. |
|
@baek9 Additionally, please use https://www.w3.org/accounts/request to create a W3C account and to link it to your GitHub account. |
|
@sideshowbarker I tried to create a W3C account, but it requires information about the employment relationship. It is essential to fill out the "Add new organization" form. Is this process unrelated to https://www.w3.org/Consortium/join.html? In other words, I want to check if the process for proceeding with a non-participant agreement is correct. Thanks. |
The https://www.w3.org/accounts/request form normally doesn’t require information about an employment relationship. But I can imagine that it might do a check on your e-mail address, and if the domain part of that e-mail address is one that’s recognized as belonging to an existing W3C member organization, the behavior changes. If you have a different e-mail address you can register with, maybe try that.
The W3C system for keeping track of royalty-free patent commitments for GitHub PRs depends on there being a W3C user account for the person who authored the PR. So that‘s why it’s necessary to have a W3C account, and to have it linked to your GitHub account. |
|
@sideshowbarker As tested, https://www.w3.org/accounts/request does not ask employment relationship if you have an e-mail address that is a domain (e.g., @etri.re.kr) of a W3C member organization, are a student, or are unemployed. Because I'm not in all cases, I need to enter the Name of the company, Country, and City, Street. And I want to confirm that this is not forcing my company to go through the process of becoming a W3C member. |
|
Completing the https://www.w3.org/accounts/request form is definitely not forcing your company to go through the process of becoming a W3C member. Instead it’s simply just you as an individual getting a personal account. |
|
"I Taeho Nam, commit to license all my Essential Claims both in the contribution #110, and that become Essential Claims as a result of incorporating the contribution into the draft that existed at the time of the contribution, on the terms specified in section 5 of the W3C Patent Policy. I represent that I am legally entitled to grant the necessary licenses for my contribution as described in the Patent Policy, especially in Section 3.4 thereof. If my employer or any other party has rights to my contributions, I represent that I have received permission to make the relevant licensing commitments according to the W3C Patent Policy on behalf of such party as if it had made the contribution under this Agreement. I agree to comply with the disclosure obligations to the extent of my personal knowledge, as required by Section 6 of the Patent Policy. Copyright Grant. I grant to you a perpetual (for the duration of the applicable copyright), worldwide, non-exclusive, no-charge, royalty-free, copyright license, without any obligation for accounting to me, to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, distribute, and implement any Contribution to the full extent of my copyright interest in the Contribution. This Agreement shall be deemed to have been entered into and shall be interpreted and governed in all respects by the laws of The Commonwealth of Massachusetts and the United States of America. |
Done. |
Done. Thank you. |
sideshowbarker
force-pushed
the
parse-metadata
branch
from
5de2321 to
fba0c07
Compare
SHA: 5aab13c Reason: push, by sideshowbarker Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This modifies "3.3.2 parse metadata" to parse metadata using primitives from https://infra.spec.whatwg.org/#string instead of ABNF grammar from https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options. This makes it clear that the user agent does not need to validate the base64 digest contained in the metadata. Also, since it induces fail-open for invalid metadata, the compatibility of the SRI is guaranteed in the future.
Issue number : #84
Preview | Diff
Preview | Diff