See also: IRC log
<bhill2> any volunteers to scribe today?
I am on the call
I guess I can scribe.
Unless you think someone else should suffer :)
<bsterne> okay, I got in
<gma1> are zakim phone "numbers" listed in order of joining?
<rrware> Zakim: aadd is Ryan Ware (rrware)
<jeffh> so how do i map my ph# to my irc presence?
<bhill2> type: zakim, aaxx is nick
jeffh: find your number in the list and then do "zakim, <four letters> is jeffh"
<rrware> zakim aadd is rrware
<jeffh> which list ?
the "on the phone" list above
<bsterne> Zakim: [Mozilla] is bsterne
<jeffh> dunno what our/my outgoing # is
jeffh, you probably are the 415 or 408?
<bhill2> RESOLVED: minutes approved
can people not hear me?
<bhill2> erk, nope
<jeffh> perhaps 408 unless anyone else is using it, but I was on the call already bephore joining here
<bhill2> hear some typing
bhill2: (per abarth), add
discussion of new refactored proposal between 7 and 8.
... next item is to review tracker.
<bsterne> why can't you guys hear me? hmmm
bhill2: item 3. move from mercurial cvs. Closed because we aren't going to do it.
<jeffh> bsterne going in & out
<jeffh> on audio
<bsterne> going to dial in again :|
<bhill2> brandon, comments on action 4?
bhill2: item 4: repoint all old CSP drafts to new version.
<bsterne> I did that
bhill2: action 10, done.
bsterne-- you're talking about item 4?
<jeffh> what's the uri phor the tracker ?
<bsterne> ekr, yes, that was re: item 4
bhill2: action 23, marked as pending review
I just closed 4.
bhill2: anyone object to closing
23? No objections, closed.
... action 6: will happen soon, you will need to opt-in
... action 8: still open. we have an hg repo and some people have accounts
... please email me if you want to have committer access
<bsterne> yeah, our phone system is failing hard... sorry
bhill2: still working on the server-side story.
abarth: there will be some work to get the first tests working, but then once it's working, I will have a pile of tests to add. is there a sample test that I could start from and modify
gopal: yeah, I'll see what I can do.
abarth: just need a first test that shows a denial or whatever. Once that works, it should be pretty easy to scale that up.
<scribe> ACTION: gopal to set up mercurial repo for tests and get a simple test for Adam [recorded in http://www.w3.org/2011/11/22-webappsec-minutes.html#action01]
<trackbot> Created ACTION-26 - Set up mercurial repo for tests and get a simple test for Adam [on Gopal Raghavan - due 2011-11-29].
bhill2: the spec has already gone
out, but we should defer liasing until we have hit FPWD.
... and defer this till next week
... [the above was for action 24, widgets activity]
... my closed actions: action 1, done.
brad was going real fast. Check the list.
bhill2: for action 25, IE hasn't implemented it yet but doesn't have a strong opinion about inclusion
bsterne: action 14 can be closed as well. abarth and I took care of it week of tpac
abarth: action 9, didn't do it.
Please move the deadline to a week from today.
... action 12. this is done, and it's in the experimental.html document
I didn't do this b/c I wasn't sure exactly what we wanted. Need
to discuss on the mailing list.
... propose we turn this action into an issue and then resolve.
<bhill2> ISSUE: identify proper behavior for html added via plubins / object tag
<trackbot> Created ISSUE-8 - Identify proper behavior for html added via plubins / object tag ; please complete additional details at http://www.w3.org/2011/webappsec/track/issues/8/edit .
abarth: action 24. I did an
implementation but no language.
... please push it out one week
<bhill2> anne, you reading this?
bhill2: email from Anne.
Executive summary--just need editorial work and also some stuff
pending on httpbis
... we had a call for consensus last week about approving fpwd.
... had some editorial notes.
abarth, bsterne: I haven't looked at them in detail
bhill2: can you spend an hour on
them before we accept
... I think it's just editorial housekeeping stuff.
bsterne: most of this has to do with the respec(?) I can take a look and make the minor edits
bhill2: other issue is more
substantive--the sanbox directive
... do we want to do it now, wait for fpwd, or wait for 1.1
... might be appropriate to put it in 1.0 with a [OPEN ISSUE] tag where we might remove it pre-CR
bsterne: jacob didn't sound religiously opposed to having it wait for 1.1
abarth: this isn't a blocker, we're going to rev the draft anyway
ekr: Maybe have an empty issue paragraph that just says "this is where sandbox would go"
bsterne: do we have consent to progress the draft after I get email from brandon about the respec issues
sorry, that was bhill2
RESOLUTION: we will accept document as FPWD as soon as we get ok from brandon about edits being made
bsterne: will do that in the next day or two
<bhill2> RESOLVED: promote CSP to FPWD on Brandon's OK pending resolution of Robin Berjoin's comments
bhill2: new agenda
... if both editors agree, then we should go ahead.
abarth: this meshes better with HTML5
bhill2: this is prerogative of
... go ahead with that as gthe experimental doc?
RESOLUTION: start with the "experimental revision" http://dvcs.w3.org/hg/content-security-policy/raw-le/tip/experimental.html as the current editor's draft
[discussion between abarth and bsterne about version cntrol issues]
bhill2: is this a start from the ground reorg, or can you plausibly read the diffs
abarth: the diff probably is not helpful
sterne: two browser windows worked ok for me
bhill2: next item on agenda is
... I talked to gopal at tpac and he expressed interest in leading the activity
... do you have a preference for which spec to start with
... objections to Gopal working in that role
... gopal, would you like help? preference for spec
gopal: we were discussing cors. Want to set up the test suite and then get started with cors
abarth: just sent email with thing for example tests
bhill2: anyone want to take lead
on csp testing?
... I'm happy to take the first cut.
... don't think submitting test cases violates chair's neutrality
gopal: who is the contact person for test suite
bhill2: mike(TM) and the opera
person who's name I don't remember
... mike has been setting up the repo so far
... started working on the security wiki for anti-clickjacking.
... ideas: screenshot comparison, protected UI element?
... will write that up and send a more detailed description
... any comments on that immediately?
... do we want to go over issues list?
abarth: my preference would be to
look at issues list and come up with one or two issues to focus
... thing to start with is issue 4 and ... [?]
... issue 8
bhill2: we have identified issue 4 and 8 to discuss on the mailing list
<scribe> ACTION: abarth to start discussion on issue 8 next week [recorded in http://www.w3.org/2011/11/22-webappsec-minutes.html#action02]
<trackbot> Created ACTION-27 - Start discussion on issue 8 next week [on Adam Barth - due 2011-11-29].
<scribe> ACTION: abarth to start discussion on issue 4 next week [recorded in http://www.w3.org/2011/11/22-webappsec-minutes.html#action03]
<trackbot> Created ACTION-28 - Start discussion on issue 4 next week [on Adam Barth - due 2011-11-29].
bhill2: further business?
<bsterne> nice, tidy meeting, bhill2
zakim lista ttendees
zakim list attendees
RRSAgent set logs public-visible
This is scribe.perl Revision: 1.136 of Date: 2011/05/12 12:01:43 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) No ScribeNick specified. Guessing ScribeNick: ekr Inferring Scribes: ekr WARNING: No "Topic:" lines found. Default Present: +1.650.648.aaaa, +1.206.245.aabb, +1.650.678.aacc, [Mozilla], +1.503.712.aadd, bhill2, +1.866.317.aaee, ekr, +1.415.596.aaff, abarth, +1.978.944.aagg, gma1, Bjorn_Bringert, Satish_Sampath, rrware, +1.408.320.aahh, +1.408.234.aaii, [IPcaller] Present: +1.650.648.aaaa +1.206.245.aabb +1.650.678.aacc [Mozilla] +1.503.712.aadd bhill2 +1.866.317.aaee ekr +1.415.596.aaff abarth +1.978.944.aagg gma1 Bjorn_Bringert Satish_Sampath rrware +1.408.320.aahh +1.408.234.aaii [IPcaller] Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2011Nov/0023.html Got date from IRC log name: 22 Nov 2011 Guessing minutes URL: http://www.w3.org/2011/11/22-webappsec-minutes.html People with action items: abarth gopal WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report[End of scribe.perl diagnostic output]