- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 27 Feb 2008 15:17:41 +0100
- To: WSC WG <public-wsc-wg@w3.org>
Minutes from our meeting on 2008-02-13 were approved and are
available online here:
http://www.w3.org/2008/02/13-wsc-minutes.html
A text version is included below the .signature.
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
Web Security Context Working Group Teleconference
13 Feb 2008
See also: [2]IRC log
Attendees
Present
Tyler Close, Thomas Roessler, Mary Ellen Zurko, Bill Doyle,
Johnathan Nightingale, Yngve Pettersen, Jan Vidar Krey, Hal
Lockhart, Ian Fette, Stephen Farrell, Maritza Johnson, Tim_Hahn
Regrets
DanS, Luis, Bill
Chair
Mary Ellen Zurko
Scribe
Johnathan Nightingale
Contents
* [3]Topics
1. [4]Weekly completed action items
2. [5]Open action items
3. [6]Agenda Bashing
4. [7]Section 7
5. [8]Section 8.1
6. [9]Section 8.2
7. [10]Section 9
8. [11]Section 9.2
9. [12]Section 9.4
10. [13]Section 9.5
11. [14]Section 9.6
* [15]Summary of Action Items
__________________________________________________________________
<trackbot-ng> Date: 13 February 2008
<scribe> ScribeNick: johnath
<tlr_> apologies for minutes lateness re face-to-face
<jvkrey> yeah, me 2
<Mez> [16]http://www.w3.org/2008/01/30-wsc-minutes
Mez: We're going on to approve minutes from last distributed meeting
<Mez> Regret+ Bill E
Mez: previous distributed meeting, january 30th?
... approved
<tlr_> [17]http://www.w3.org/2008/01/30-wsc-minutes.html
Weekly completed action items
Mez: whole bunch from various editors, thank you all
tlr_: have we heard anything from Serge about his actions taken at the
face to face
... I am blocking on some of those
... I take the silence as a no
Mez: anything else on closed action items?
<Mez>
[18]http://lists.w3.org/Archives/Public/public-wsc-wg/2008Feb/0009.html
Open action items
<tlr_> ACTION-370?
<trackbot-ng> ACTION-370 -- Bill Doyle to draft language to reference
RFC 3766 or successors in a useful way -- due 2008-03-01 -- OPEN
<trackbot-ng> [19]http://www.w3.org/2006/WSC/track/actions/370
bill-d: question on action-370
... want clarification on what we are trying to nail down, can't really
determine action
Mez: yes, we often lose context over time
<Mez>
[20]http://lists.w3.org/Archives/Member/member-wsc-wg/2008Jan/att-0011/
wsc20080116.html
Mez: tlr thoughts?
tlr_: loading
... this is the convergence of the "what do we reference for 'strong'
cryptography"
... so the action on Bill was to wrap language around this RFC as being
the reference of choice
bill-d: I looked into that and the rfc named seems to be about VPNs
... I've sent something to the list, if that's the general direction we
want, I can work on the text
<Mez> [21]http://www.w3.org/2006/WSC/track/issues/128
Mez: any other issues on other actions?
Agenda Bashing
Mez: I basically threw in continuations from the face to face
Mez: my memory of sections we didn't discuss are 7, 8.1, 8.2 and I was
fuzzy on 9
... we had strong agreement that we needed a lo-fi prototype of
anything going into last call
... even if we have consensus that it is otherwise ready
... with the exception of robustness recs that would only really have a
"non-compliance" prototype
... I don't think we'll get to sec.9 today, but that's okay because I
think it's critical to have Rachna here for that
... comments, changes?
<Mez> [22]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#ceremonies
Section 7
Mez: I haven't had time to prep, has anyone else on the call
(particularly those who were at F2F) opinions on sections to take to
last call, from this section
... my general intuition is that things in section 7 with affinity to
other sections, anything that relies on the input editor, would be
unprepared for last call
ifette: I still have huge concerns about adoption impact of this text
Mez: I think that would be based on what subset we choose to take to
last call
ifette: Basically, I don't think any text here with "MUST" is ready for
last call
Mez: much of the text was massaged during the f2f
<_tlr> I wonder what the scope of "here" is in ifette's statement
Mez: scrolling down, one thing that catches my eye is "petnames"
... section 7.4
... I see overlap with identity signal there
yngve: question - are you intending to have the entire section in the
requirements document
... the problem with that entire section is that it presumes the safe
form editor, it might stick out like a sore thumb to include it
Mez: I hear you saying that you don't think there's a subset there to
extract
... but I think we still can
<stephenF> +1 to ian/ynvge concerns, but would like to see an edited
verison of this before I decide
tyler: I can take an action to define out petname
<_tlr> johnath: question to tyler is... Plan to define petname so it
can be extract?
<_tlr> tyler: i'll do it independent of the safe form editor
<_tlr> mez: that sounds useful
Mez: the next thing that came to mind was 7.8 and 7.9 as having overlap
with other sections
... so somewhere in robustness, covered the customization aspect
... I feel like the parts of 7.8 that overlap with robustness are
already taken care of
hal: are we using the wrong definition of picture in picture here? I
thoguht it involved chrome being overlaid by web content
tyler: I think it involves content within the browser, chrome within
chrome
Mez: is a contact button an existing thing in some subset of user
agents?
tyler: new concept
Mez: right, I know we had some of that content in a prior discussion,
but now I can't find it
<Mez>
[23]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#change-tls-state
Mez: anyone remember where this "remembering certificates" text was?
... I think we probably can
... I think we probably *can't* integrate 7.9 with that text, though
tyler: In this case, you have an additional piece of information. The
user has already told you that it trusts a particular cert chain
Mez: Right - might even want to consider that issue when extracting out
petname text for your action
<scribe> ACTION: tyler to extract out petnames content, provide
definition independent of section 7 [recorded in
[24]http://www.w3.org/2008/02/13-wsc-minutes.html#action01]
<trackbot-ng> Created ACTION-391 - Extract out petnames content,
provide definition independent of section 7 [on Tyler Close - due
2008-02-20].
Section 8.1
<Mez>
[25]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#techniques-dontm
ix
<Mez> issue-109?
<trackbot-ng> ISSUE-109 -- Should there be recommendations against
favicons? -- OPEN
<trackbot-ng> [26]http://www.w3.org/2006/WSC/track/issues/109
ifette: 8.1.3 the first bullet just seems very strange to me
... agents like Firefox 3 don't even have a lock in the location bar
any more, favicons are very useful to me
... I can't see this MUST NOT, even SHOULD NOT seems strong to me
<stephenF> +1 to comment that this text is liable to be overtaken by
new browser versions
johnath: I thought I proposed alt-text here?
<ifette>
[27]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Dec/0005.html
Mez: ah, your text does include a proposal for 8.1.3
bill-d: I don't mind favicons, they just shouldn't be used in secure
chrome
<Mez> > - Web User Agents MAY ignore favorite icon [FAVICON] references
<Mez> > that are part of Web content.
<Mez> > - Web User Agents SHOULD NOT use a 16x16 image in chrome to
<Mez> > indicate security status if doing so would allow the FAVICON to
<Mez> > mimic it.
<Zakim> ifette, you wanted to say that secure chrome in FF2 is not the
same as secure chrome in FF3 and that we dont want to say the location
bar will always be secure chrome
Mez: pasting text in channel for consideration
ifette: My problem with the current wording is that it treats the
location bar as secure chrome, and that's a bad assumption
... I like johnathan's second proposed bullet - don't let the favicon
spoof your security indicator
<stephenF> +1 to jonath's 8.1.3 replacement
Mez: okay, so I think we have a proposal in play, I think that would be
the text to consider for the LC document
tlr: I'll take an action to merge that text
<_tlr> ACTION: thomas to merge
[28]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Dec/0005.html
[recorded in
[29]http://www.w3.org/2008/02/13-wsc-minutes.html#action02]
<trackbot-ng> Created ACTION-392 - Merge
[30]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Dec/0005.html
[on Thomas Roessler - due 2008-02-20].
Mez: sounds like that is text we can take to last call in June, and our
editors will put that in
Section 8.2
<Mez>
[31]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#robustness-trust
edpath
Mez: did we discuss this at the face to face
tlr: I think we discussed this on Feb 5
Mez: where did we get with it?
tlr: it was mentioned
Mez: yes, I added it to the agenda because it was touched but not
resolved
<Mez> Web user agents that proactively present security context
information to the user (or a channel presumed to eventually lead to
the user, such as accessibility aides) MAY accept some presentation
information from the user, and associate that information with parts of
the user interface that are intended or commonly used to communicate
trust information to users.
Mez: I believe the only normative text is what I've pasted
... it's pretty weak
<Mez> In these user agents, the editor bar MUST be displayed using a
theme customized to the user. The user selects this theme at browser
installation time. Changes of this theme MUST involve a user
interaction that is focused on this specific task. The icon for the
Contacts button MUST also be selected by the user at installation time.
Mez: not nearly as strong as the text in 7.8
<stephenF> looks ok to me
Mez: in its current state, I think we can take it to last call
... lobbies for something stronger?
... Alright, we're on track to take that to LC in June
<Mez>
[32]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#authoringAndDepl
oyment
Section 9
Mez: did we do 9.1 in the f2f
<Mez> This specification requires that web pages MUST NOT include trust
indicating images such as padlocks in the web content.
tyler: we did not
<stephenF> what if I sell (physical) padlocks?
<jvkrey> or images of padlocks?
<tlr> [33]http://www.flickr.com/search/?q=padlock&w=all
<tlr> (was the objection at the face-to-face)
yngve: a bit more background text might be a good idea
... with extra text, it could be in LC
Mez: what kind of background text are you talking about?
<_tlr> I think the headline is better than the full text -- it's not
about "use trust indicator like images", but rather about "don't use
them to engineer trust"
<stephenF> +1 to tlr
bill-d: I think of padlocks and favicons - people are going to do
whatever they want with them. If we have an area reserved for secure
chrome, then I don't think we care about restricting content outside of
that
tlr: Having been the one who raised the objection, I think the intent
is a good one - don't use these kinds of images to engineer trust
... "don't use trust indicators in content, don't teach them to look in
content instead of chrome for trust indication"
<stephenF> other than help text on web pages?
<tlr> right
<yngve>
[34]http://lists.w3.org/Archives/Member/member-wsc-wg/2008Jan/0002.html
<Mez> This specification requires that web pages MUST NOT include trust
indicators from existing user agent chrome in the web content as an
indication of web content trust.
tlr: I think that's what we mean, I think we can get there without
difficulty
... that text looks good, maybe with more background text
Mez: what background text
<Zakim> stephenF, you wanted to ask if that MUST NOT is testable or not
tlr: call out the education implication, explain the consequence
<scribe> ACTION: tlr to draft replacement text for section 9.1 (trust
indicators in content) [recorded in
[35]http://www.w3.org/2008/02/13-wsc-minutes.html#action03]
<trackbot-ng> Created ACTION-393 - Draft replacement text for section
9.1 (trust indicators in content) [on Thomas Roessler - due
2008-02-20].
<Mez> web pages MUST NOT include trust indicators from existing user
agent chrome in the web content as an indication of web content trust.
stephenF: does this rule need to be testable? Is it currently?
<stephenF> audio is bad
<stephenF> +1 to it being testable, but hard here when we're talking
about content
Mez: does anyone think things *shouldn't* be testable
yngve: it may be a question of what testable means
Mez: yes, you're right, but certainly lack of compliance is something a
person can point to
... even if it can't be automated
<stephenF> what if UA picks a new icon that some site was using for N
years before?
<yngve>
[36]http://lists.w3.org/Archives/Member/member-wsc-wg/2008Jan/att-0002/
unsecure_europcar.PNG
yngve: I linked to a screenshot that I sent to the list a month ago
... this site is an example of what we're trying to prevent
Mez: yes, this is an example of the problem
yngve: they've since changed the site around
bill-d: I have another example
<bill-d> [37]http://www.chase.com/
bill-d: the practice is widespread
<stephenF> and credentials in clear is more easily testable
Mez: okay, I think we've got some examples. This is a challenging
notion to test, no doubt
... it's not clear to me how we'll argue that the rule applies to
particular things
<yngve> [38]http://my.opera.com/yngve/blog/show.dml/281609
<Zakim> johnath, you wanted to ask if Larry is a trust indicator
johnath: Larry is a trust indicator, but so are things like VeriSign
siteseals, or "HackerSafe" certification. Do we intend to ban those? We
should be explicit
yngve: wanted to point out that Larry (passport icon in Firefox 3)
could be a trust indicator
... also some of those badges are hosted on http
Mez: we're not concerned here with whether the site is "actually"
secure, so hosting of the content is beside the point - we are talking
about content co-opting trust indicators
hal: I don't think we have to spend time on direct copying of copyright
content, since that's already against the law
Mez: so far I'm not hearing a request to drop this from last call, just
discussion
ifette: what precisely is the text we're talking about
Mez: there's only one line of normative text there
johnath: isn't thomas rewriting it
<hal> web pages MUST NOT include trust indicators from existing user
agent chrome in the web content as an indication of web content trust.
Mez: no, that's just background
tlr: background and possibly editorial stuff
Mez: sounds like this can go to last call, though I am concerned about
how we'll establish pass/fail here
Section 9.2
An unsecure web page MUST NOT embed a form meant for the user to login.
All login pages MUST be served from secure servers ie. login pages must
be TLS protected. An unsecure page MAY carry a link for the user to
click to be taken to a secure page to enter login information. This
link MUST NOT carry a padlock along with it.
tyler: we did a version of 9.2 at the face to face
<stephenF> did new variation of 9.2 mention javascript?
Section 9.4
Mez: we did the redirect stuff, right?
tyler: we didn't come to a conclusion
<stephenF> ok, I'll ask later
<stephenF> also on this, the 2nd sentence should say user again (to
leave out server-server logins)
<stephenF> fine by me
stephenF: Want to know if the login form being described can include
javascript that logs in
Mez: so back to 9.4, redirects
Web Sites that require their users to be redirected from an unsecure
web page to a secure web page MUST do it as a single step rather than
multi-step (redirect to an unsecure page and then redirect again to a
secure page). This specification recommends that the web page MUST use
direct links to a secure page rather than using redirects.
<Mez> issue-163?
<trackbot-ng> ISSUE-163 -- Make (sure) 9.4 is internally consistent --
OPEN
<trackbot-ng> [39]http://www.w3.org/2006/WSC/track/issues/163
<stephenF> why dislike multiple re-directs?
ifette: I'm a little bit concerned that this might be too strict
<_tlr> the concern is redirect chains from https through http back to
https
<tjh> does this impede something like WS-Federation passive?
<stephenF> that was me I guess
<stephenF> no I'm ok that was before
ifette: I understand that we don't want people bouncing from a to b to
c, but if there are several http redirects on the same site before
landing on https
tyler: I think the concern was that for UIs for EV certs, there is an
implied continuity of secure connection, and that's not the case if
there are http steps
<stephenF> +1 to ian's question, same one I wondered about
ifette: 9.4 to me sounds like it deals with people starting on
something insecure, ending on something secure, and how to handle the
redirects in that process
... I think we agree on the continuity of an already-secure connection
yngve: The concern is heightened attack surface
<stephenF> "attack surface" arugment seems too vague to justify a MUST
yngve: for instance at bank of america when you click a login button
<stephenF> tinyurl
ifette: nothing here is about login buttons, it's just about
redirect-on-load from insecure to secure
stephenF++
ifette: bouncing around in one domain doesn't seem substantially less
safe
yngve: we hardcoded our security indicators to only allow one redirect
<Zakim> johnath, you wanted to surface stephen's point
<Mez> yngve's point seems to be that the redirects make it most
difficult for the browser developer to get the security indicator right
<stephenF> would a MUST rule out OpenID+Yadis? (not sure, probably not
HTTP re-directs)
<Mez> Web Sites that require their users to be redirected from an
unsecure web page to a secure web page SHOULD do it as a single step
rather than multi-step (e.g. redirect to an unsecure page and then
redirect again to a secure page). This specification recommends that
the web page SHOULD use direct links to a secure page rather than using
redirects.
johnath: I think the content authors that declare themselves compliant
are a pretty keen bunch, and would be fine with MUST, but I'm happy to
change to SHOULD if that means we move along - I think the important
point is to provide guidance to those designers that multiple bounces
is a bad practice
<stephenF> if we say "SHOULD" there then it'd be nice to give an
example where its reasonable to not adhere (e.g. tinyurl)
tyler: I think the content authors will look to this spec to clarify
the expectations of browser developers
... so if SHOULD deviates from, say, Opera's expectations, we violate
that assumption
Mez: does anyone object to SHOULD
yngve: I can survive it
Mez: yngve, are you proposing alternate text?
<Zakim> ifette, you wanted to ask yngve a question
Mez: I assume from silence that we'll leave it SHOULD for now
ifette: just to be clear on something yngve said earlier. If I go
http->http->https, I don't get a padlock in opera?
yngve: that's correct
Section 9.5
Mez: we have 12 minutes left
<yngve> Perhaps add "Websites SHOULD consider that some clients may use
stricter determinations of security in non-TLS protected redirects that
terminate at a TLS-protected site
<Mez> Web content SHOULD be designed to enable the a consistent
security user experience across different user agents and devices. Web
site owners SHOULD perform tests of the TLS security and trust features
of their site on various devices.
<Mez> Web site owners operating TLS-protected sites should anticipate
the use of those sites from mobile devices which may have constrained
capabilities e.g. diverging sets of trust anchors or limited
cryptographic mechanisms.
Mez: I don't see any issues against it in the current text
... I'm going to suggest this is LC-ready
<stephenF> 9.5 2nd sentence: is that a new sort of requirement...
<tyler> "the a "
<stephenF> ...asking owner (and not developer) to do stuff?
<stephenF> (but I'm ok with the text)
<_tlr> ACTION: thomas to fix grammar error in 9.5 [recorded in
[40]http://www.w3.org/2008/02/13-wsc-minutes.html#action04]
<trackbot-ng> Created ACTION-394 - Fix grammar error in 9.5 [on Thomas
Roessler - due 2008-02-20].
johnath: this seems like straightforward best practices text to me
tyler: grammar error noted in IRC
yngve: I wrote something recently (to the list?) that might be relevant
Mez: not hearing any objections
<Mez> Web content SHOULD be designed to enable the a consistent
security user experience across different user agents and devices. Web
site owners SHOULD perform tests of the TLS security and trust features
of their site on various devices.
<Mez> Web site owners operating TLS-protected sites should anticipate
the use of those sites from mobile devices which may have constrained
capabilities e.g. diverging sets of trust anchors or limited
cryptographic mechanisms.
Section 9.6
<Mez> Audio logotypes embedded with certificates should be designed to
minimize possible listener confusion and the time that their rendering
takes. Specifically, audio logotypes SHOULD NOT include spoken text.
Audio logotypes MAY include short musical phrases.
<stephenF> seems fine to me
Mez: I feel like the state of the text is pretty good, done in
conjunction with the accessibility group
... going once, going twice
<stephenF> that'd be ok with "SHOULD NOT" since they've a reason to do
it
ifette: if somebody's audio-jingle has their company name it, does that
create a problem?
Mez: for answers on that, we'd have to coordinate with the
accessibility folks
hal: does the spoken text include singing?
Mez: take it to the public email list and we'll get their expertise in
<stephenF> syggest adding: stephenF MUST NOT sing in audio logotypes
tjh: As I read the text, it occurred to me whether we should be
synchronizing visual and audio cues, if both are present
Mez: I think it's worth drafting something, and we probably won't
finish it in the 3 minutes remaining
<scribe> ACTION: tjh to draft elaborated text to section 9.6 re:
synchronization of cues [recorded in
[41]http://www.w3.org/2008/02/13-wsc-minutes.html#action05]
<trackbot-ng> Created ACTION-395 - Draft elaborated text to section 9.6
re: synchronization of cues [on Tim Hahn - due 2008-02-20].
Mez: that's it
Summary of Action Items
[NEW] ACTION: thomas to fix grammar error in 9.5 [recorded in
[42]http://www.w3.org/2008/02/13-wsc-minutes.html#action04]
[NEW] ACTION: thomas to merge
[43]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Dec/0005.html
[recorded in
[44]http://www.w3.org/2008/02/13-wsc-minutes.html#action02]
[NEW] ACTION: tjh to draft elaborated text to section 9.6 re:
synchronization of cues [recorded in
[45]http://www.w3.org/2008/02/13-wsc-minutes.html#action05]
[NEW] ACTION: tlr to draft replacement text for section 9.1 (trust
indicators in content) [recorded in
[46]http://www.w3.org/2008/02/13-wsc-minutes.html#action03]
[NEW] ACTION: tyler to extract out petnames content, provide definition
independent of section 7 [recorded in
[47]http://www.w3.org/2008/02/13-wsc-minutes.html#action01]
[End of minutes]
__________________________________________________________________
Minutes formatted by David Booth's [48]scribe.perl version 1.133
([49]CVS log)
$Date: 2008/02/27 14:16:30 $
References
1. http://www.w3.org/
2. http://www.w3.org/2008/02/13-wsc-irc
3. http://www.w3.org/2008/02/13-wsc-minutes.html#agenda
4. http://www.w3.org/2008/02/13-wsc-minutes.html#item01
5. http://www.w3.org/2008/02/13-wsc-minutes.html#item02
6. http://www.w3.org/2008/02/13-wsc-minutes.html#item03
7. http://www.w3.org/2008/02/13-wsc-minutes.html#item04
8. http://www.w3.org/2008/02/13-wsc-minutes.html#item05
9. http://www.w3.org/2008/02/13-wsc-minutes.html#item06
10. http://www.w3.org/2008/02/13-wsc-minutes.html#item07
11. http://www.w3.org/2008/02/13-wsc-minutes.html#item08
12. http://www.w3.org/2008/02/13-wsc-minutes.html#item09
13. http://www.w3.org/2008/02/13-wsc-minutes.html#item10
14. http://www.w3.org/2008/02/13-wsc-minutes.html#item11
15. http://www.w3.org/2008/02/13-wsc-minutes.html#ActionSummary
16. http://www.w3.org/2008/01/30-wsc-minutes
17. http://www.w3.org/2008/01/30-wsc-minutes.html
18. http://lists.w3.org/Archives/Public/public-wsc-wg/2008Feb/0009.html
19. http://www.w3.org/2006/WSC/track/actions/370
20. http://lists.w3.org/Archives/Member/member-wsc-wg/2008Jan/att-0011/wsc20080116.html
21. http://www.w3.org/2006/WSC/track/issues/128
22. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#ceremonies
23. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#change-tls-state
24. http://www.w3.org/2008/02/13-wsc-minutes.html#action01
25. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#techniques-dontmix
26. http://www.w3.org/2006/WSC/track/issues/109
27. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Dec/0005.html
28. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Dec/0005.html
29. http://www.w3.org/2008/02/13-wsc-minutes.html#action02
30. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Dec/0005.html
31. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#robustness-trustedpath
32. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#authoringAndDeployment
33. http://www.flickr.com/search/?q=padlock&w=all
34. http://lists.w3.org/Archives/Member/member-wsc-wg/2008Jan/0002.html
35. http://www.w3.org/2008/02/13-wsc-minutes.html#action03
36. http://lists.w3.org/Archives/Member/member-wsc-wg/2008Jan/att-0002/unsecure_europcar.PNG
37. http://www.chase.com/
38. http://my.opera.com/yngve/blog/show.dml/281609
39. http://www.w3.org/2006/WSC/track/issues/163
40. http://www.w3.org/2008/02/13-wsc-minutes.html#action04
41. http://www.w3.org/2008/02/13-wsc-minutes.html#action05
42. http://www.w3.org/2008/02/13-wsc-minutes.html#action04
43. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Dec/0005.html
44. http://www.w3.org/2008/02/13-wsc-minutes.html#action02
45. http://www.w3.org/2008/02/13-wsc-minutes.html#action05
46. http://www.w3.org/2008/02/13-wsc-minutes.html#action03
47. http://www.w3.org/2008/02/13-wsc-minutes.html#action01
48. http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/scribe/scribedoc.htm
49. http://dev.w3.org/cvsweb/2002/scribe/
--
Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 27 February 2008 14:18:35 UTC