ASVS
ASVS copied to clipboard
OWASP
Fr translation
Hello, I will remedy Markdown Linter / markdown-lint-check issues tomorrow. BR
General comment about wording. List of some wording which we might need dscussion and should be checked for consistency throughout the document:
- allow list / back list : liste blanche / liste noire → liste d'acceptations / liste de rejets? (or something like that?)
- endpoint : point de terminaison / point d'entrée → endpoint?
- claims : revendications → ???
- scope : étendue → portée?
- scope : ? → périmètres? (out-of-scope → hors périmètres ; in scope → faisant partie du périmètre ?)
- back-channel : canal arrière → back-channel?
- front-channel
- grant : subvention → ???
- fingerprint : empreinte digitale → empreinte cryptographique?
Hello, I think I resolved all issues and remarks. Can someone approuve the PR? Regards
I'll try to make a quick review (for the modifications) in the following days.
Sorry for the delay!
I think the following wording points have not been completely addressed.
allow list / back list:
- Currently translated as: liste blanche / liste noire
- I think should be replaced.
- Proposition: liste d'acceptations / liste de rejets ?
endpoint:
- Currently : "point de terminaison" and "point d'entrée" are used?
- At least use the same term everywhere?
- Proposition: endpoint?
(JWT) claim:
- Currently "revendication"
- Proposition: I sould just use "claim" which is looks clear to me.
scope (as in in-scope/out-of-scope, not for OAuth "scope"):
- Currently: "portée"
- Proposition: "périmètre"
- out-of-scope → "hors périmètre"?
- in scope → "faisant partie du périmètre"?
- eg. "Portée de l'ASVS" → "Périmètre de l'ASVS"?
back-channel
- Currently: "canal arrière"
- I don't like this much.
- Proposition: "back-channel"?
Hello, my response :
allow list / back list: The current version is good
endpoint: The current version is good
(JWT) claim: The current version is good
scope (as in in-scope/out-of-scope, not for OAuth "scope"): Yes we can change for your proposition
back-channel: Maybe too litteral translation yes
allow list / back list: The current version is good
The original authors have chosen not to use "black list" and "white list" and used "allow list" and "deny list". Therefore, avoiding "liste noire" and "liste blanche" would be a more faithful translation.
Some references:
- https://learn.microsoft.com/fr-fr/entra/external-id/allow-deny-list
- https://wpforms.com/fr/docs/how-to-create-an-allowlist-denylist-for-email-addresses-in-wpforms/
- https://www.illumio.com/fr/blog/allowlist-vs-denylist
- https://knowledge.hubspot.com/fr/inbox/manage-your-inbox-s-allow-and-deny-list
In these examples, they chose to use:
- "liste d’autorisations" and "liste de refus";
- "liste d’autorisations" and "liste d'interdictions".
I would suggest we use either of these wording as well which aligns:
- with the original text;
- with other texts in the literature.
I would prefer the second form if possible although it appears to be slightly less used.
So yes in this case we can edit to "liste d'interdiction" and "liste d'autorisation"
endpoint: The current version is good
I think we use two different wording ("point de terminaison" and "point d'entrée"), we shall at least use the same wording throughout the document.
(JWT) claim: The current version is good
These ones uses "revendication" :
- https://www.ibm.com/docs/fr/order-management?topic=users-jwt-authentication
- https://learn.microsoft.com/fr-fr/entra/identity-platform/jwt-claims-customization
So it's probably OK.
I understand "claim" to actually mean "déclaration" (such as used here https://miashs-www.u-ga.fr/~davidjer/javaee/tp4.pdf) but let's keep "revendication".
(JWT) claim: The current version is good
These ones uses "revendication" :
- https://www.ibm.com/docs/fr/order-management?topic=users-jwt-authentication
- https://learn.microsoft.com/fr-fr/entra/identity-platform/jwt-claims-customization
So it's probably OK. I understand "claim" to actually mean "déclaration" but we can probably keep "revendication" :smile:
Examples of usage of "déclaration":
- https://docs.oracle.com/fr-fr/iaas/Content/Identity/api-getstarted/ClientAssertion.htm
- https://miashs-www.u-ga.fr/~davidjer/javaee/tp4.pdf
- https://cloud.google.com/apigee/docs/api-platform/reference/policies/verify-jwt-policy?hl=fr
allow list / back list:
- old: "liste noire" and "liste blanche"
- new: "liste d'interdiction" and "liste d'autorisation"
endpoint
- old: "point de terminaison" and "point d'entrée"
- new: "endpoint"
(JWT) claim
- old: "revendication"
- new: "déclaration"
scope (as in in-scope/out-of-scope, not for OAuth "scope")
- old: "portée" and "hors champs"
- new: "périmètre" and "hors périmètre"
back-channel
- old: "canal arrière"
- new: "back-channel"
Sorry, but it appears there are 8 instances of "liste blanche" remaining.
Sorry for the delay, we need to prepare an integrity checking script for translations, I will try and get it done in the next couple of weeks, sorry for the delay
We hope to have something on this around the end of this week, start of next week
Hi @clallier94, this now has conflicts. Please revert changes to any shell scripts for now and resolve the merge conflicts. After that, I can merge into this interim branch and do some integrity checks.
Hello @tghosth , I'm back; I was on vacation last week. I see that the new branch is merge to master. Good news. Thx for all
No problem, sorry I didn't wait but it was almost there and I didn't want to delay it :) Thanks to you and the team for your hard work! @clallier94