- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 13 Dec 2006 12:39:47 +0100
- To: public-wsc-wg@w3.org
The minutes from our meeting on 5 December have been approved; they
are available online here:
http://www.w3.org/2006/12/05-wsc-minutes
A text/plain rendering is included below the .signature.
Thanks to Tyler for scribing.
Regards,
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
WSC WG weekly
5 Dec 2006
[2]Agenda
See also: [3]IRC log
Attendees
Present
Thomas Roessler
Maritza Johnson
Stephen Farrell
Yakov Sverdlov
Tyler Close
Paul Hill
Phillip Hallam-Baker
Rishikesh A Pande
George Staikos (IRC only)
Michael Smith (IRC only)
Mark Little
Rob Franco (guest)
Chair
Mary-Ellen Zurko
Scribe
Tyler Close
Contents
* [4]Topics
1. [5]approve minutes
2. [6]Wiki -- how to use, etc
3. [7]Use Cases/Scenarios Action Items updates
4. [8]E-Mail lure scenario
5. [9]re-direction / federation use case
6. [10]ACTION-9 misuse / misappropriation of padlock
7. [11]ACTION-13, Elaborate on multiple certificates & domains for
session servers case
8. [12]ACTION-22, voice browsers
9. [13]ACTION-19, WS-Security
10. [14]next meeting; proposed: 12 December
* [15]Summary of Action Items
_________________________________________________________________
<tlr> "zakim, unmute me"
<stephenF> ta
<tlr> tyler: it just goes into normal text?
<tlr> ... and this continues ...
<tlr> Scribe: tyler
approve minutes
<tlr> [16]http://www.w3.org/2006/11/21-wsc-minutes
<tlr> RESOLVED: minutes approved
Wiki -- how to use, etc
<tlr> [17]http://www.w3.org/2006/WSC/wiki/
mez: Encourage everyone to submit action item text to wiki
... Solicits questions on wiki use
PHB: Can't find the draft note on the wiki
Tyler: says he will put the form of the note into the wiki
<tlr> ACTION: tyler to add note's structure to wiki [recorded in
[18]http://www.w3.org/2006/12/05-wsc-minutes.html#action01]
<trackbot> Created ACTION-36 - Add note\'s structure to wiki [on Tyler Close
- due 2006-12-12].
MEZ: Confirms that MoinMoin does versioning
Use Cases/Scenarios Action Items updates
MEZ: No more questions on wiki
... Documenting the scope and the goals are the top priorities
<tlr> The joys of multipart/alternative...
MEZ: Hope everyone hits their ACTION item goals for the next meetings
<tlr> [19]http://www.w3.org/2006/WSC/Group/track/actions/4
MEZ: What's our vanilla attack scenario
<tlr> [20]http://www.w3.org/2006/WSC/drafts/note/
E-Mail lure scenario
MEZ: Is ACTION-4 our vanilla attack?
<tlr> [21]http://www.w3.org/2006/WSC/drafts/note/#email-lure
PHB: Distinguish between use cases and abuse cases
... Some banks have given up sending email
MEZ: Is this a legal remedy?
PHB: No bank is still liable
MEZ: Concrete scenario followed by discussion is preferred format for use
cases
PHB: Helps make the use case succinct
MEZ: Should we close ACTION-4
... Moving on to next action item, ACTION-8
re-direction / federation use case
<tlr> [22]http://www.w3.org/2006/WSC/Group/track/actions/8
<tlr>
[23]http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402B2D656@repbex01.
amer.bea.com
MEZ: Hal not on call
TLR: Draft of text in email archive
MEZ: Hal's email incorrectly cited ACTION-11
... ACTION-8 needs to be more concrete
<Mez> [24]http://www.w3.org/2006/WSC/Group/track/actions/9
<tlr> [25]http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0056
ACTION-9 misuse / misappropriation of padlock
MEZ: ACTION-9 is more an enumeration of issues with the chrome, than a use
case
<tlr> carry over to next call
MEZ: ACTION-9 is thorough and excellent, but want a concrete scenario
<Mez> [26]http://www.w3.org/2006/WSC/Group/track/actions/13
ACTION-13, Elaborate on multiple certificates & domains for session servers
case
Do you want me to use a real use case, or a fictitious use case
TLR: Don't use a real use case, for trademark issues.
... Use example.com in specification examples
... For example, use [27]http://www.example.com/ as a URL
<tlr> example.{com,info,org} ...
<Mez> [28]http://www.w3.org/2006/WSC/Group/track/actions/22
ACTION-22, voice browsers
<tlr> [29]http://lists.w3.org/Archives/Public/public-wsc-wg/2006Dec/0003
MEZ: Want a concrete voice browser use case for the note
... Solicits any other participants for voice browser use case
<Mez> [30]http://www.w3.org/2006/WSC/Group/track/actions/19
MEZ: Want to get to the scope next
... Might not get to the use cases for a couple weeks
... Need the note for the next face2face
ACTION-19, WS-Security
<malware> sorry for being late
<tlr> [31]http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0105
MEZ: The desktop decoration use case used a good format, like ACTION-4
... Any issues with putting future looking features out of scope?
<tlr> Since the visual cues are not controlled by a browser, but rather the
application program which is painting the transparent window information on
the desktop, there is no browser chrome to define, protect, or for Alice to
rely upon.
<stephenF> when will our REC be done? Presumably "future" applies from then
on, or from now on?
tlr, could you summarize your point for the minutes?
<tlr> tlr: one key property seems to be the one mentioned above; sounds
similar to widgets spec work in WAF WG.
Yakov: WS-Security might provide a concrete use case. Need to work on one
Stephen: Is the future tomorrow, or the day after the Rec comes out?
... Vista is coming out while we're working. Might be some changes in usage.
TLR: Should abstract from any particular product
MEZ: Should look at any product that gets lots of usage
<Paul> If spec has been approved by a relevant standards body, isn't it in
scope, even if deployments might be several months in the future?
MEZ: Our goals will be shaped by things we can make use-cases for today
<Zakim> stephenF, you wanted to ask when "future" starts, if out of scope
Stephen: Tha's fine, but want to have flexibility as we move forward
??: What about stuff that is standardized, but not yet deployed
MEZ: Remember the days when standards standardized existing use
TLR: Just being a standard doesn't put in scope. We have to believe the
deployment story
<stephenF> offering a tricky case for scoping here: IEFT EAI (email i18n), i
dunno whether that should or should not be in scope
MEZ: We have to put a high bar on that. We need to believe it will be
deployed, not it might be deployed.
<stephenF> EAI stuff: fine for later
<Zakim> malware, you wanted to ask for clarification of difference between
"deployed" and "implemented"
<tlr> maware, we can't hear you
<tlr> malware
<malware> I'm not on the bridge
<malware> I just wanted to ask what exactly is meant by deployment
TLR: channelling malware, Is it deployed, or implemented?
MEZ: implemented is existing, also needs to be running
<malware> I think we usually talk about implementations of a particular
spec, right?
<malware> Is same thing meant by "deployment" as it's been discussed here?
<tlr> malware, basically, yes.
<Paul> I think it depends. If "implemented" with intent to deploy then it is
relevant. If it is implemented but not intended for deployment the it should
not be considered.
<malware> OK
<tlr> the point was that there should be some reality check
MEZ: Action-19 looks future looking
<Paul> Argh, my phone just decided to reboot. It will take me a few minutes
to rejoin the call.
<malware> has there been any discussion about not moving to REC without
implementations?
TLR: It exposes an important property of non-browser, but possible web based
that has security context
... The commonality is use of web-ish tech
... Have a look at the widget spec to determine whether in scope or out of
scope
<tlr> ACTION: tlr to review widget spec [recorded in
[32]http://www.w3.org/2006/12/05-wsc-minutes.html#action02]
<trackbot> Sorry, couldn't find user - tlr
<tlr> ACTION: thomas to review widget spec [recorded in
[33]http://www.w3.org/2006/12/05-wsc-minutes.html#action03]
<trackbot> Created ACTION-37 - Review widget spec [on Thomas Roessler - due
2006-12-12].
rfranco: Joining discussion as a guest.
rfranco: Use case involving futuristic hardware is out of scope?
TLR: Are we talking about trusted computing base?
rfranco: I don't think of it as heavily deployed
... It's not the mainstream case today
MEZ: Agreed
rfranco: It's on the bubble. I am happy deferring it to a later working
group
PHB: Need to consider trustworthy computing as a solution to a problem we're
not going to solve
TLR: The non-goal would be ensuring a trusted computing base
<tlr> ACTION: zurko to include trusted computing base with scope and/or
goals/non-goals [recorded in
[34]http://www.w3.org/2006/12/05-wsc-minutes.html#action04]
<trackbot> Created ACTION-38 - Include trusted computing base with scope
and/or goals/non-goals [on Mary Ellen Zurko - due 2006-12-12].
next meeting; proposed: 12 December
<PHB> PHB: We should be able to consider the existence of Trustworthy
computing for the purposes of deciding not to solve a problem that others
are attempting to solve/deploy with a high probability of success. That is
we should not decide that the whole problem is impossible because a
keystroke logger could be dropped onto a machine.
MEZ: Will put scope out by next friday
<PHB> PHB: Trusted computing exists, we all trust the computer to an
enormous degree.The question is if they will be trustworthy
MEZ: Want to do the goals next
<Paul> BTW, action-38 should have some current estimates of timeline for
deployment. How long will it be before trusted computing platforms can be
assumed to be present in the home/retial market?
MEZ: Remember to register for the face2face in January
<stephenF> bye all
MEZ: Attacks on trusted computing are out of scope regardless
MEZ: Next meeting is December 12th
<Paul> thanks , bye
Summary of Action Items
[NEW] ACTION: thomas to review widget spec [recorded in
[35]http://www.w3.org/2006/12/05-wsc-minutes.html#action03]
[NEW] ACTION: tlr to review widget spec [recorded in
[36]http://www.w3.org/2006/12/05-wsc-minutes.html#action02]
[NEW] ACTION: tyler to add note's structure to wiki [recorded in
[37]http://www.w3.org/2006/12/05-wsc-minutes.html#action01]
[NEW] ACTION: zurko to include trusted computing base with scope and/or
goals/non-goals [recorded in
[38]http://www.w3.org/2006/12/05-wsc-minutes.html#action04]
[End of minutes]
_________________________________________________________________
Minutes formatted by David Booth's [39]scribe.perl version 1.127 ([40]CVS
log)
$Date: 2006/12/12 19:14:30 $
References
1. http://www.w3.org/
2. http://www.w3.org/mid/OF81505EE7.FF8727F8-ON85257236.006D606B-85257237.004D28AA@LocalDomain
3. http://www.w3.org/2006/12/05-wsc-irc
4. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#agenda
5. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item01
6. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item02
7. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item03
8. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item04
9. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item05
10. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item06
11. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item07
12. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item08
13. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item09
14. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item10
15. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#ActionSummary
16. http://www.w3.org/2006/11/21-wsc-minutes
17. http://www.w3.org/2006/WSC/wiki/
18. http://www.w3.org/2006/12/05-wsc-minutes.html#action01
19. http://www.w3.org/2006/WSC/Group/track/actions/4
20. http://www.w3.org/2006/WSC/drafts/note/
21. http://www.w3.org/2006/WSC/drafts/note/#email-lure
22. http://www.w3.org/2006/WSC/Group/track/actions/8
23. http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402B2D656@repbex01.amer.bea.com
24. http://www.w3.org/2006/WSC/Group/track/actions/9
25. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0056
26. http://www.w3.org/2006/WSC/Group/track/actions/13
27. http://www.example.com/
28. http://www.w3.org/2006/WSC/Group/track/actions/22
29. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Dec/0003
30. http://www.w3.org/2006/WSC/Group/track/actions/19
31. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0105
32. http://www.w3.org/2006/12/05-wsc-minutes.html#action02
33. http://www.w3.org/2006/12/05-wsc-minutes.html#action03
34. http://www.w3.org/2006/12/05-wsc-minutes.html#action04
35. http://www.w3.org/2006/12/05-wsc-minutes.html#action03
36. http://www.w3.org/2006/12/05-wsc-minutes.html#action02
37. http://www.w3.org/2006/12/05-wsc-minutes.html#action01
38. http://www.w3.org/2006/12/05-wsc-minutes.html#action04
39. http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/scribe/scribedoc.htm
40. http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 13 December 2006 11:39:36 UTC