- From: Thomas Roessler <tlr@w3.org>
- Date: Mon, 18 Jun 2007 00:02:38 +0200
- To: WSC WG <public-wsc-wg@w3.org>
The minutes from our telephone conference on 6 June were approved
and are available online:
http://www.w3.org/2007/06/06-wsc-minutes
Regards,
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
WSC WG weekly
6 Jun 2007
[2]Agenda
See also: [3]IRC log
Attendees
Present
Praveen Alavilli,
Rachna Dhamija,
Mike Beltzner,
Jan Vidar Krey,
Audian,
Yngve Pettersen,
Johnathan Nightingale,
Stephen Farrell,
Hal Lockhart,
Chuck Wade,
Bill Doyle,
Maritza Johnson ,
Thomas Roessler,
Phillip Hallam-Baker
Mary Ellen Zurko,
Tim Hahn,
Regrets
-
Chair
Mary Ellen Zurko
Scribe
Praveen
Contents
* [4]Topics
1. [5]approving last meeting's minutes
2. [6]Newly Completed Action Items
3. [7]Agenda Bashing
4. [8]Trusted Browser Component
5. [9]Threat trees
6. [10]Next Meeting - Wednesday, June 13th
* [11]Summary of Action Items
__________________________________________________________________
approving last meeting's minutes
[12]http://www.w3.org/2007/05/23-wsc-minutes
MEZ: from last conf call not f2f
... minutes are approved
Newly Completed Action Items
MEZ: done some cleanup on the action items
... no issues ...
... some closed due to inactivity
... no issues with closed actions
Agenda Bashing
[13]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0027.html
MEZ:today we will be finishing up the lightning discussions and discuss
about action-177 that thomas would lead ...
<Mez>
[14]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0017.html
MEZ: we will add threat tree discussions to agenda
<Mez> [15]http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent
MEZ: Trusted Browser Component will be discussed in the lightning
discussions today
Trusted Browser Component
rachna: describing an interface to an mutual authentication protocol
...
... proposal requires users to login to a trusted component in the
browser ...
[INS: ... goal is to make sure credentials are not transferred outside
of the ...
... browser and to capture user intent to login to a site, even when
they ...
... don't know they are at the wrong site ... :INS]
rachna: assumptions are being discussed
... discussing expected user behaviour
for
reference:[16]http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent
comparing with Verisign's Seatbelt
rachna:[INS: Verisign seatbelt is an add-on that has a spoofable
red/green ...
... indicator to indicate whether user is at the correct openID site.
This ...
... proposal is similar only in that it allows user to know whether
they are ...
... at a site they have been to and approved before ... :INS]
johnath: how it would it related to PII
rachna:[INS: There are some abstract ideas that may overlap...
... in particular both proposals try to inform the user that they are
...
... at the same site they have been to and trusted in the past, but ...
... using different interaction techniques. :INS]
<Mez> I think our proposals/recommendations will/should be mergingmore
as we go forward
<Mez> I want to start categorizing, moving pieces around, etc.
<Mez> some are about displaying information, some about input, some
about making displays non guessable
rachna: requesting feedback from the group
chuck: this kind of proposal is very constructive. Issue is whether it
should be at browser level or at the OS level...
... to make it a broader way to work across applications
... comparing with CardSpace - wondering if we view this as 2 separate
proposal - one at OS level and one at browser level...
rachna: OS/Platform are out of scope currently so need to see how we
can address this
tlr: there are kernel-level http daemons, but that doesn't make http a
system-level spec, OS does enable certain features in browsers, but
this is definetely not a charter to deal with OS level
stephenf: proposal is quite resonable and could be done in a way that's
generically useful
johnath: replying to chuck's question about in scope or not
<tlr> +1 to johnath
johnath: cardspace is impl at system level and that's great but it's
probably not good to spend time on it but concentrate at browser level
hal: seems like there are bunch of proposals, good idea but isn't it at
the same level of a new protocol out of scope like a OS
<Chuck> I was more concerned with the implied constraint that this is a
recommendation for browsers only. If we can abstract this as guidance
that could be implemented at any level, then I believe we will be
offering more useful recommendations.
hal: the proposal needs a new shared secret that servers don't do
today...
<stephenF> Doesn't tlr supportt session re-init?
<PHB2> The real issue in my view is not where it is implemented but
whether it is designed in such a way as to be easily digestible at the
platform level. It is entirely possible to implement CardSpace without
using the secure desktop, the CardSpace design on XP is not as
integrated as Vista, on linux it might not be integrated at all
hal: so it requires new changes
<tlr> chuck, I think we're aiming for that abstraction level
phb: can it be something simple enough that can later be extended to OS
level. designing something that's small enough and bound enough - the
advantage with web is that it satisfies this requirement - same as JS
... looking at cardspace to extend it to payment system
tlr: question- do not understand what trust it's adding, logging into a
browser is not necessarily be a good thing as we might not want the
password to be shared with a client.
<PHB2> ANother parallel here would be the SiteSeal that VeriSign uses
to represent a secure site - most other CAs have a similar program. The
SiteSeal is content and thus inevitably spoofable. But we have been
proposing browser extensions to support site seal in the chrome for
over a decade now - that is where logotype came from originally.
tlr: probably better to define best practices for presentations so
browsers can pick up and implement those
<Mez>
[17]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0017.html
<scribe> ACTION: rachna to expand on the proposal and incorporate
today's discussions [recorded in
[18]http://www.w3.org/2007/06/06-wsc-minutes.html#action01]
<trackbot> Created ACTION-257 - Expand on the proposal and incorporate
today\'s discussions [on Rachna Dhamija - due 2007-06-13].
<rachna>
[19]Threat trees
MEZ: need to figure out where to go next with Threat trees
rachna: walk through the list and find out what's useful
... requesting thomas's view on usecases and how these apply to them
<rachna> thoma: threat trees should be there own document and not be in
the critical path of getting the note done.
tlr: suggestion to keep it separate as a companion document but donot
put threat trees into the critical path for use cases. They are more
useful technically but probably should not be in the critical path
<stephenF> tend to agree with TLR
<Chuck> I will put in a vote that the threat trees are useful. I also
believe that the refinements to the threat tree Wiki page have made
this much more useful. We need this to justify why we are making any
recommendations to improve Web Security Context.
johnath: threat trees aren't something that's guiding people might be a
wrong statement. threat trees does help as an excercise to understand
real world example/threats and help in trying to mitigate threats that
bad people can insert.
rachna: agrees with jonath
<Zakim> Thomas, you wanted to ask what this mean in terms of the note
tlr: threat trees are useful excercise but what is the right time for
them ?
<johnath> urr - only spelled properly
tlr: still feels they would mostly be useful as a companion note as
part of the recommentations
<Zakim> johnath, you wanted to rpely to thomas
johnath: fair point. it's about justifying recommendation. seems like
available security information and usecases might influence the docs.
<Chuck> Well said!
bill-d: threat trees also help to find out what's missing
<johnath> thomas - agree
<johnath> (I won't q+ to say so, but agree)
<Mez> I'm beginning to hear that a concrete proposal about exactly what
to put into the note on threat trees might fly
<Audian> i agree
tlr: if we can convert the threat trees into something presentable that
might be useful
<Mez> could be the threat trees, or just a pointer to the wiki, or some
simplified version
<Zakim> stephenF, you wanted to say that we'll always miss threats ;
later is better
<bill-d> Bill-d Threat tree will help define items in scope and
recomendations for items out of scope
stephenF: don't think it's useful yet but might be later
mez: asking for volunteers to take the proposal and expand on it
<Mez> yes, the list is easier to read and understand
<Mez> it has a more natural language, less formal structure
johnath: threat tree is relatively complicated looking text. whether it
makes sense to include without recommendations.
<tlr>
[20]http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/Reco
Templ
johnath: if we put them in the recommendations text, how are we going
to wrap it in the text.
... if we think it's valuable info and incl in the draft of the
recommentation instead of note, what it should look like in the draft.
tlr: we can do additional notes to publish new material that is useful.
would rather see threat trees as one of those notes
<stephenF> if threattrees is its own note, there will be an issue later
about whether the references to that from the rec, are normative or
informative
<stephenF> +1 on that: if pointers to vuln DB appear in template,
that's good
<johnath> Mez: that's a whole other call, and I'm telling my HR contact
about you. :)
tlr: happy to define a template that links to the draft if that's
useful
<stephenF> [21]http://cve.mitre.org/ is the DB I'd use btw
MEZ: formality of threat tree is still confusing...
MEZ: how to link to the recommendations we are woring on
johnath: some in the list are not in the threat tree yet. May be
helpful to explain them more so we can link to them from the
recommendations saying which attack/threat it;s addressing
<tlr> "References to ThreatTrees or vulnerability databases will be
useful, but not required."
johnath: would that presentation be more appropriate to include
<johnath> fine by me
<johnath> rachna?
<rachna> fine by me.
<stephenF> +1 to tlr (whatever he said:-)
thomas I would need your help to write that out :-)
<stephenF> +1 to whoever just said whatever he said
<tlr> accurate
<tlr> thomas: Put the sentence I said on IRC above in there, it's not
critical path for FPWD, but we'll do it later. Meanwhile, refine stuff
in Wiki.
<Chuck> It's nice to have an interpreter :-)
every one agrees that threat trees are useful for people reading
recommendations
<scribe> ACTION: Rachna to create template out of Threat Trees (with
sample threats) [recorded in
[22]http://www.w3.org/2007/06/06-wsc-minutes.html#action02]
<trackbot> Created ACTION-258 - Create template out of Threat Trees
(with sample threats) [on Rachna Dhamija - due 2007-06-13].
<tjh> sorry - have to leave for another meeting. Cheers
chuck: trying to clarify traditional defintion of threat. what;s really
imp and inscope of this group is what's the vulnerability to user, what
protocol to use, etc. probably we shoudl work in terms of mapping
threats to vulnerabilities. more interested in seeing vulnerability
aspect of threats.
<PHB2> attacks are useful as a means of working out vulnerabilities
<PHB2> A vulnerability is a higher level of abstraction
bill-d: wanted chuck to explain more on what he meant by vulnerability?
<stephenF> A vulnerability exists without an attacker
chuck: webpage can have a form entry for XSS, pad lock in browser not
working, weaknesses in the user-agent that help in exploiting attacks
bill-d: how to present information available so the user can make
better decisions based on the information we have.
<PHB2> StephenF, I would call a situation in which an attacker employed
an attack as an incident.
tlr: is there something concrete in terms of possible changing threats
?
<stephenF> A vulnerability can also be important if its triggered as a
side-effect of something else
chuck: tie the recommendation to vulnerabilities in the system.
vulnerability can be significant only if there is a threat to exploit
it. so if we can come up with the threat tree for which we will develop
recommentations.
... vision I have is to come up with recommendations for vulnerability
and vulnerability is not interesting unless it has a credible threat
against it
rachna: no body is taking actions to take the threat tree and tie them
up with vulnerabilities
<Chuck> Again, this is not an AI, but a process that we follow in
getting to credible recommenations.
<tlr> the template update is done, indeed
<Chuck> Glad to play a support role.
tlr: wants to close old and undone actions
mez: will take care of them - aked thomas to send email with them
Next Meeting - Wednesday, June 13th
<tlr> ACTION-173 to be closed; moot
mez: close some recommedations and prepare for some demos
<Zakim> Thomas, you wanted to check in briefly on state of some edits
tlr: new template in the wiki, people might want to revisit to make
edits
tlr: to close action 258 and open a new one with more information
<tlr> ACTION: rachna to work with Stephen, Chuck to revisit threat
trees; work out process to join them to substantial work [recorded in
[23]http://www.w3.org/2007/06/06-wsc-minutes.html#action03]
<trackbot> Created ACTION-259 - Work with Stephen, Chuck to revisit
threat trees; work out process to join them to substantial work [on
Rachna Dhamija - due 2007-06-13].
<tlr> rachna, hope that's the right action item
<tlr> if not, please fix it
Summary of Action Items
[NEW] ACTION: Rachna to create template out of Threat Trees (with
sample threats) [recorded in
[24]http://www.w3.org/2007/06/06-wsc-minutes.html#action02]
[NEW] ACTION: rachna to expand on the proposal and incorporate today's
discussions [recorded in
[25]http://www.w3.org/2007/06/06-wsc-minutes.html#action01]
[NEW] ACTION: rachna to work with Stephen, Chuck to revisit threat
trees; work out process to join them to substantial work [recorded in
[26]http://www.w3.org/2007/06/06-wsc-minutes.html#action03]
[End of minutes]
__________________________________________________________________
Minutes formatted by David Booth's [27]scribe.perl version 1.128
([28]CVS log)
$Date: 2007/06/17 21:57:22 $
__________________________________________________________________
References
1. http://www.w3.org/
2. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0027.html
3. http://www.w3.org/2007/06/06-wsc-irc
4. http://www.w3.org/2007/06/06-wsc-minutes.html#agenda
5. http://www.w3.org/2007/06/06-wsc-minutes.html#item01
6. http://www.w3.org/2007/06/06-wsc-minutes.html#item02
7. http://www.w3.org/2007/06/06-wsc-minutes.html#item03
8. http://www.w3.org/2007/06/06-wsc-minutes.html#item04
9. http://www.w3.org/2007/06/06-wsc-minutes.html#item05
10. http://www.w3.org/2007/06/06-wsc-minutes.html#item06
11. http://www.w3.org/2007/06/06-wsc-minutes.html#ActionSummary
12. http://www.w3.org/2007/05/23-wsc-minutes
13. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0027.html
14. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0017.html
15. http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent
16. http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent
17. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0017.html
18. http://www.w3.org/2007/06/06-wsc-minutes.html#action01
19. http://www.w3.org/2006/WSC/wiki/ThreatTrees
20. http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/RecoTempl
21. http://cve.mitre.org/
22. http://www.w3.org/2007/06/06-wsc-minutes.html#action02
23. http://www.w3.org/2007/06/06-wsc-minutes.html#action03
24. http://www.w3.org/2007/06/06-wsc-minutes.html#action02
25. http://www.w3.org/2007/06/06-wsc-minutes.html#action01
26. http://www.w3.org/2007/06/06-wsc-minutes.html#action03
27. http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/scribe/scribedoc.htm
28. http://dev.w3.org/cvsweb/2002/scribe/
Received on Sunday, 17 June 2007 22:11:54 UTC