See also: IRC log
<tlr> http://lists.w3.org/Archives/Member/member-wsc-wg/2006Nov/0017.html
<tlr> RESOLVED: Previous meeting's minutes accepted, see http://www.w3.org/2006/12/19-wsc-minutes
<tlr> approved as proposed in agenda
<Mez> http://www.w3.org/2006/WSC/wiki/GoalsNonGoals
scribe: (the url where Phil drafted goals and non-goals)
<Mez> http://www.w3.org/2006/WSC/wiki/NoteGoals
<Mez> http://www.w3.org/2006/WSC/wiki/NoteNonGoals
mez: does the note section include all goals and non-goals?
tyler: I haven't updated it
mez: let's talk about goals/non-goals, starting with the goals the Phil drafted followed by the note index goals
<tlr> http://www.w3.org/2006/WSC/wiki/GoalsNonGoals
<tlr> http://www.w3.org/2006/WSC/wiki/NoteGoals
mez: anything else about the goals at this stage?
tlr: the one goal I'm concerned about is the way the best practice one is phrased
mez: I agree with Thomas, we haven't gotten around to it before the meeting, how do other forms of communication fit
scribe: tlr asks this be put in the wiki
tlr: how other forms of communication are used for security context information
mez: any other commentary on goals and non-goals?
<tlr> ACTION: zurko to propose re-wording of "Best Practices Recommendation for Site-to-User Communication" text in NoteGoals, post to list [recorded in http://www.w3.org/2007/01/02-wsc-minutes.html#action01]
<trackbot> Created ACTION-61 - Propose re-wording of \"Best Practices Recommendation for Site-to-User Communication\" text in NoteGoals, post to list [on Mary Ellen Zurko - due 2007-01-09].
hal: I posted on ACTION-56, an attempt to start
a thread about a standard way of presenting the results of unspecified
protocols
... I'm satisfied with the last item on this page covering what I meant by
this action
<tlr> I think Hal is speaking about this: http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com
hal: my feeling is the last item on this page
is something I'd like to see in the scope, I don't think we are missing
anything
... browsers may use algorithms that make use of historical information
... while we don't want to specify how they do this, we may want to say what
they display given the security info they want to display
action-56 http://www.w3.org/2006/WSC/Group/track/actions/56
hal: there should be a standardized indicator to indicate an unstandard protocol
tlr: the discussion we had last time might say
people wouldn't read this
... maybe we should pull your message into the text for the particular
goal
mez: the note and the recommendation are two different things
hal: just to clarify, we have four bullets followed by four sections, my understanding is we eventually want nothing but titles and text
Action-56 will extend into a drafting of this section for the note
<tlr> ACTION: hal to re-draft "Recommendation for Consistent Presentation of Security Information" to reflect discussion about http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com [recorded in http://www.w3.org/2007/01/02-wsc-minutes.html#action02]
<trackbot> Created ACTION-62 - Re-draft \"Recommendation for Consistent Presentation of Security Information\" to reflect discussion about http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com [on Hal Lockhart - due 2007-01-09].
mez: anymore commentary on the
goals/non-goals
... phil can you merge the two pages on the wiki for goals/non-goals on the
wiki
<tlr> ACTION: Hallam-Baker to merge the Goals and Non-Goals related Wiki items into English text. [recorded in http://www.w3.org/2007/01/02-wsc-minutes.html#action03]
<trackbot> Created ACTION-63 - Merge the Goals and Non-Goals related Wiki items into English text. [on Phillip Hallam-Baker - due 2007-01-09].
<tlr> ACTION-56 to be closed.
mez suggests we continue and talk about the non-goals section
mez: anyone want to add any non-goals?
hal: Do we need to specifically say cryptographic algorithm?
mez: algorithms can be used to combine security
context info the user
... how far do you want to take the meaning of algorithm?
hal: i thought there was a discussion about browsers using various history information to make decisions about pages "risk-assessment"
<tlr> tlr: out of scope or non-goal?
<tlr> hal: out of scope, oops
tlr: is the a non-goal or is it out-of-scope?
mez: out of scope
phil: the thing about the non-goals, it's
technically an infinite list
... i wanted to focus on things that might come up and we might want to rely
on, but things we won't do ourselves
mez: phil is there a place in non-goals that should point to a list of prior work
phil: it's things that people might think are goals but aren't
mez: really good guidance, we should stay
sensitive to this
... anything else for the current version
tim: I suggest we say that educating users is a
non-goal
... i think that we're going to empower users but i don't think we'll be
successful in saying we'll educate users or increase their level of
understanding
mez: i think that's a good point. At one time
we had a talk about the difference between users learning and understanding
things
... and it's not necessarily in our charter
tlr: If this was a goal, what would we not be doing. I'm having a hard time seeing what educating users would look like as a goal
mez: a pro-active campaign to educate users
tim: example, we're not going to go take out ads on city busses
tlr: I'm not saying we should take bus ads, but I don't think we need to say this explicitly as a non-goal
tyler: does this include short tutorials to show how an anti-phishing toolbar is used
tim: i agree with mez. I was trying to say that
we shouldn't be construed as a group the is trying to educate the world on
how to use the web securely
... I wasn't sure how to answer tyler's question, about whether we should
condone or not the various help for tools
... I didn't think this group would go out and publish a user's guide for
tools
tyler: I just wanted to see if there was a dividing line on these two
tlr: I would like to keep the note focused
... what tyler mentioned strikes me as a non-goal of our group
... maybe we shouldn't say at this point that we won't be doing outreach
... how do we distinguish outreach to users and outreach to developers
phil: i agree with tlr, our results may be different than what we might expect, anti-phishing working groups have done outreach to users. If they want to promote our work and we're collaborating with them and we find ourselves with funding, then where does the line fall for what we're doing and not doing. Maybe this shouldn't be a non-goal
tlr: I think we're saying this note isn't about what types of communication efforts will be made
<Tyler> I like TLR's distinction of non-goals of the Recommendation versus non-goals of the group. I think the Note should contain *only* non-goals for the Recommendation
<tlr> tyler, +1
mez: i expect something about user education in the design principles or assumptions section
<tlr> maritza, mind minuting yourself? ;)
mez asked maritza if she included anything about user education in design principles
maritza: I haven't written anything specifically about user education in the design principles section, but I made a few notes about the results from previous user studies about what users do and do not know
mez: so the note should only contain non-goals
for the recommendation, not non-goals for the group
... that's reasonable. If anything creeps in about user education it should
fall in either design principles or in assumptions
tlr: something about user education would be something about how much is necessary
mez: I'm still drafting the assumptions section
<tlr> ACTION: zurko to make sure role of user education is addressed in assumptions section of note [recorded in http://www.w3.org/2007/01/02-wsc-minutes.html#action04]
<trackbot> Created ACTION-64 - Make sure role of user education is addressed in assumptions section of note [on Mary Ellen Zurko - due 2007-01-09].
mez: the only thing we have left on our agenda is the next meeting Jan 9th, two days before the drafts are due of the note sections
<Zakim> Thomas, you wanted to ask about use cases
mez: don't forget I've asked for examples on the wiki for our recommendation
tlr: I'm wondering if we should be thinking
about mapping the use-cases to the goals section. To see if the things we
have in mind are captured accurately.
... just to ask what we will be doing with the use-cases
tyler: should examples of spoofing be made into
a use-case
... how are these normally described?
<tlr> http://www.w3.org/mid/08CA2245AFCF444DB3AC415E47CC40AF592896@G3W0072.americas.hpqcorp.net
tyler: should things that are considered
attacks be use-cases
... I was going to put them in the section for note problems in the current
interface
tlr: I could see these as useful use-cases
... I would encourage you to write these with this is what we'd like to
happen, this is what happens
hal: I'd like to comment on where the use-cases fall in. We should make sure we get the obvious use cases instead of focusing on the smaller ones
mez: anything left in the next 5 minutes
hal: I'd like to go through workshop proceedings and match these against our in scop out of scope for the recommendations
<tlr> hal: would like to map proposals from workshop to scope / out-of-scope; goals / non-goals
<tlr> workshop -> http://www.w3.org/2005/Security/usability-ws/
hal: I'd like to consider the things people have recommended we do. I think we should say we started with this list of recomendations from other people and after clarifying our goals, we know which are applicable
<tlr> ACTION-27, way overdue, hal reinforces commitment to that
hal: We should clarify who will and will not attend the F2F
<tlr> ACTION: Roessler to add "phone" option to registration form, and fix some responses [recorded in http://www.w3.org/2007/01/02-wsc-minutes.html#action05]
<trackbot> Created ACTION-65 - Add \"phone\" option to registration form, and fix some responses [on Thomas Roessler - due 2007-01-09].
hal: I'm hoping the people who fill out the form will show who will be in CA in person
<tlr> ACTION-65 due on 15 Jan