- From: Thomas Roessler <tlr@w3.org>
- Date: Thu, 5 Apr 2007 13:52:50 +0200
- To: WSC WG <public-wsc-wg@w3.org>
The minutes from our meeting on 28 March were approved yesterday:
http://www.w3.org/2007/03/28-wsc-minutes
A text version is included below.
--
Thomas Roessler, W3C <tlr@w3.org>
WSC WG weekly
28 Mar 2007
See also: [2]IRC log
[3]Agenda
Attendees
Present
Mike Beltzner
Johnathan Nightingale
Thomas Roessler
Mary-Ellen Zurko
George Staikos
Stuart Schechter
Rachna Dhamija
Martiza Johnson
Shawn Duffy
Serge Egelman
Jan Vidar Krey
Bill Doyle
Chris Nautiyal
Rishikesh A Pande
Yngve Pettersson
Dan Schutzer
Regrets
hal, chuck, praveen, Phill
Chair
MEZ
Scribe
serge, tlr
Contents
* [4]Topics
1. [5]Approval of minutes
2. [6]Newly closed action items
3. [7]Editing process, style, and alternatives
4. [8]Roadmap and schedule
5. [9]threat trees and use cases?
6. [10]next meeting
* [11]Summary of Action Items
_________________________________________________________________
Approval of minutes
<tlr> [12]http://www.w3.org/2007/03/20-wsc-minutes
Mez_: any issues?
Minutes approved.
Newly closed action items
Mez_: any issues?
Action item closures approved.
Editing process, style, and alternatives
tlr: figuring out how to put comments and issues into a format easier to
track
tlr: a few questions, who is the watchdog on public comment list to say when
comments have turned into issues
... Bill Doyle has volunteered
<tlr> Bill Doyle volunteers to take care of tracking public list and
deriving issues from that.
<rachna> can we edit on a wiki, and then have one or two editors to
formalize it?
tlr: we can edit on a wiki to a certain point; later, need agreement between
editors to figure out who gets the lock on what sections, then use CVS or
something to merge changes
<Mez_> and who was the person who asked this question on the phone? did we
capture that ok?
tlr: can Rachna be an editor?
rachna: don't want to be a bottleneck
<sduffy_aol> are we talking about polishing content that's been added via
the wiki for a final report format?
tlr: we need a few people with a moderate amount of time to volunteer
bill-d: the note seemed to work pretty well, though it got harder due to
feedback and turning it into the wiki, though people contributed to their
own sections
tlr: when moving forward editors may need to deal with resolutions
<sduffy_aol> since I hadn't joined when the first note was drafted, can
someone clarify the editor role because I'd be willing to help once I
understand what's expected...
<Mez_> and of course, Tyler should augment or correct tlr's description of
Editor, based on his experience so far
tlr: editor will roll out changes into the actual document
... casting text into the formal format
... editor transforms information from the group into the final document
<sduffy_aol> thanks for the explanation... I'd be willing to help out with
others... just dont want to be a bottleneck either :-)
tlr: if you think you're a bottleneck for any given week, say so!
<rachna> I think Tyler had to do a lot of writing to convert wiki and phone
discussion into text. It might be good if we had sections parallel to the
document on the wiki, so we could all contribute writing text.
Mez_: is this for use cases and recommendations?
tlr: that's open
<tlr> ACTION: thomas to set up shawn and rachna as additional editors
[recorded in [13]http://www.w3.org/2007/03/28-wsc-minutes.html#action01]
<trackbot> Created ACTION-166 - Set up shawn and rachna as additional
editors [on Thomas Roessler - due 2007-04-04].
Roadmap and Schedule
<Mez_>
[14]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Mar/0118.html
Mez_: review comments on Note due April 4th
<Mez_> [15]http://www.w3.org/2006/WSC/wiki/RecommendationIndex
Mez_: area on wiki to track recommendations
... start logging recommendations on any appropriate level, by end of April
<Mez_>
[16]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Mar/0119.html
Mez_: quick pitches on items on the agenda, 5 minutes each
... any opinions?
<staikos> +1 for me too
<maritzaj> signing off for another meeting. hope to return, but unlikely ...
<sduffy_aol> sounds good... agreed here, as well
tlr: should we go around the table to see what people expect to do?
Mez_: we should do this at the beginning of conference calls
... we can always do this by email
... if someone wants to have a slot, send me mail
<tlr> ACTION: Zurko to send mail to outline quick review process for further
April calls; call for agenda input for next call [recorded in
[17]http://www.w3.org/2007/03/28-wsc-minutes.html#action03]
<trackbot> Created ACTION-174 - Send mail to outline quick review process
for further April calls; call for agenda input for next call [on Mary Ellen
Zurko - due 2007-04-04].
Mez_: this will take us into May, after which we have a face-to-face
... register!
... would like to have editor's draft going into face-to-face
... target May 14th for the draft
tlr: bunch of people attending WWW, so maybe cancel the call?
<johnath> no objection here to cancelling the may 8th call
<sduffy_aol> none here
<tlr> PROPOSED: to skip call on May 8.
Mez_: any problems skipping May 8th call?
<tlr> PROPOSED: to skip May 9 call
<tlr> ACTION: zurko to really cancel May 9 call - due May 2 [recorded in
[18]http://www.w3.org/2007/03/28-wsc-minutes.html#action04]
<trackbot> Created ACTION-168 - really cancel May 9 call [on Mary Ellen
Zurko - due 2007-05-02].
Mez_: we need goals to be reflected in rec draft
... we need to look at the other goals when reviewing
... anything else on the goals?
... June is when we start figuring out the coding, test plans,
functional/robustness/usability
... July we code and prototype
... if you're busy, let us know now
tlr: there can be many public working drafts
Mez_: people don't usually get serious about comments until later in the
process
rachna: I hope we have lots of iteration on the recommendations
<tlr> ACTION: zurko to put roadmap into wiki [recorded in
[19]http://www.w3.org/2007/03/28-wsc-minutes.html#action05]
<trackbot> Created ACTION-169 - Put roadmap into wiki [on Mary Ellen Zurko -
due 2007-04-04].
Mez_: any more comments on coding?
... August we'll apply the test plans
tlr: don't expect lots of work in July/August/September
Mez_: look at the milestones if this is you
<tlr> ... two months worth of work, maybe, three months work, never ...
tlr: schedule August/September instead
<tlr> ACTION: zurko to put 4th f2f on Dublin agenda: September or November?
[recorded in [20]http://www.w3.org/2007/03/28-wsc-minutes.html#action06]
<trackbot> Created ACTION-170 - Put 4th f2f on Dublin agenda: September or
November? [on Mary Ellen Zurko - due 2007-04-04].
Mez_: what else needs to be in the outline?
tlr: what assumptions will be broken?
<Mez_> [21]http://www.w3.org/TR/wsc-usecases/#relevance
<Mez_> [22]http://www.w3.org/2006/WSC/wiki/ThreatTrees
<Mez_> [23]http://www.w3.org/TR/wsc-usecases/#use-cases
Mez_: next topic: threat trees and relevance goals
threat trees and use cases?
Mez_: Stuart?
ses: whoever drafted the relevance goals, are they relevant to the threat
trees?
... 2.2 is two sentences, saying what the group will do...
Mez_: let's discuss this.
ses: there are potentially exponential number of use cases
... if we did all combinations, we'd generate a very large number of use
scenarios
... is there value in enumerating all these things, or are just a few
dimentions useful?
tlr: the point is that academically we just need dimensions for our audience
<Paul> Isn't the skill in picking the smallest number of use cases that
clearly describe the problems?
tlr: our current use cases don't elaborate on all dimensions, but do touch
on most bifurcations
<Mez_> or the ones we want to go after, because they're "common"
<Mez_> which is part of goal 2.2
<scribe> I think it's unreasonable to believe we're going to address every
use case; I agree that we should just focus on common ones
Mez_: there's a subset of common ones that we'll focus on in fulfilling goal
2.2
tlr: there seems to be agreement
<ses> My question is whether it makes sense to use the dimensions or the
examples to move forward.
MEZ: change goal etc
ses: do not understand coverage?
... is it "easy to enumerate" or is it "important"?
MEZ: cover what's most common
<ses> I don't see very many things that aren't common in the dimensions
<sduffy_aol> I also have another meeting I need to attend...
ses: asking to what extent use cases and nodes in threat tree match?
... <trying to define "match">
<rachna> I think we are conflating usage scenarios (use cases) and attacks.
Aren't these two separate things?
ses: (more complicated version of what Rachna typed into IRC)
<Paul> Sorry not on the phone.
<Mez_> then just type it in :-)
<Mez_> your comment/question
<Paul> Do we have a methodology chosend for threat assesment?
<rachna> In the end, we want to be able to say that recommendation X
satisfies use cases A,B, C, and is vulnerable or resistant to certain
attacks 1, 2, 3.
<Paul> pardon my typos
tlr: +1 to rachna
<beltzner> +2 to rachna
<johnath> rachna++
mez: rachna's comment seems popular
mez: how does goal 2.2 fit there...
<ses> You can map threats to the use-case-dimensional values. I think going
to straight to examples is counterproductive because, once again, it doesn't
help us to understand the _set_ of possible use cases that can be subverted
by each threat.
<johnath> rachna.trenchant = true;
mez: pick common use cases ...
... identify what security information user requires ...
... hook into recommendations ...
... security information needed, provided ...
<ses> Rachna: I would say that recommendation X is a countermeasure against
threats A for use cases of a given set, threat B for uses cases in a
different set, and so on.
johnathan: got it, congrats to self ...
... is it just measurement of success or more? ...
<johnath> tlr: +1
tlr: These things are for different audiences. They are related. Please do
not construct a dichotomy where none exists.
<ses> I'm fine with examples, but we lose meaning and understanding if our
work is on examples rather than on the dimensions that create the examples.
mez: How are we going to execute goal 2.2?
... as part of getting out recs in April, discussion in April should be
pulling out use cases ...
<ses> For example, if we say "this works against usage scenario 2.X", and
not against "all uses cases in set Y", then we don't have a definitive
answer when someone outside the group asks "but will it help me with MY
scenario which is different than yours?"
<Mez_> ses, you might be saying that the specific doesn't apply to the
abstract. If you are, I believe we need both.
(discussion between tlr and ses about how threat trees map to use cases and
scenarios; MEZ notes we're losing time)
<scribe> ACTION: thomas and stuart to try to figure out how to move forward
with this [recorded in
[24]http://www.w3.org/2007/03/28-wsc-minutes.html#action07]
<trackbot> Created ACTION-171 - And stuart to try to figure out how to move
forward with this [on Thomas Roessler - due 2007-04-04].
mez: stuart, please let's think abut how the threat trees fit in
... as we go through recs, let's look at the goals / use cases
... I think Tyler did that in his rec proposal ...
tyler: yeah, did a stab at that
mez: Let's do that against each of the recommendations
next meeting
mez: 4 April; please submit review comments on note by then
staikos: regrets, meeting, but will make effort to send stuff to list
adjourned
Summary of Action Items
[NEW] ACTION: thomas and stuart to try to figure out how to move forward
with this [recorded in
[25]http://www.w3.org/2007/03/28-wsc-minutes.html#action07]
[NEW] ACTION: thomas to set up shawn and rachna as additional editors
[recorded in [26]http://www.w3.org/2007/03/28-wsc-minutes.html#action01]
[NEW] ACTION: Zurko to send mail to outline quick review process for further
April calls; call for agenda input for next call [recorded in
[27]http://www.w3.org/2007/03/28-wsc-minutes.html#action03]
[NEW] ACTION: zurko to put 4th f2f on Dublin agenda: September or November?
[recorded in [28]http://www.w3.org/2007/03/28-wsc-minutes.html#action06]
[NEW] ACTION: zurko to put roadmap into wiki [recorded in
[29]http://www.w3.org/2007/03/28-wsc-minutes.html#action05]
[NEW] ACTION: zurko to really cancel May 9 call - due May 2 [recorded in
[30]http://www.w3.org/2007/03/28-wsc-minutes.html#action04]
[End of minutes]
_________________________________________________________________
Minutes formatted by David Booth's [31]scribe.perl version 1.128 ([32]CVS
log)
$Date: 2007/04/04 22:41:15 $
References
1. http://www.w3.org/
2. http://www.w3.org/2007/03/28-wsc-irc
3. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Mar/0131.html
4. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#agenda
5. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#item01
6. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#item02
7. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#item03
8. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#Roadmap
9. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#item04
10. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#item05
11. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#ActionSummary
12. http://www.w3.org/2007/03/20-wsc-minutes
13. http://www.w3.org/2007/03/28-wsc-minutes.html#action01
14. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Mar/0118.html
15. http://www.w3.org/2006/WSC/wiki/RecommendationIndex
16. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Mar/0119.html
17. http://www.w3.org/2007/03/28-wsc-minutes.html#action03
18. http://www.w3.org/2007/03/28-wsc-minutes.html#action04
19. http://www.w3.org/2007/03/28-wsc-minutes.html#action05
20. http://www.w3.org/2007/03/28-wsc-minutes.html#action06
21. http://www.w3.org/TR/wsc-usecases/#relevance
22. http://www.w3.org/2006/WSC/wiki/ThreatTrees
23. http://www.w3.org/TR/wsc-usecases/#use-cases
24. http://www.w3.org/2007/03/28-wsc-minutes.html#action07
25. http://www.w3.org/2007/03/28-wsc-minutes.html#action07
26. http://www.w3.org/2007/03/28-wsc-minutes.html#action01
27. http://www.w3.org/2007/03/28-wsc-minutes.html#action03
28. http://www.w3.org/2007/03/28-wsc-minutes.html#action06
29. http://www.w3.org/2007/03/28-wsc-minutes.html#action05
30. http://www.w3.org/2007/03/28-wsc-minutes.html#action04
31. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
32. http://dev.w3.org/cvsweb/2002/scribe/
Received on Thursday, 5 April 2007 11:52:36 UTC