- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Tue, 25 Mar 2008 08:37:11 -0400
- To: "'Mary Ellen Zurko'" <Mary_Ellen_Zurko@notesdev.ibm.com>, <public-wsc-wg@w3.org>
- Message-ID: <002b01c88e74$f3af94a0$6400a8c0@dschutzer>
I will be late but on the call
_____
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Mary Ellen Zurko
Sent: Tuesday, March 25, 2008 7:58 AM
To: public-wsc-wg@w3.org
Subject: Agenda: WSC WG distributed meeting, Wednesday, 2008-03-26
Web Security Context (WSC) Call Agenda
Calling information:
Wednesday, 26 March 2008
11:00 am - 12:30 pm Eastern time
<http://www.w3.org/2006/WSC/Group/#meetings>
http://www.w3.org/2006/WSC/Group/#meetings
<http://www.w3.org/Guide/1998/08/teleconference-calendar#D20071031>
http://www.w3.org/Guide/1998/08/teleconference-calendar#D20080305
Agenda
1) Pick a scribe
<http://www.w3.org/2006/WSC/Group/cheatsheet#Scribing>
http://www.w3.org/2006/WSC/Group/cheatsheet#Scribing
<http://www.w3.org/2006/WSC/scribes> http://www.w3.org/2006/WSC/scribes
2) Approve minutes from meetings
<http://www.w3.org/2008/02/27-wsc-minutes.html>
http://www.w3.org/2008/03/19-wsc-minutes.html
3) Weekly completed action items
(Usually checkpointed Friday am, US East Coast time)
[pending review] ACTION-387: Phillip Hallam-Baker to Write replacement text
for 5.1.3 - due 2008-02-13
[pending review] ACTION-388: Thomas Roessler to Update definition of 5.1.4 -
due 2008-03-14
[pending review] ACTION-391: Tyler Close to Extract out petnames content,
provide definition independent of section 7 - due 2008-02-22
[pending review] ACTION-393: Thomas Roessler to Draft replacement text for
section 9.1 (trust indicators in content) - due 2008-03-14
[pending review] ACTION-396: Thomas Roessler to Work with tyler to get
wsc-usecases published as note - due 2008-03-05
[pending review] ACTION-399: Ian Fette to Try to craft some text that
revolves around weak/strong signalling - due 2008-03-05
[pending review] ACTION-405: Thomas Roessler to Get johnath to clarify
applicability and description of crossing chrome-content border, or find
other volunteer - due 2008-03-26
[pending review] ACTION-408: Thomas Roessler to Merge ACTION-399 result and
Mez's framework for TLS indicator.
4) Open Action Items
http://lists.w3.org/Archives/Public/public-wsc-wg/2008Mar/0133.html
5) Action items closed due to inactivity
[pending review] ACTION-345: Maritza Johnson to Begin designing lo-fi user
study for Browser Lockdown - due 2008-02-28
6) Agenda bashing
7) Get a version of 6.1 ready for LC-June
http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#IdentitySignal
http://lists.w3.org/Archives/Public/public-wsc-wg/2008Mar/0051.html
The current rewrite took care of a number of issues raised. Here are the
remaining ones with my suggestions on polls for resolutions:
7.1) The recommendation currently takes up screen real estate indicating
lack of an identity (which will be a common state):
User interactions to access this
<http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#def-identity-signal>
identity signal MUST be consistent across all Web interactions facilitated
by the user agent, including interactions during which the Web user agent
has no trustworthy information about the [[identity]]of the Web site that a
user interacts with. In this case, user agents MUST indicate that no
information is available.
Poll -
a) leave as is
b) substitute SHOULDs for both MUSTs
c) remove
7.2) Allow for more understandable identity signals than DNS name
During interactions with a
<http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#def-secure-page>
TLS-secured Web page for which the top-level resource has been retrieved
through a
<http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#def-strong-tls> strongly
TLS-protected interaction that involves an
<http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#def-validated-cert>
validated certificate (including an
<http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#def-augmented-assurance-
cert> augmented assurance certificate), the following applies:
* The identity signal MUST include an applicable DNS name retrieved
from the subject's Common Name attribute or from a subjectAltName extension.
Poll -
a) leave as is
b) change to SHOULD
c) MUST for AA; SHOULD for validated certs in general
d) remove
7.3) Contention on logotypes (current uptake).
For AA certs, currently say:
* For Web user agents that use a visual user interface capable of
displaying bitmap graphics the
<http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#def-identity-signal>
identity signal [[MAY | SHOULD]] include display of a suitable logotype,
selected according to the rules in
<http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-logotypes> 5.1.5
Logotype Certificates.
Poll -
a) SHOULD
b) MAY
c) remove
7.4) ISSUE-137
http://www.w3.org/2006/WSC/track/issues/137
Poll -
a) accept proposal
b) reject proposal
7.5) ISSUE-138
http://www.w3.org/2006/WSC/track/issues/138
* The identity signal MUST include the Issuer field's Organization
attribute MUST be displayed as part of the identity signal to inform the
user about the party responsible for that information.
Poll -
a) leave as is
b) SHOULD
c) MAY
7.6) Internal inconsistency on logotype displays, as called out in comments.
In 6.1.2:
* Logotypes derived from certificates SHOULD NOT be rendered, unless
the certificate used is an
<http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#def-augmented-assurance-
cert> augmented assurance certificate.
In 5.1.5:
* Otherwise, when the logotype information is derived from a
<http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#def-validated-cert>
validated certificate, then the issuer logotype MUST be rendered, if
present.
Poll -
a) remove the line from 5.1.5
b) remove the line from 6.1.2
c) remove both
8) Next meeting - 02 April 2008
Continue through the ISSUES on the text text for LC June
The April 9 meeting will be cancelled, as both Thomas and I are at RSA.
Received on Tuesday, 25 March 2008 12:38:07 UTC