W3C Technology and Society Domain

Web Security Context Working Group -- Face-to-face Meeting 2006-11-14/15

On this page: Infrastructure / Attendance / Minutes /Agenda 2006-11-14 / Agenda 2006-11-15


Logistics; dial-in information


Expected in person per registration results:

Attendance on the phone:




More notes that were taken during the meeting:


See also: Original version from 26 October

Chair for both days: MEZ

Tuesday 14 November 2006

  1. Breakfast (08:30)

  2. Administrative details (9:00)

    Selection of scribes

  3. Brief roll call/introductions (9:10)

  4. Agenda bashing (9:30)

  5. W3C WG process overview - Thomas (9:45)

    See also: slides

  6. WG schedule review (10:15)

    Please note open questionnaires.

  7. Break (10:45)

  8. Charter review (11:15)

  9. Lunch (12:15)

  10. Discussion of first chartered deliverable (13:15)

    A Working Group Note that documents the use cases and scenarios that th egroup elects to address, and the assumptions that it will make. The Working Group will use this document to establish the scope of its Recommendation-track deliverables.

    Break at 15:15.

Recess: 17:30.

Wednesday, 15 November 2006

  1. Breakfast (08:30)

  2. Ageda bashing for day 2 (09:00)

  3. Discussion of second chartered deliverable (9:15)

    A W3C Recommendation that specifies a minimal set of security context information to be made accessible to users, and best practices for the usable presentation of this information.

    Break at 10:30.

  4. Lunch (12:00)

  5. Discussion of third chartered deliverable (13:00)

    A W3C Recommendation that specifies techniques that render the presentation of security context information more robust against spoofing attacks. The Group expects to establish two levels of conformance to these techniques: required and recommended. One example of a possible required technique are limitations to scripting capabilities; one example of apossible recommended technique are interactive ceremonies that can help establish a trusted path from the web user agent to the user. An example of an authoring technique that could be proposed as mandatory-to-implement would be the use of TLS when soliciting user credentials.

    Break at 14:30.

  6. Recap of plans, progress, and next steps (16:00)

Recess: 16:30

Thomas Roessler, Team Contact
$Id: f2f1.html,v 1.6 2006/12/19 21:57:22 roessler Exp $