<scribe> SCRIBE: ekr
Date: 22 Nov 2011
<bhill2> RESOLVED: minutes approved
bhill2: (per abarth), add discussion of new refactored proposal between 7 and 8.
... next item is to review tracker.
<bsterne> why can't you guys hear me? hmmm
bhill2: item 3. move from mercurial cvs. Closed because we aren't going to do it.
<jeffh> bsterne going in & out
<jeffh> on audio
<bsterne> going to dial in again :|
<bhill2> brandon, comments on action 4?
bhill2: item 4: repoint all old CSP drafts to new version.
<bsterne> I did that
bhill2: action 10, done.
bsterne-- you're talking about item 4?
<jeffh> what's the uri phor the tracker ?
<bsterne> ekr, yes, that was re: item 4
bhill2: action 23, marked as pending review
I just closed 4.
bhill2: anyone object to closing 23? No objections, closed.
... action 6: will happen soon, you will need to opt-in
... action 8: still open. we have an hg repo and some people have accounts
... please email me if you want to have committer access
<bsterne> yeah, our phone system is failing hard... sorry
bhill2: still working on the server-side story.
abarth: there will be some work to get the first tests working, but then once it's working, I will have a pile of tests to add. is there a sample test that I could start from and modify
gopal: yeah, I'll see what I can do.
abarth: just need a first test that shows a denial or whatever. Once that works, it should be pretty easy to scale that up.
<scribe> ACTION: gopal to set up mercurial repo for tests and get a simple test for Adam [recorded in http://www.w3.org/2011/11/22-webappsec-minutes.html#action01]
<trackbot> Created ACTION-26 - Set up mercurial repo for tests and get a simple test for Adam [on Gopal Raghavan - due 2011-11-29].
bhill2: the spec has already gone out, but we should defer liasing until we have hit FPWD.
... and defer this till next week
... [the above was for action 24, widgets activity]
... my closed actions: action 1, done.
brad was going real fast. Check the list.
bhill2: for action 25, IE hasn't implemented it yet but doesn't have a strong opinion about inclusion
bsterne: action 14 can be closed as well. abarth and I took care of it week of tpac
abarth: action 9, didn't do it. Please move the deadline to a week from today.
... action 12. this is done, and it's in the experimental.html document
abarth: ACTION: I didn't do this b/c I wasn't sure exactly what we wanted. Need to discuss on the mailing list.
... propose we turn this action into an issue and then resolve.
<bhill2> ISSUE: identify proper behavior for html added via plubins / object tag
<trackbot> Created ISSUE-8 - Identify proper behavior for html added via plubins / object tag ; please complete additional details at http://www.w3.org/2011/webappsec/track/issues/8/edit .
abarth: action 24. I did an implementation but no language.
... please push it out one week
<bhill2> anne, you reading this?
bhill2: email from Anne. Executive summary--just need editorial work and also some stuff pending on httpbis
... we had a call for consensus last week about approving fpwd.
... had some editorial notes.
abarth, bsterne: I haven't looked at them in detail
bhill2: can you spend an hour on them before we accept
... I think it's just editorial housekeeping stuff.
bsterne: most of this has to do with the respec(?) I can take a look and make the minor edits
bhill2: other issue is more substantive--the sanbox directive
... do we want to do it now, wait for fpwd, or wait for 1.1
... might be appropriate to put it in 1.0 with a [OPEN ISSUE] tag where we might remove it pre-CR
bsterne: jacob didn't sound religiously opposed to having it wait for 1.1
abarth: this isn't a blocker, we're going to rev the draft anyway
ekr: Maybe have an empty issue paragraph that just says "this is where sandbox would go"
bsterne: do we have consent to progress the draft after I get email from brandon about the respec issues
sorry, that was bhill2
RESOLUTION: we will accept document as FPWD as soon as we get ok from brandon about edits being made
bsterne: will do that in the next day or two
<bhill2> RESOLVED: promote CSP to FPWD on Brandon's OK pending resolution of Robin Berjoin's comments
bhill2: new agenda item--experimental draft?
... if both editors agree, then we should go ahead.
abarth: this meshes better with HTML5
bhill2: this is prerogative of the editors
... go ahead with that as gthe experimental doc?
RESOLUTION: start with the "experimental revision" http://dvcs.w3.org/hg/content-security-policy/raw-le/tip/experimental.html as the current editor's draft
[discussion between abarth and bsterne about version cntrol issues]
bhill2: is this a start from the ground reorg, or can you plausibly read the diffs
abarth: the diff probably is not helpful
sterne: two browser windows worked ok for me
bhill2: next item on agenda is testing activity
... I talked to gopal at tpac and he expressed interest in leading the activity
... do you have a preference for which spec to start with
... objections to Gopal working in that role
... gopal, would you like help? preference for spec
gopal: we were discussing cors. Want to set up the test suite and then get started with cors
abarth: just sent email with thing for example tests
bhill2: anyone want to take lead on csp testing?
... I'm happy to take the first cut.
... don't think submitting test cases violates chair's neutrality
gopal: who is the contact person for test suite
bhill2: mike(TM) and the opera person who's name I don't remember
... mike has been setting up the repo so far
bhill2: started working on the security wiki for anti-clickjacking.
... ideas: screenshot comparison, protected UI element?
... will write that up and send a more detailed description
... any comments on that immediately?
... do we want to go over issues list?
abarth: my preference would be to look at issues list and come up with one or two issues to focus o
... thing to start with is issue 4 and ... [?]
... issue 8
bhill2: we have identified issue 4 and 8 to discuss on the mailing list
<scribe> ACTION: abarth to start discussion on issue 8 next week [recorded in http://www.w3.org/2011/11/22-webappsec-minutes.html#action02]
<trackbot> Created ACTION-27 - Start discussion on issue 8 next week [on Adam Barth - due 2011-11-29].
<scribe> ACTION: abarth to start discussion on issue 4 next week [recorded in http://www.w3.org/2011/11/22-webappsec-minutes.html#action03]
<trackbot> Created ACTION-28 - Start discussion on issue 4 next week [on Adam Barth - due 2011-11-29].
bhill2: further business?
<bsterne> nice, tidy meeting, bhill2
zakim lista ttendees
zakim list attendees
RRSAgent set logs public-visible