- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 13 Dec 2006 12:37:37 +0100
- To: public-wsc-wg@w3.org
On 2006-12-05 17:00:42 +0100, Thomas Roessler wrote:
> The minutes from our last meeting were approved and posted publicly
> today; they're online here:
>
> http://www.w3.org/2006/11/21-wsc-minutes.html
>
> Thanks to Sunil for scribing.
I just realized that the lack of a plain-text version means that
tracker never learned how to link to the context of various action
items.
Here we go...
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
WSC WG weekly
21 Nov 2006
[2]Agenda
See also: [3]IRC log
Attendees
Present
Mary Ellen Zurko
Bill Doyle
Kevin
Anthony Nadalin
Thomas Roessler
Paul
Hal Lockhart
Yakov Sverdlov
Stephen Farrell
George Staikos
Michael Smith
Phillip Hallam-Baker
Tyler Close
Regrets
Chair
Mary Ellen Zurko
Scribe
Sunil
Contents
* [4]Topics
1. [5]Pick a scribe http://www.w3.org/2006/WSC/scribes
2. [6]Approve minutes from f2f
3. [7]Update from Tyler re note
4. [8]Discussion of Goals and Non-Goals
5. [9]Next meeting (28th is during AC meeting)
6. [10]Action item review
* [11]Summary of Action Items
_________________________________________________________________
Pick a scribe [12]http://www.w3.org/2006/WSC/scribes
Sunil to scribe
Approve minutes from f2f
assuming there are no problems, we'll approve the mintues
<tlr> Last meeting's minutes: [13]http://www.w3.org/2006/11/14-wsc-minutes;
[14]http://www.w3.org/2006/11/15-wsc-minutes
ok, the minutes are not approved
<tlr> RESOLVED: minutes approved.
scribe: email doesn't get to MEZ as quickly as one would expect, as her org
runs pre-beta servers, so there's a possibility of glitch...
... try to contact MEZ through some other media or go through Thomas...
Update from Tyler re note
<Mez> [15]http://www.w3.org/2006/WSC/drafts/note/
<stephenF> took a peek earlier - it looks good
scribe: the above link contains the notes Tyler had put up so far...
The notes has the skeletal version, and he has put in some use cases. He'll
continue to extract more content from the email and put them in the notes...
He'll send out an update when he has done that
MEZ says that we should get the content on Wiki so that's easy on Tyler...
Thomas will send out instructions either end of today or by tomorrow on how
to use Wiki
The Wiki will NOT use the same username/password as their W3C
username/password
Discussion of Goals and Non-Goals
MEZ says we should work on the Goals/Non-goals agenda item
<stephenF> got a ptr to that email?
MEZ has started the list in one of the email responses to Mike...
<Mez>
[16]http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0041.html
The charter, 2 days of f2f has provided enough context to discuss what is
within scope and what is out
MEZ claims that the existing list seems quite uncontentious
MEZ is reading out the contents of the email...
<Zakim> malware, you wanted to ask about high-level problem description
Mike says the goal is to help the user protect themselves becoming victims
of the phishing attacks, or correctly identity the biz they are sharing
information with
MEZ says we should be able to get couple of use cases, before deciding
either way
Mike says that with such work, we have to explain to the outside world what
we are doing, what's the value of the work to the 'unsophisticated user'. He
agrees, that it's little early to take a stance yet...
<Zakim> Thomas, you wanted to note it's probably ok to talk about overall
goal for ourselves, and then see how far the use cases get us
Hal: has a different perspective, says phishing is an example of what we are
solving.
Phishing maybe a short term problem, but we should focus solving problem in
general.
Mez says tactically speaking, the problem we are solving is phishing, but
strategically we are tyring to get across to layman on the browser who they
are talking to.
<malware> so for the record, what I wanted to say was that I think it might
benefit to consider formulating a high-level description that explains in
simple terms to an unsophisticated users what problems we are trying to
solve with this work.
Stephen: If there's a unsophisticated user whose user agent supports both
HTTP and FTP, then how do we get it across to the user
MEZ says that what we are trying to put in the security context that is
general in nature, irrespective of http/ftp
scribe: but when we get into specifics, we would like to leave out some set
of protoocols in the universer...
Stephen says that if we fix all the holes in HTTP, the hackers will move to
FTP.
MEZ agrees there will be holes
Stephen thinks that it might not be correct to leave out FTP as user are
using general purpose User Agent
<staikos> without wasting air time, SOAP == HTTP
MEZ is looking for a place to start with
<tjh> can we formulate a use case for non-HTTP?
Mez tells Stephen to come up with a use case scenario that includes FTP
<scribe> ACTION: Stephen to come up with a use case for FTP's usage
[recorded in [17]http://www.w3.org/2006/11/21-wsc-minutes.html#action01]
<trackbot> Created ACTION-32 - Come up with a use case for FTP\'s usage [on
Stephen Farrell - due 2006-11-28].
<stephenF> http as biggest deal is just fine by me
scribe: MEZ says seems nobody has problems with keeping HTTP front and
center...
PHB says we secure HTTP and call FTP legacy. He's happy keeping protocols
like IRC, SMTP out of scope too at this point
<tlr> data: URIs?
George agrees with PHB, that FTP should be out of scope. But thinks the
'data' protocol is quite interesting
MEZ says that generally people seem to be ok with what's in scope, but folks
seem to have problem with what's out of scope
scribe: we should start populating the goals/non goals section of note
Hal says that if we are putting the goals and non-goals in the document, we
should be very precise.
scribe: Goals and scope are a little different...
... the point is we are talking about is goals, but actually they are the
things within scope or out of scope...
<staikos> yes
scribe: the document has a section for goals/non-goals...
MEZ says Goals/Non-goals is right for the document and not sure we need
scope/out of scope
<malware> where F00 is (in this case), base64-encoded GIF data
<malware> oh
Hal can you please type your example of goals/non-goals scope/out-of-scope
<malware> then:
<malware> just thinking and suggests that perhaps at a high level, we may be
saying that we are trying to help users correctly evaluate the identity of
an online business in order to decide if that business is worthy of trust
(that is, decide if they want to exchange personal information with that
online business)
<Paul> HTTP is a protocol on the wire, but a lot of the attacks that we talk
about are display issues. For example, manipulation of the chrome, or
obscured URLs. So should HTML be in the scope?
<malware> the 'data' protocol that staikos mentions is e.g., '<img
src="data:image/gif;base64,F00"/>
<staikos> tlr: should fix that logging :)
MEZ says there are two aspects that are within scope. i) security context,
definitely protocols are within context, ii) protecting from chrom
manipulation, hence DHTML is within scope
<Paul> So we want to nail the use cases before we write to specific a scope
statement.
<Mez> I think it's iterative; some people like the abstract scope then the
concrete use cases, some the other way around
tyler says, we should have a scope/out-of-scope section, as it will help the
patent attorneys
PHB: and non-goals need to be described at a much higher level abstraction
then what Hal did
<Paul> I agree with PHB.
PHB, I am missing the subtlety, can you please type in what you just said
<Paul> I think the scope should be driven more by use cases than jumping to
a protocol discussion.
<malware> I believe I agree with PHB's distinction about statement of
"goals" being at a higher level of abstraction than "scope"
MEZ says we should someone drafting the goals/non-goals (more abstract) and
have someone draft the use cases (the more concrete)
<stephenF> MEZ's plan sounds good, but makes me wonder when we get to
closure on those
<Mez> in 2 minutes...
<tlr> ACTION: hallam-baker to draft goals / non-goals section [recorded in
[18]http://www.w3.org/2006/11/21-wsc-minutes.html#action02]
<trackbot> Created ACTION-33 - Draft goals / non-goals section [on Phillip
Hallam-Baker - due 2006-11-28].
<scribe> ACTION: PHB draft the Goals/Non-Goals [recorded in
[19]http://www.w3.org/2006/11/21-wsc-minutes.html#action03]
<tlr> ACTION: zurko to draft scope/out-of-scope [recorded in
[20]http://www.w3.org/2006/11/21-wsc-minutes.html#action04]
<trackbot> Created ACTION-34 - Draft scope/out-of-scope [on Mary Ellen Zurko
- due 2006-11-28].
mez is trying to verify if there's any section of the note as drafted by
tyler, that is under explored or sections are missing completely
scribe: the action items that are most imp are scope/non-scope, use cases
and foundation principles
... she doubts that we have good use case coverage...
Next meeting (28th is during AC meeting)
mez asks thomas, should we have a meeting next week?
thomas says that traditionally we don't have meeting during AC meeting,
suggest we skip next meeting and have the next one on Dec 5th
<staikos> I have a full-day meeting Dec 5
post Dec 1 will be good, as lots of actions are due by then
<malware> I'll be in Boston on Dec. 5 for XML 2006
Mike is fine with Dec 5
RESOLUTION: The next phone meeting will be on Dec 5th, same time (10am EST).
Hal asks how action items get closed
Thomas says that his pref is that action items not get closed promptly. As
we go forward, during meetings we actually decide that an action has been
resolved, and we close them then
thomas is trying to bring up list of action items and see if we can close
them...
<malware> I checked XML 2006 schedule. 10am sessions on Dec. 5 are about
XQuery and w3C XML Schema, both of which I am glad to miss :)
Action item review
Action 1 is closed
<tlr> [21]http://www.w3.org/2006/WSC/track/actions/3
make action 3 out of scope (as it's related to sandboxing).
<malware> About the XPath/XQuery question, I think Staikos' point on the
list (about it essentially being no different from Javascript) was right.
<stephenF> yes, to what thomas said
<tlr> ACTION: thomas to open issue for xpath/xquery in/out-of scope
[recorded in [22]http://www.w3.org/2006/11/21-wsc-minutes.html#action05]
<trackbot> Created ACTION-35 - Open issue for xpath/xquery in/out-of scope
[on Thomas Roessler - due 2006-11-28].
action 10, mike, rejected the action.
hal suggests we close action 12, enumerating the context.
thomas asks do we have agreement that action 12 has been discussed
sufficiently?
<tjh> shouldn't then the action close once the info is in the wiki?
<tlr> ACTION-12 to be closed; done at the meeting; see
[23]http://www.w3.org/2006/WSC/security-context-info-sources
<Mez> Tim, only if Hal really deserved to own it.
action 14 is duplicate is something else
action 28, minute cleanup, action 31, produce a skeletal doc, done.
scribe: the only one that needs more attention is action 35...
Summary of Action Items
[NEW] ACTION: hallam-baker to draft goals / non-goals section [recorded in
[24]http://www.w3.org/2006/11/21-wsc-minutes.html#action02]
[NEW] ACTION: PHB draft the Goals/Non-Goals [recorded in
[25]http://www.w3.org/2006/11/21-wsc-minutes.html#action03]
[NEW] ACTION: Stephen to come up with a use case for FTP's usage [recorded
in [26]http://www.w3.org/2006/11/21-wsc-minutes.html#action01]
[NEW] ACTION: thomas to open issue for xpath/xquery in/out-of scope
[recorded in [27]http://www.w3.org/2006/11/21-wsc-minutes.html#action05]
[NEW] ACTION: zurko to draft scope/out-of-scope [recorded in
[28]http://www.w3.org/2006/11/21-wsc-minutes.html#action04]
[End of minutes]
_________________________________________________________________
Minutes formatted by David Booth's [29]scribe.perl version 1.127 ([30]CVS
log)
$Date: 2006/12/05 16:00:11 $
References
1. http://www.w3.org/
2. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0042.html
3. http://www.w3.org/2006/11/21-wsc-irc
4. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#agenda
5. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item01
6. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item02
7. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item03
8. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item04
9. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item05
10. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item06
11. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#ActionSummary
12. http://www.w3.org/2006/WSC/scribes
13. http://www.w3.org/2006/11/14-wsc-minutes;
14. http://www.w3.org/2006/11/15-wsc-minutes
15. http://www.w3.org/2006/WSC/drafts/note/
16. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0041.html
17. http://www.w3.org/2006/11/21-wsc-minutes.html#action01
18. http://www.w3.org/2006/11/21-wsc-minutes.html#action02
19. http://www.w3.org/2006/11/21-wsc-minutes.html#action03
20. http://www.w3.org/2006/11/21-wsc-minutes.html#action04
21. http://www.w3.org/2006/WSC/track/actions/3
22. http://www.w3.org/2006/11/21-wsc-minutes.html#action05
23. http://www.w3.org/2006/WSC/security-context-info-sources
24. http://www.w3.org/2006/11/21-wsc-minutes.html#action02
25. http://www.w3.org/2006/11/21-wsc-minutes.html#action03
26. http://www.w3.org/2006/11/21-wsc-minutes.html#action01
27. http://www.w3.org/2006/11/21-wsc-minutes.html#action05
28. http://www.w3.org/2006/11/21-wsc-minutes.html#action04
29. http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/scribe/scribedoc.htm
30. http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 13 December 2006 11:37:31 UTC