See also: IRC log
<tlr> "zakim, unmute me"
<stephenF> ta
<tlr> tyler: it just goes into normal text?
<tlr> ... and this continues ...
<tlr> Scribe: tyler
<tlr> http://www.w3.org/2006/11/21-wsc-minutes
<tlr> RESOLVED: minutes approved
<tlr> http://www.w3.org/2006/WSC/wiki/
mez: Encourage everyone to submit action item
text to wiki
... Solicits questions on wiki use
PHB: Can't find the draft note on the wiki
Tyler: says he will put the form of the note into the wiki
<tlr> ACTION: tyler to add note's structure to wiki [recorded in http://www.w3.org/2006/12/05-wsc-minutes.html#action01]
<trackbot> Created ACTION-36 - Add note\'s structure to wiki [on Tyler Close - due 2006-12-12].
MEZ: Confirms that MoinMoin does versioning
MEZ: No more questions on wiki
... Documenting the scope and the goals are the top priorities
<tlr> The joys of multipart/alternative...
MEZ: Hope everyone hits their ACTION item goals for the next meetings
<tlr> http://www.w3.org/2006/WSC/Group/track/actions/4
MEZ: What's our vanilla attack scenario
<tlr> http://www.w3.org/2006/WSC/drafts/note/
MEZ: Is ACTION-4 our vanilla attack?
<tlr> http://www.w3.org/2006/WSC/drafts/note/#email-lure
PHB: Distinguish between use cases and abuse
cases
... Some banks have given up sending email
MEZ: Is this a legal remedy?
PHB: No bank is still liable
MEZ: Concrete scenario followed by discussion is preferred format for use cases
PHB: Helps make the use case succinct
MEZ: Should we close ACTION-4
... Moving on to next action item, ACTION-8
<tlr> http://www.w3.org/2006/WSC/Group/track/actions/8
<tlr> http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402B2D656@repbex01.amer.bea.com
MEZ: Hal not on call
TLR: Draft of text in email archive
MEZ: Hal's email incorrectly cited ACTION-11
... ACTION-8 needs to be more concrete
<Mez> http://www.w3.org/2006/WSC/Group/track/actions/9
<tlr> http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0056
MEZ: ACTION-9 is more an enumeration of issues with the chrome, than a use case
<tlr> carry over to next call
MEZ: ACTION-9 is thorough and excellent, but want a concrete scenario
<Mez> http://www.w3.org/2006/WSC/Group/track/actions/13
Do you want me to use a real use case, or a fictitious use case
TLR: Don't use a real use case, for trademark
issues.
... Use example.com in specification examples
... For example, use http://www.example.com/ as a URL
<tlr> example.{com,info,org} ...
<Mez> http://www.w3.org/2006/WSC/Group/track/actions/22
<tlr> http://lists.w3.org/Archives/Public/public-wsc-wg/2006Dec/0003
MEZ: Want a concrete voice browser use case for
the note
... Solicits any other participants for voice browser use case
<Mez> http://www.w3.org/2006/WSC/Group/track/actions/19
MEZ: Want to get to the scope next
... Might not get to the use cases for a couple weeks
... Need the note for the next face2face
<malware> sorry for being late
<tlr> http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0105
MEZ: The desktop decoration use case used a
good format, like ACTION-4
... Any issues with putting future looking features out of scope?
<tlr> Since the visual cues are not controlled by a browser, but rather the application program which is painting the transparent window information on the desktop, there is no browser chrome to define, protect, or for Alice to rely upon.
<stephenF> when will our REC be done? Presumably "future" applies from then on, or from now on?
tlr, could you summarize your point for the minutes?
<tlr> tlr: one key property seems to be the one mentioned above; sounds similar to widgets spec work in WAF WG.
Yakov: WS-Security might provide a concrete use case. Need to work on one
Stephen: Is the future tomorrow, or the day
after the Rec comes out?
... Vista is coming out while we're working. Might be some changes in
usage.
TLR: Should abstract from any particular product
MEZ: Should look at any product that gets lots of usage
<Paul> If spec has been approved by a relevant standards body, isn't it in scope, even if deployments might be several months in the future?
MEZ: Our goals will be shaped by things we can make use-cases for today
<Zakim> stephenF, you wanted to ask when "future" starts, if out of scope
Stephen: Tha's fine, but want to have flexibility as we move forward
??: What about stuff that is standardized, but not yet deployed
MEZ: Remember the days when standards standardized existing use
TLR: Just being a standard doesn't put in scope. We have to believe the deployment story
<stephenF> offering a tricky case for scoping here: IEFT EAI (email i18n), i dunno whether that should or should not be in scope
MEZ: We have to put a high bar on that. We need to believe it will be deployed, not it might be deployed.
<stephenF> EAI stuff: fine for later
<Zakim> malware, you wanted to ask for clarification of difference between "deployed" and "implemented"
<tlr> maware, we can't hear you
<tlr> malware
<malware> I'm not on the bridge
<malware> I just wanted to ask what exactly is meant by deployment
TLR: channelling malware, Is it deployed, or implemented?
MEZ: implemented is existing, also needs to be running
<malware> I think we usually talk about implementations of a particular spec, right?
<malware> Is same thing meant by "deployment" as it's been discussed here?
<tlr> malware, basically, yes.
<Paul> I think it depends. If "implemented" with intent to deploy then it is relevant. If it is implemented but not intended for deployment the it should not be considered.
<malware> OK
<tlr> the point was that there should be some reality check
MEZ: Action-19 looks future looking
<Paul> Argh, my phone just decided to reboot. It will take me a few minutes to rejoin the call.
<malware> has there been any discussion about not moving to REC without implementations?
TLR: It exposes an important property of
non-browser, but possible web based that has security context
... The commonality is use of web-ish tech
... Have a look at the widget spec to determine whether in scope or out of
scope
<tlr> ACTION: tlr to review widget spec [recorded in http://www.w3.org/2006/12/05-wsc-minutes.html#action02]
<trackbot> Sorry, couldn't find user - tlr
<tlr> ACTION: thomas to review widget spec [recorded in http://www.w3.org/2006/12/05-wsc-minutes.html#action03]
<trackbot> Created ACTION-37 - Review widget spec [on Thomas Roessler - due 2006-12-12].
rfranco: Joining discussion as a guest.
rfranco: Use case involving futuristic hardware is out of scope?
TLR: Are we talking about trusted computing base?
rfranco: I don't think of it as heavily
deployed
... It's not the mainstream case today
MEZ: Agreed
rfranco: It's on the bubble. I am happy deferring it to a later working group
PHB: Need to consider trustworthy computing as a solution to a problem we're not going to solve
TLR: The non-goal would be ensuring a trusted computing base
<tlr> ACTION: zurko to include trusted computing base with scope and/or goals/non-goals [recorded in http://www.w3.org/2006/12/05-wsc-minutes.html#action04]
<trackbot> Created ACTION-38 - Include trusted computing base with scope and/or goals/non-goals [on Mary Ellen Zurko - due 2006-12-12].
<PHB> PHB: We should be able to consider the existence of Trustworthy computing for the purposes of deciding not to solve a problem that others are attempting to solve/deploy with a high probability of success. That is we should not decide that the whole problem is impossible because a keystroke logger could be dropped onto a machine.
MEZ: Will put scope out by next friday
<PHB> PHB: Trusted computing exists, we all trust the computer to an enormous degree.The question is if they will be trustworthy
MEZ: Want to do the goals next
<Paul> BTW, action-38 should have some current estimates of timeline for deployment. How long will it be before trusted computing platforms can be assumed to be present in the home/retial market?
MEZ: Remember to register for the face2face in January
<stephenF> bye all
MEZ: Attacks on trusted computing are out of scope regardless
MEZ: Next meeting is December 12th
<Paul> thanks , bye