Web Security Context Working Group -- Face-to-face Meeting 2006-11-14/15

On this page: Infrastructure / Attendance / Minutes /Agenda 2006-11-14 / Agenda 2006-11-15

Infrastructure

Logistics; dial-in information

Attendance

Expected in person per registration results:

• Mary Ellen Zurko
• Phillip Hallam-Baker
• Tim Hahn
• Michael Smith
• Chris Nautiyal
• Sunil Agrawal
• Hal Lockhart
• Bill Doyle
• Tyler Close
• Thomas Roessler
• Maritza Johnson

Attendance on the phone:

• George Staikos
• Brad Porter
• Mark Little
• Yakov Sverdlov
• Tony Nadalin
• Stephen Farrell
• Mike McCormick

Guests:

• Rob Franco (by phone)

Minutes

Minutes:

• 14 November 2006
• 15 November 2006

More notes that were taken during the meeting:

• Security Context Information Sources (by Tyler)
• Anti-spoofing techniques (by Sunil)
• Context Information sources and their presentation (by Thomas)

Agenda

See also: Original version from 26 October

Chair for both days: MEZ

Tuesday 14 November 2006

1. Breakfast (08:30)

2. Administrative details (9:00)

   Selection of scribes

3. Brief roll call/introductions (9:10)

4. Agenda bashing (9:30)

5. W3C WG process overview - Thomas (9:45)

   See also: slides

6. WG schedule review (10:15)

   Please note open questionnaires.

   • Schedule weekly call
   • Schedule second face-to-face meeting

7. Break (10:45)

8. Charter review (11:15)

   • Background
   • Schedule
   • Dependencies & Liaisons

9. Lunch (12:15)

10. Discussion of first chartered deliverable (13:15)

    A Working Group Note that documents the use cases and scenarios that th egroup elects to address, and the assumptions that it will make. The Working Group will use this document to establish the scope of its Recommendation-track deliverables.

    • Discussion of the shape of the document (what will be in it, beyond use cases and scenarios to be addressed and assumptions of the note.
    • Discussion/brainstorming on contents of the note
    • Timeline sanity check on the note

    Break at 15:15.

Recess: 17:30.

Wednesday, 15 November 2006

1. Breakfast (08:30)

2. Ageda bashing for day 2 (09:00)

3. Discussion of second chartered deliverable (9:15)

   A W3C Recommendation that specifies a minimal set of security context information to be made accessible to users, and best practices for the usable presentation of this information.

   • Discussion/brainstorming on security context information available or within scope
   • Discussion/brainstorming on how "best practices for usable presentation" will be determined

   Break at 10:30.

4. Lunch (12:00)

5. Discussion of third chartered deliverable (13:00)

   A W3C Recommendation that specifies techniques that render the presentation of security context information more robust against spoofing attacks. The Group expects to establish two levels of conformance to these techniques: required and recommended. One example of a possible required technique are limitations to scripting capabilities; one example of apossible recommended technique are interactive ceremonies that can help establish a trusted path from the web user agent to the user. An example of an authoring technique that could be proposed as mandatory-to-implement would be the use of TLS when soliciting user credentials.

   • Discussion/brainstorming of spoofing attacks
   • Discussion/brainstorming of techniques aimed at blunting, minimizing, andpreventing spoofing attacks

   Break at 14:30.

6. Recap of plans, progress, and next steps (16:00)

Recess: 16:30