See also: IRC log
jo: comments from open web apps security project, francois?
francois: they do have some best
practices in this area, and have made some suggestions as to
changes to the document
... not sure anything that is mobile specific, therefore
probably out of scope
francois: proposed response via link above, any other views on this?
<EdC> Perhaps include the document in the list of references ?
adam: I agree with your response, wasn't sure whether we should link to or reference their document
francois: yes, it could be a good
reference, not sure what this project is about, they are not
really focussed on mobile
... so I suggest we emphasize that security is important
adam: our one remaining bp is not of itself specifically mobile
francois: think it is a bit more sensitive on mobile
<EdC> OK, another view are to consider BP that are not mobile specific, but become particularly relevant in a mobile context.
adam: OK, I did add in the mobile
bit, and we did remove some others
... ideally we would drop this section, but if that is too much
upheaval at this stage then your response is good
edc: best practices can be valid for both fixed and mobile but have a specific relevance to mobile
francois: yes that's why this one
remains
... we should refrain from adding or removing best practices at
the moment, there is a mobile twist to the one that remains
jo: don't want to make substantive changes at this point, not sure if adding a reference is an informative change
francois: this could just be a link to some examples to avoid making substantive reference change
<EdC> What is the status or relevance of the Open Web Application Security Project ? Established ? Any normative / standards production ?
jo: how about we resolve partial to this substantive comment and say we will make a non normative reference to some examples of security best practices?
<francois> PROPOSED RESOLUTION: ref. LC-2412, mark as substantive and resolve partial, pointing out that listing best practices that are not specific to mobile is out of scope of this document. Update the intro text to emphasize that all "desktop" security measures are applicable to the "mobile" context and that the best practice listed in this section is called out because of its specific mobile twist. Add wording along the lines of "example of such regular security best practices may be found at" with a reference to OWASP.
+1
<EdC> that all "desktop" security measures are applicable to the "mobile" context - not necessarily, perhaps replace all by most.
francois: I think that we should follow Kai's comment on the member list namely that we don't have the expertise, but that we'd want to emphasize the point in a future version of spec
<francois> PROPOSED RESOLUTION: ref. LC-2412, mark as substantive and resolve partial, pointing out that we don't have the expertise to select best practices related to security in this working group and that we focused on the most obvious one that was more particularly relevant to mobile. Future version of best practices should probably include more detailed security related best practices. Update the intro text to emphasize that all "desktop" security measures are
<francois> applicable to the "mobile" context and that the best practice listed in this section is called out because of its specific mobile twist. Add wording along the lines of "example of such regular security best practices may be found at" with a reference to OWASP.
<francois> PROPOSED RESOLUTION: ref. LC-2412, mark as substantive and resolve partial, pointing out that we don't have the expertise to select best practices related to security in this working group and that we focused on the most obvious one that was more particularly relevant to mobile. Future version of best practices should probably include more detailed security related best practices. Update the intro text to emphasize that most "desktop" security measures are applicable to the "mobile" context and that the best practice listed in this section is called out because of its specific mobile twist. Add wording along the lines of "example of such regular security best practices may be found at" with a reference to OWASP.
<francois> +1
<adam> +1
<EdC> +1
+1
<SeanP> +1
RESOLUTION: ref. LC-2412, mark as substantive and resolve partial, pointing out that we don't have the expertise to select best practices related to security in this working group and that we focused on the most obvious one that was more particularly relevant to mobile. Future version of best practices should probably include more detailed security related best practices. Update the intro text to emphasize that most "desktop" security measures are applicable to the "mobile" context and that the best practice listed in this section is called out because of its specific mobile twist. Add wording along the lines of "example of such regular security best practices may be found at" with a reference to OWASP.
<scribe> ACTION: Adam to circulate the proposed text ref LC-2412 to list [recorded in http://www.w3.org/2010/08/24-bpwg-minutes.html#action01]
<trackbot> Created ACTION-1063 - Circulate the proposed text ref LC-2412 to list [on Adam Connors - due 2010-08-31].
<francois> PROPOSED RESOLUTION: ref. LC-2414, mark as editorial and resolve partial. Add a reference to assistive technology and voice controlled applications as examples of other types of possible interaction methods.
<EdC> +1
<adam> +1
<francois> +1
francois: other interaction methods do exist so we should point out as an editorial change that such other interaction methods, e.g. assistive input, do exist and that other methods can be expected to continue to arise
adam: are there any APIs for voice control
francois: not as such
jo: so we should elaborate the bit on other as-yet-undreamt-of interaction methods arising
<francois> PROPOSED RESOLUTION: ref. LC-2414, mark as editorial and resolve partial. Add a reference to assistive technology and voice controlled applications as examples of other types of possible interaction methods, noting that new interaction methods are likely to emerge in the future.
<adam> +1
<EdC> +1
+1
<francois> +1
<SeanP> +1
RESOLUTION: ref. LC-2414, mark as editorial and resolve partial. Add a reference to assistive technology and voice controlled applications as examples of other types of possible interaction methods, noting that new interaction methods are likely to emerge in the future.
<scribe> ACTION: adam to circulate proposed text on LC-2414 [recorded in http://www.w3.org/2010/08/24-bpwg-minutes.html#action02]
<trackbot> Created ACTION-1064 - Circulate proposed text on LC-2414 [on Adam Connors - due 2010-08-31].
<EdC> does "For mobile web applications that allow creation of web content," apply to user-generated content, or is it something else?
jo: so maybe a note saying that there is non specifically mobile best practice to be followed here - for example see (cited references)
<francois> PROPOSED RESOLUTION: ref LC-2416, mark as editorial and resolve partial. Add wording along the lines of "Other guidelines and best practices are available. For instance, WCAG2.0". Do not reference ATAG as it's for authoring tools implementers and not Web developers.
<EdC> +1
+1
<francois> +1
<adam> +1
<SeanP> +1
RESOLUTION: ref LC-2416, mark as editorial and resolve partial. Add wording along the lines of "Other guidelines and best practices are available. For instance, WCAG2.0". Do not reference ATAG as it's for authoring tools implementers and not Web developers.
<EdC> The e.g. in the original text allows the utilization of other measurement units such as em, ex (in CSS)...
<scribe> ACTION: Adam to enact LC-2416 [recorded in http://www.w3.org/2010/08/24-bpwg-minutes.html#action03]
<trackbot> Created ACTION-1065 - Enact LC-2416 [on Adam Connors - due 2010-08-31].
<francois> PROPOSED RESOLUTION: ref LC-2415, mark as editorial and resolve yes. Replace 30px by physical size of a fingertip.
<adam> +1
+1
<EdC> +1
<francois> +1
<SeanP> +1
RESOLUTION: ref LC-2415, mark as editorial and resolve yes. Replace 30px by physical size of a fingertip.
<scribe> ACTION: adam to enact LC-2415 [recorded in http://www.w3.org/2010/08/24-bpwg-minutes.html#action04]
<trackbot> Created ACTION-1066 - Enact LC-2415 [on Adam Connors - due 2010-08-31].
francois: (discussion of proposed resolution)
<francois> PROPOSED RESOLUTION: ref. 2413, mark as editorial and resolve partial. Update the text to read "The browser focus jumps from element to element". Leave the example "from link to link" in 3.5.3.2 intact though as it's a good example of mobile browser behavior.
<adam> +1
+1
<francois> +1
<EdC> +1
RESOLUTION: ref. 2413, mark as editorial and resolve partial. Update the text to read "The browser focus jumps from element to element". Leave the example "from link to link" in 3.5.3.2 intact though as it's a good example of mobile browser behavior.
<SeanP> +1
<scribe> ACTION: adam to enact resolution on LC-2413 [recorded in http://www.w3.org/2010/08/24-bpwg-minutes.html#action05]
<trackbot> Created ACTION-1067 - Enact resolution on LC-2413 [on Adam Connors - due 2010-08-31].
<EdC> Unfortunately, sms and smsto are both very widespread...
francois: implementations seem to vary widely from device to device and so this would be hard to recommend
adam: would be useful for developers to know about
francois: but not a good example today of "other uri schemes" since it may not work
adam: more useful to put in with a health warning than to leave it out
francois: OK
<francois> PROPOSED RESOLUTION: ref LC-2407, mark as editorial and resolve yes. Mention the sms URI scheme with a link to the appropriate RFC with a warning that implementation vary very widely.
<adam> +1
<EdC> .. and that other schemes serve the same purpose e.g. smsto:
<EdC> +1
+1
<francois> +1
<SeanP> +1
RESOLUTION: ref LC-2407, mark as editorial and resolve yes. Mention the sms URI scheme with a link to the appropriate RFC with a warning that implementation vary very widely.
<scribe> ACTION: Adam to enact resolution to LC-2407 [recorded in http://www.w3.org/2010/08/24-bpwg-minutes.html#action06]
<trackbot> Created ACTION-1068 - Enact resolution to LC-2407 [on Adam Connors - due 2010-08-31].
<EdC> OK with me.
edc: it doesn't have to be strictly decorative, for example sprited stars with rankings in may be used to convey information
jo: and that's OK as long as the alt text is adjusted to reflect the information content
<SeanP> You may want to removet the "background images" text from Francois' resolution since you can't put alt text on background images (I don't think)
<EdC> Basically - if decorative, no problem. If informational, remind developer that alt="..." become impossible, then some other alternative must be envisioned (such as explicit text in the page).
PROPOSED RESOLUTION: ref LC-2408 resolve as editorial and partial, add a reminder that informational images really require an alt= on them
PROPOSED RESOLUTION: ref LC-2408 resolve as editorial and partial, add a reminder that informational image require alternative text (whereas decorative images don't)
<francois> +1
<EdC> +1
+1
<SeanP> +1
RESOLUTION: ref LC-2408 resolve as editorial and partial, add a reminder that informational image require alternative text (whereas decorative images don't)
<adam> +1
<scribe> ACTION: adam to enact resolution to LC-2408 [recorded in http://www.w3.org/2010/08/24-bpwg-minutes.html#action07]
<trackbot> Created ACTION-1069 - Enact resolution to LC-2408 [on Adam Connors - due 2010-08-31].
francois: we are still in need of
a couple of extra implementation reports, in any case once the
changes are made let's push the document forward
... it would be better to have only green status on them
jo: still need implementation reports
<EdC> Problem is that people with action points to inquire about implementation reports are not present today...
francois: we haven't received anything from anyone
seanp: this has been escalated in
my organisation
... should know next week
francois: we need to move forward
mid-September
... as the PR stage must last 4 weeks at a minimum
jo: so the drop dead date for implementation reports is then
<EdC> Yes - when will the gateway be in order?
francois: this is being "actively" investigated
jo: can I recommend an alternative VOIP provider
francois: yes
... I will forward the message to them?
This is scribe.perl Revision: 1.135 of Date: 2009/03/02 03:52:20 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/adma/adam/ Succeeded: s/chage/change/ Succeeded: s/gedit// Succeeded: s/as yet undreamt of/as-yet-undreamt-of/ FAILED: s/[15:09] member:EdC: +1// Succeeded: s/stars/sprited stars/ Found Scribe: Jo Inferring ScribeNick: jo Default Present: +44.203.141.aaaa, +33.4.50.68.aabb, francois, +1.404.978.aacc, adam, +41.31.972.aadd, EdC, jo, +1.630.414.aaee, SeanP Present: +44.203.141.aaaa +33.4.50.68.aabb francois +1.404.978.aacc adam +41.31.972.aadd EdC jo +1.630.414.aaee SeanP Regrets: kai yeliz miguel Agenda: http://lists.w3.org/Archives/Public/public-bpwg/2010Aug/0002.html Found Date: 24 Aug 2010 Guessing minutes URL: http://www.w3.org/2010/08/24-bpwg-minutes.html People with action items: adam[End of scribe.perl diagnostic output]