Re: Agenda: WSC WG distributed meeting, Wednesday, 2008-05-21 from Serge Egelman on 2008-05-21 (public-wsc-wg@w3.org from May 2008)

From: Serge Egelman <egelman@cs.cmu.edu>
Date: Wed, 21 May 2008 10:45:45 -0400
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
CC: public-wsc-wg@w3.org
Message-ID: <48343599.1050006@cs.cmu.edu>
Regrets, I have another meeting at this time for the foreseeable future.

serge

Mary Ellen Zurko wrote:
> 
>         Web Security Context (WSC) Call Agenda
> 
> Calling information:
> Wednesday, 21 May 2008
> 11:00 am - 12:30 pm Eastern time_
> __http://www.w3.org/2006/WSC/Group/#meetings__
> __http://www.w3.org/Guide/1998/08/teleconference-calendar#D20080521_ 
> <http://www.w3.org/Guide/1998/08/teleconference-calendar#D20071031>
> 
> 
> Agenda
> 
> 1) Pick a scribe
> _http://www.w3.org/2006/WSC/Group/cheatsheet#Scribing__
> __http://www.w3.org/2006/WSC/scribes_
> 
> 2) Approve minutes from meetings_
> __http://www.w3.org/2008/05/07-wsc-minutes.html_ 
> <http://www.w3.org/2008/04/30-wsc-minutes.html>
> 
> 3) Weekly completed action items
> (Usually checkpointed Friday am, US East Coast time)
> [pending review] ACTION-415: Anil Saldhana to Add above text to 5.5.1 
> TLS errors - due 2008-05-08
> [pending review] ACTION-417: Stephen Farrell to investigate completeness 
> of error handling wrt TLS extensions - due 2008-05-15
> [pending review] ACTION-422: Anil Saldhana to Incorporate Stephen's 
> suggested change/clarification - due 2008-05-16
> [pending review] ACTION-423: Anil Saldhana to incorporate 
> DangerWillRobinson - due 2008-05-16
> [pending review] ACTION-424: Anil Saldhana to Clean comments out of 
> wsc-xit - due 2008-05-23
> [pending review] ACTION-428: Anil Saldhana to Incorporate ISSUE-183 def 
> to spec - due 2008-05-29
> [pending review] ACTION-431: Mary Ellen Zurko to Draft plugin-related 
> elaboration text (section 4ish?) - due 2008-05-20
> [pending review] ACTION-432: Anil Saldhana to Incorporate the changed 
> industry standard to practices text - due 2008-05-20
> [pending review] ACTION-433: Anil Saldhana to Change 
> robustness-apis-obscure-security-ui to include For visual user agents, 
> browser chrome SHOULD always be present to signal security context 
> information. This requirement does not apply when UI is explicitly 
> dismissed by the user, e.g. by switching to full screen mode." - due 
> 2008-05-20
> [pending review] ACTION-438: Thomas Roessler to Draft alternate text 
> around requiring saved SSL state - due 2008-05-20
> [pending review] ACTION-444: Thomas Roessler to Take XHR-over-https 
> questions to webapi - due 2008-05-20
> [pending review] ACTION-471: Thomas Roessler to Replace text in 6.1.1 
> and 6.3 as drafted above. - due 2008-05-21
> 
> 4) Open Action Items_
> _http://lists.w3.org/Archives/Public/public-wsc-wg/2008May/0071.html
> 
> 5) Action items closed due to inactivity
> None.
> 
> 6) Agenda bashing
> 
> 7)  Usability Testing
> Sketch out our UT plans
> What will we test for? How will get get participants? Timeline? 
> Responsibilities?
> 
> 8) Next meeting - 28 May 2008_
> _
> Topics for future meetings, carried over from the Oslo agenda:
> 
> Test development
> Thomas to lead
> Test plans, sites to test against, test execution, etc.
> Some amount of test planning is needed for CR entry.
> Doing the testing is needed for CR exit.
> 
> Conforming Implementations
> Needed for CR exit.
> We may cover this in test development. We'll need at least two 
> conforming implementations to test against.
> What's in the pipeline, what can we expect in terms of MUSTs, SHOULDs, etc.
> Will we have gaps?
> 
> What else beyond June?
> What, if anything, other than taking wsc-xit through LC to CR entry to 
> CR exit (to recommendation) would we like to do after June? What would 
> we be capable of doing? What should we, or someone like us, do?
> Some ideas:
> o Authoring best practices for (usably) secured sites. Some of the 
> things we've wanted to recommend haven't been obviously in the scope of 
> enabling security context information for user trust decisions. Should 
> we ask for a charter clarification/change or new WG to do this?
> o Dealing with mixed content (there's some feeling that there might be 
> more to do here).
> o Providing guidance or expertise to other standards efforts that touch 
> on usable security. Can we provide guidance on how to deal with user 
> expectations and implications when protocol security is 
> designed/standardized? To do? Not to do?
> 

-- 
--
/*
PhD Candidate
Carnegie Mellon University

"Whoever said there's no such thing as a free lunch was never a grad 
student."

All views contained in this message, either expressed or implied, are 
the views of my employer, and not my own.
*/
Received on Wednesday, 21 May 2008 14:46:36 UTC