See also: IRC log
<tanvi> yes, I figured you wouldn't Zakim
<bhill> :)
i think it was the "and"
<bhill> +present ekr
<bhill> hmm... that doesn't work either
there u go
<mkwst> Trying to get in. Zakim doesnt like me. :/
<jimio> ^^ 508.574 is me... jim o'leary from twitter
<abarth> Hi
I got scribe
bhill: hearing no objections,
minutes sent to list yesterday are approved
... agenda bash....? no updates to agenda.
<bhill> CORS test status: http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0098.html
bhill: CORS test status
<not hearing Odin nor Gopal>
bhill steps into breech
bhill: recounts test rates;
search email archives for this group and find link for an
oracle vbox VM that contains test environment
... need to have test suite fully approved to go to next
maturity level
... thinks we need to goto candidate rec, then goto proposed
rec
gopal: there's some discrepancy between tests i've run and ones on w3 test server..... concerned about not getting complete test coverage....
bhill: followup with Mike Smith on w3 test servers?
<bhill> ACTION gopal to follow up with Mike Smith at w3c on test server config, re: Options headers, etc.
<trackbot> Created ACTION-101 - Follow up with Mike Smith at w3c on test server config, re: Options headers, etc. [on Gopal Raghavan - due 2012-12-11].
<bhill> http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0072.html
<abarth> Yay
bhill: wrt CfC on advancing CORS to candidate rcmd --- any objections? -- hearing none, we will advance CORS
<bhill> no objections to CORS advancing
<bhill> RESOLVED: Advance Cross-Origin Resource Sharing to Candidate Recommendation
<applause, cheers>
<bhill> http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0112.html
bhill: CfC on new charter
... members should do be prepared to make IPR commitments wrt
new deliverables in new charter, discuss with IPR counsel as
approp, eg SubResource Integrity, hence keeping this CfC open
until mid-Jan
... any objections to canceling first meeting in Jan, and
instead having first 2013 meeting be 15-Jan (and be deadline
for charter CfC)? didn't hear any objections, so be it
<mkwst> ugh.
<bhill> http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0105.html
bhill: the sub resource integrity work (SRI) will most likely invent various new HTML attrs that will need to be mapped to various HTML tags and so will need HTML WG liaison, we're missing the HTML5 train, but can likely get on the next revision train
next topic: DOM Event on CSP violation
(did we skip CfC: CSP 1.1 to FPWD ?)
<bhill> whoops - yes!
mkwst: < recounts basic idea
>
... folks more or less agee it seems about having a DOM event
for violations, there's various subtle issues, and whether info
is included in reports
<abresee> Not me
<jimio> me :)
jimio -- see http://www.w3.org/2011/webappsec/track/issues/open
<mkwst> jeffh: jimio.
heh
jimio: recounts how using CSP stuff
abarth: wrt goog's experimentation, if csp violations xlated to dom events, easier to capture to reports (? scribed correctly?)
who was that?
mkwst: some implr's think if get
info via dom event, then can send it to subsys that already
understands dom evnts, rather than custom code parsing of csp
policy violations themselves
... would be happy to impl as a "csp event" on doc object,
rather than overload dom evnt
abarth: write it up as strawman?
mkwst: will take that action and work with dveditz
<bhill> ACTION mkwst to write up strawman for event on violation of CSP, coordinate w/dveditz
<trackbot> Sorry, couldn't find mkwst. You can review and register nicknames at <http://www.w3.org/2011/webappsec/track/users>.
<mkwst> mwest2
<bhill> ACTION mwest2 to write up strawman for event on violation of CSP, coordinate w/dveditz
<trackbot> Created ACTION-102 - Write up strawman for event on violation of CSP, coordinate w/dveditz [on Mike West - due 2012-12-11].
CfC: CSP 1.1 to FPWD
bhill: any objections to advancing CSP 1.1 to FPWD ? hearing none, so be it
<bhill> RESOLVED: Advance CSP 1.1 to First Public Working Draft
<applause, cheers>
<bhill> http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0096.html
UI Obstruction check
bhill: raised by one Fred
Andrews
... is this an actual concern as described?
< several folks>: short answer: yes
bhill: continues reading the mail msg
<gioma1> http://www.w3.org/TR/UISafety/#unsafe-attribute-for-the-uievent-interface
bhill: have tried to not have any user interactions in that spec for various reasons -- is this just a "recognized hazard" we should provide advice about in the spec? <no answer>
<dveditz> echo echo
<dveditz> whoever just joined or unmuted please fix it
bhill: I'll take action to try to answer this;
<dveditz> someone dropped bhill into a subway tunnel
<bhill> ACTION bhill2 to follow up on http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0096.html and solicit new proposals, suggest unsafe attribute
<trackbot> Created ACTION-103 - Follow up on http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0096.html and solicit new proposals, suggest unsafe attribute [on Brad Hill - due 2012-12-11].
dveditz: do we put the manhole cover back on now?
<bhill> http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0100.html
A11y review for anti-clickjacking
A11y apparently means: ?
<ekr> Accessibility
<mkwst> accessibility
<ekr> sunday...sunday...sunday....
<mkwst> s4y
bhill: < recounts concerns, in echo chamber>
<dveditz> now it's more like the PA at the stadium
<ekr> w3c....c...c...c...
<tanvi> please everyone mute
bhill: <poses long question>
<dveditz> yay
<dveditz> thx
<mkwst> I'm muted, but I'll reconnect. sorry.
bhill: if i have accessiblity tech added to UI Safety directive, need way to turn that (?) off in case the accessbility stuff messes things up (?)
<dveditz> it's fine now
<mkwst> voip is hard. :/
<dveditz> mkwst
abarth: need to check with folks who know about this. in chrome it's done via the extension system
<dveditz> mkwst: I've found sometimes with Skype if I mute in the headset I can still get echo and instead I need to mute using skype itself
abarth: UI team needs to be invoved in chrome world
<dveditz> the application is adding noise all on its own (feedback?)
bhill: would like to get info from them about this
abarth: suspect that accsbility tools have their own UI, but need to check on it
<bhill> ACTION abarth to follow up with Goog A11Y and UI teams on disabling browser features (UISafety obstruction check) for A11Y compatibility
<trackbot> Created ACTION-104 - Follow up with Goog A11Y and UI teams on disabling browser features (UISafety obstruction check) for A11Y compatibility [on Adam Barth - due 2012-12-11].
Review of open actions / issues in tracker
http://www.w3.org/2011/webappsec/track/issues/open
bhill: haven't transcribed info from TPAC as yet, so suggest we adjourn and punt this till next time once the most esteemed chair can catch up
any obj to adjourn?
mkwst: great that implmentrs such as twitter here -- v. interested to hear from them wrt issues with impl'g and deploying this
jimio: top 10 blocked url's have been chrome extensions it turns out
abarth: have noted that, it should be getting better soon
<abresee> Thank you
bhill: ok, call/meeting adjourned
This is scribe.perl Revision: 1.137 of Date: 2012/09/20 20:19:01 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) No ScribeNick specified. Guessing ScribeNick: jeffh Inferring Scribes: jeffh WARNING: No "Topic:" lines found. Default Present: +1.801.701.aaaa, +1.866.317.aabb, bhill, jeffh, ekr, abarth, imelven, tanvi, gioma1, +1.508.574.aacc, jimio, mkwst, +1.978.944.aadd, gopal, abresee, +1.503.712.aaee, rware, dveditz Present: +1.801.701.aaaa +1.866.317.aabb bhill jeffh ekr abarth imelven tanvi gioma1 +1.508.574.aacc jimio mkwst +1.978.944.aadd gopal abresee +1.503.712.aaee rware dveditz Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2012Dec/0006.html Got date from IRC log name: 04 Dec 2012 Guessing minutes URL: http://www.w3.org/2012/12/04-webappsec-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report[End of scribe.perl diagnostic output]