- From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- Date: Fri, 26 Jan 2007 14:05:10 -0500
- To: public-wsc-wg@w3.org
- Message-ID: <OF05609BD7.B5A81980-ON8525726F.00689443-8525726F.0068D554@LocalDomain>
Reminder - no weekly call next week; it's our f2f. Here's the latest version of our agenda. See you all soon. __________________________________________________________ Web Security Context (WSC) WG Face-to-face #2 Agenda (v 2.0) 2007-01-30 through 2007-01-31 San Jose, CA, USA Phone number and IRC channel to be documented on WG administrative home page http://www.w3.org/2006/WSC/Group/ Teleconference time and lengh information, tbd 8:30 - 17:30 both days, local time Tuesday, 2007-01-30 - Chair, Mary Ellen Zurko Breakfast (8:30) 1. Administrative details (9:00) Including: 1a. Selection of scribes One per 1/4 day (total of 8) 1b. Brief roll call Make sure you've already posted an introduction to yourself on our list 2. Agenda bashing (9:15) 3. WG schedule review (9:30) 4. Discussions on our Note, including siscussion of major Note sections not already covered in our previous meetings 4a. "A word from the editor" - Note process (10:00) 4a. Assumptions (10:15) Break (11:00) 4b. Design Principles (11:30) Lunch (12:15) 4c. User Test Verification (13:15) 4d. Problem with Current User Interface (14:00) Break (14:45) 5. Demos 5a. Petname (15:15) Demo by Tyler 5b. EV (16:15) Demo by Phil 6. Day one wrapup (17:15) Any logistics, agenda changes for the next day, other actions, etc. Recess (17:30) Wednesday, 2007-01-31 - Chair, Mary Ellen Zurko Breakfast (8:30) 7. Agenda bashing (9:00) 8. Best of breed Mozilla extensions for displaying security context information (9:15) Presentation led by Mike B Will include Beltzner's Suggested Do's And Don't From Being a Brower UI Guy Break (10:15) 9. Safe Browsing Mode (10:45) led by Bob P What it would mean, how it would work, etc. 9. Recommendation 1 discussions Editors are needed 9a. Minimal set of security context information (11:15) The description of our first recommendation begins with: A W3C Recommendation that specifies a minimal set of security context information to be made accessible to users, ... We'll discuss what that means and brainstorm on what that minimal set might be. The minimal set can be targeted at the combination of web user agents, web application authoring, and web server deployment guidelines. Lunch (12:15) 9b. Best practices for usable presentation of this information (13:15) The description of our first recommendation continues with: and best practices for the usable presentation of this information This will be a good time for us to get categories (and instances) of potential best practice on the table. Anything put forward will have to be validated as we go forward, using the techniques outlined in the Assumptions section of our Note. It's recommended that people post ideas in this area to the list (and re-post them marked with an indicator that they're for this list if they were part of earlier discussions). Draft categories for best practices: o Straight up usable display of security context information - for each piece of information, best practice on what to display to the user .. in its presence and absence .. alone and in combination with other pieces of security context information .. with and without additional user discovery (e.g. main display vs. requested dialogs) Break (14:30) 10. Recommendation 2 discussions (15:00) The description of our second recommendation begins: a W3C Recommendation that specifies techniques that render the presentation of security context information more robust against spoofing attacks. The Group expects to establish two levels of conformance to these techniques: required and recommended. Draft categories for security context information robustness: o Limitations on scripting capabilities o Shared and protected "secrets" - both cryptographic and human (i.e. personalization) .. and protection of those secrets o Trusted path between web user agent and user o Safe mode browsing (restrictions on allowed browsing activity based on one or more levels of security context required) 11. Wrapup (17:00) Any follow up action items, decisions on editor(s) of the recommendation(s). Recess (17:30)
Received on Friday, 26 January 2007 19:05:34 UTC