- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Wed, 6 Feb 2008 16:19:27 -0500
- To: public-appformats@w3.org
All - The minutes from the WAF WG's February 6 VoiceConf on Access
Control are available at the following and copied below:
<http://www.w3.org/2008/02/06-waf-minutes.html>
WG Members - if you have any comments, corrections, etc., please send
them to the public-appformats mail list before February 13; otherwise
the minutes will be considered approved.
Regards, Art Barstow
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
Web Application Formats Working Group Teleconference
06 Feb 2008
[2]Agenda
[2] http://lists.w3.org/Archives/Public/public-appformats/
2008Feb/0027.html
See also: [3]IRC log
[3] http://www.w3.org/2008/02/06-waf-irc
Attendees
Present
Art, Anne, Mike, Jonas, David, Thomas
Regrets
Chair
Art
Scribe
Art
Contents
* [4]Topics
1. [5]Review Agenda
2. [6]Proposal for a way to avoid round-trip ...
3. [7]Issue #21
4. [8]Issue #20
5. [9]Issue #22 ac4csr-webarch
6. [10]AOB
* [11]Summary of Action Items
_________________________________________________________
<trackbot-ng> Date: 06 February 2008
<anne> Zakim. who is om the phone?
<anne> Zakim. who is on the phone?
<anne> ArtB, k
<scribe> Scribe: Art
<scribe> ScribeNick: ArtB
Review Agenda
AB: we will skip #2 and #3 since there were no comments on those
agenda items
Proposal for a way to avoid round-trip ...
AB: Anne, what's the status?
AvK: pending some comments
... integrated in the ED now
AB: who are you waiting for comments from?
AvK: everyone i.e. no one in particular
... Jonas had some comments
JS: not much we can do to tweak this
... not sure we can do what Mark wants
... I think the current spec is as secure as it can be made
AvK: Google says its important as well as the REST guys
AB: does this proposal address the issues the REST guys made
AvK: yes, I think so
JS: but they haven't responded as such
DO: I found it hard to follow; not sure how it all works together
... may be waiting for it to be integrated in the spec
AvK: I've also added examples to the spec
... I think I've addressed their concerns
... If 10 posts, need to do 12 requests total and that's not too bad
JS: would still like to get some more feedback from them
AvK: I agree explicit consent would be better
JS: there a couple of minor details I still want to change but they
aren't behavioral
... e.g. some stuff with the slashes
AvK: must start with a slash but doesn't have to end with one
JS: if I have the foo dir is /foo or /foo/?
... not clear where to put the policy
... it would be good to get some more feedback on the URI syntax
AvK: agree but that would be relatively easy to change
AB: agree we need more review and "explicit consent"; how do we get
that?
DO: typically would publish a new WD
AvK: could you send an email to Mark, Tyler, and others?
DO: Stuart and I also raised related concerns
<MikeSmith> Tyler is Tyler Close
AvK: would like to get quick feedback
DO: the reqs seem to be settling but this is a big change thus a new
WD seems like the right way to go
AvK: I suppose a new WD would be OK but prefer a LC
... we could publish a WD and then in a few weeks go to LC
DO: I think the changes are too substantial to go directly to LC
AvK: there is a precedence to publish a FPWD and LC at the same time
AB: any objections to an immediate new WD?
AvK: don't want it to delay LC
AB: Mike, what is the Team's position?
... on WD and LC?
MS: I think there have been too many objections to this work item to
publish this as an LC under the current charter and its extension
... this isn't a final decision by the Team but that's where we
stand now
AvK: are these objections from the Team or Members? Where is the
archive?
MS: some on the public archive; some based on internal discussions
AvK: I think we've addressed the issues raised
MS: there is a question about whether this spec is within the
group's charter
... The charter is a bit broad
... I think the group did this work in good faith
... If people didn't pay attention, that's not this group's fault
... I don't think anyone tried to "sneak in this work"
<dorchard> I'm not sure what this means for the group publishing
another Working Draft though...
TR: I don't have much to add to what Mike said
... There should not be a LC going out under the current charter
MS: that is true i.e. that's the Team's consensus
AvK: the Selectors spec in the Web API WG was able to go to LC
... despite going out of charter
TR: I don't know the specifics of that case
JS: one reason this group started this work is because this
mechanism is needed by XBL2
AB: I agree and have argued that point
... Seems like the problem is that we are now in this "limbo" state
<anne> [12]http://www.w3.org/TR/selectors-api/ is the precedent I
was talking about
[12] http://www.w3.org/TR/selectors-api/
MS: not clear how long it will take for the new charter to get
approved
... we have a combination of the "limbo" state but also not clear
where this is going to end up in the next charters
DO: we should be able to publish a new WD, right?
... or is that not allowed?
AB: yes, what is the answer Mike?
MS: I can't make a decision now
AvK: when will you know?
TR: based on my recollection - there will be no LC pub; I do not
recall a decsion on the WD question
... If the WG wants to publish a "normal" WD then the Team can
discuss this
AvK: we want not just a new WD but also a LC
DO: I think we should publish a WD and not a LC regardless of
precedence
AvK: again, I'm OK with a WD now but then want a LC two weeks later
AB: perhaps we can consensus to publish a WD now and then ask the
Team to consider us publishing a LC during the extension period
AvK: I think there is indeed a precedence for us to publish a LC
during the extension period
AB: I propose we publish a new WD ASAP
... any objections?
[none heard]
AB: any changes you want to make Anne?
AvK: just a few changes
DO: and I have a couple of quick changes I'd like to get in
MS: once we are ready, we should be able to get it published quickly
RESOLUTION: publish a new WD as soon as Anne is ready
DO: let's set a deadline for comments
AB: OK
AvK: let's set the target for next Tuesday
<scribe> ACTION: Mike determine the Team's position on us publishing
a LC version during this extension period [recorded in
[13]http://www.w3.org/2008/02/06-waf-minutes.html#action01]
<trackbot-ng> Sorry, amibiguous username (more than one match) -
Mike
<trackbot-ng> Try using a different identifier, such as family name
or username (eg. mamend, mike)
<MikeSmith> ACTION: Michael(tm) to determine the Team's position on
us publishing a LC version during this extension perioad [recorded
in [14]http://www.w3.org/2008/02/06-waf-minutes.html#action02]
<trackbot-ng> Created ACTION-167 - Determine the Team's position on
us publishing a LC version during this extension perioad [on
Michael(tm) Smith - due 2008-02-13].
<tlr> I have no good sense when charter review will happen.
AB: Mike, when do you expect the charter to go out for formal AC
review?
MS: I will push this and hope to get it out next week
AB: ok, great
<tlr> MS: I will report back to the group when I have a clearer
idea; can't do that today, though
<MikeSmith> tlr - thanks
Issue #21
AB: are there any gaps or holes that need to be filled?
... the latest ED contains a lot of info to address this issue
JS: we used to have a description about what can currently be done
regarding XSS but it was removed
... would like to know why it was removed because it seems like that
info is relevant for the Security Model
AvK: I think we just changed the Intro; it's bit more abstract now
... we still mention the Same Origin Policy
AB: Jonas, can you identify the text you'd like to get added?
JS: yes, I can submit something
<scribe> ACTION: Jonas submit an input that will result in closing
Issue #21 [recorded in
[15]http://www.w3.org/2008/02/06-waf-minutes.html#action03]
<trackbot-ng> Created ACTION-168 - Submit an input that will result
in closing Issue #21 [on Jonas Sicking - due 2008-02-13].
<MikeSmith> action-155?
<trackbot-ng> ACTION-155 -- Jonas Sicking to send a request for
comments regarding the policy decision questions and issues -- due
2008-01-30 -- CLOSED
<trackbot-ng> [16]http://www.w3.org/2005/06/tracker/waf/actions/155
[16] http://www.w3.org/2005/06/tracker/waf/actions/155
<MikeSmith> issue-21?
<trackbot-ng> ISSUE-21 -- What is the Security Model for the
access-control spec? -- RAISED
<trackbot-ng> [17]http://www.w3.org/2005/06/tracker/waf/issues/21
[17] http://www.w3.org/2005/06/tracker/waf/issues/21
Issue #20
AB: have a detailed discussion on the mail list
... we've had inputs from Thomas, Tyler, Jonas and maybe others
... Jonas:
[18]http://lists.w3.org/Archives/Public/public-appformats/2008Feb/00
07.html
... just want to discuss how to get consensus and keep the technical
discussion on the mail list
[18] http://lists.w3.org/Archives/Public/public-appformats/
2008Feb/0007.html
JS: need to have some policy enforcement in the client
AvK: I want to close
DO: I'm still concerned about this issue
... we've been discussing this issue internally
... I'm not prepared to close it now
JS: but we need feedback on this issue
DO: I understand; it's been hard to get the right people in BEA
involved
... I've been talking to other people too; I'm active on it
JS: currently client PEP adds complexity
... wonder if we have added to many features
... but I'll post my comments on the mail list
[ some discussion missing ... ]
<anne> sicking:
Issue #22 ac4csr-webarch
<anne> sicking, so dropping method whitelisting?
<sicking> anne, yes
AB: what should we do with this?
<anne> seems fine to me... less text :)
DO: I thought the Hixie and Anne proposal addressed it
AvK: yes I agree
DO: I think we should resolve it as closed
<scribe> ACTION: Orchard close issue #22 [recorded in
[19]http://www.w3.org/2008/02/06-waf-minutes.html#action04]
<trackbot-ng> Created ACTION-169 - Close issue #22 [on David Orchard
- due 2008-02-13].
AOB
AB: do we want to have a call next week?
AvK: I'm fine either way
DO: hopefully we should have just published a WD and may not have
much to talk about
AB: I tend to agree
AvK: what about two week?
AB: sounds good and hopefull Mike will have an answer from tthe Team
regarding LC by then
JS: Mozilla is going to do a security review next Tuesday
... it is open to the public and anyone can dial in
... I will post details to the mail list
AB: listen mode only OK?
JS: absolutely
MS: yes, two weeks should be enough time
AB: no call next week; next call on Feb 20
... meeting adjourned
Summary of Action Items
[NEW] ACTION: Jonas submit an input that will result in closing
Issue #21 [recorded in
[20]http://www.w3.org/2008/02/06-waf-minutes.html#action03]
[NEW] ACTION: Michael(tm) to determine the Team's position on us
publishing a LC version during this extension perioad [recorded in
[21]http://www.w3.org/2008/02/06-waf-minutes.html#action02]
[NEW] ACTION: Mike determine the Team's position on us publishing a
LC version during this extension period [recorded in
[22]http://www.w3.org/2008/02/06-waf-minutes.html#action01]
[NEW] ACTION: Orchard close issue #22 [recorded in
[23]http://www.w3.org/2008/02/06-waf-minutes.html#action04]
[End of minutes]
Received on Wednesday, 6 February 2008 21:20:14 UTC