W3C home > Mailing lists > Public > public-wsc-wg@w3.org > December 2006

Minutes WSC WG weekly 2006-12-05

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 13 Dec 2006 12:39:47 +0100
To: public-wsc-wg@w3.org
Message-ID: <20061213113947.GB16995@raktajino.does-not-exist.org>

The minutes from our meeting on 5 December have been approved; they
are available online here:

  http://www.w3.org/2006/12/05-wsc-minutes

A text/plain rendering is included below the .signature.

Thanks to Tyler for scribing.

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>




   [1]W3C 

                                 WSC WG weekly
                                  5 Dec 2006

   [2]Agenda

   See also: [3]IRC log

Attendees

   Present
          Thomas Roessler
          Maritza Johnson
          Stephen Farrell
          Yakov Sverdlov
          Tyler Close
          Paul Hill
          Phillip Hallam-Baker
          Rishikesh A Pande
          George Staikos (IRC only)
          Michael Smith (IRC only)
          Mark Little
          Rob Franco (guest)

   Chair
          Mary-Ellen Zurko

   Scribe
          Tyler Close

Contents

     * [4]Topics
         1. [5]approve minutes
         2. [6]Wiki -- how to use, etc
         3. [7]Use Cases/Scenarios Action Items updates
         4. [8]E-Mail lure scenario
         5. [9]re-direction / federation use case
         6. [10]ACTION-9 misuse / misappropriation of padlock
         7. [11]ACTION-13, Elaborate on multiple certificates & domains for
            session servers case
         8. [12]ACTION-22, voice browsers
         9. [13]ACTION-19, WS-Security
        10. [14]next meeting; proposed: 12 December
     * [15]Summary of Action Items
     _________________________________________________________________



   <tlr> "zakim, unmute me"

   <stephenF> ta

   <tlr> tyler: it just goes into normal text?

   <tlr> ... and this continues ...

   <tlr> Scribe: tyler

approve minutes

   <tlr> [16]http://www.w3.org/2006/11/21-wsc-minutes

   <tlr> RESOLVED: minutes approved

Wiki -- how to use, etc

   <tlr> [17]http://www.w3.org/2006/WSC/wiki/

   mez: Encourage everyone to submit action item text to wiki
   ... Solicits questions on wiki use

   PHB: Can't find the draft note on the wiki

   Tyler: says he will put the form of the note into the wiki

   <tlr>  ACTION:  tyler  to  add  note's  structure to wiki [recorded in
   [18]http://www.w3.org/2006/12/05-wsc-minutes.html#action01]

   <trackbot> Created ACTION-36 - Add note\'s structure to wiki [on Tyler Close
   - due 2006-12-12].

   MEZ: Confirms that MoinMoin does versioning

Use Cases/Scenarios Action Items updates

   MEZ: No more questions on wiki
   ... Documenting the scope and the goals are the top priorities

   <tlr> The joys of multipart/alternative...

   MEZ: Hope everyone hits their ACTION item goals for the next meetings

   <tlr> [19]http://www.w3.org/2006/WSC/Group/track/actions/4

   MEZ: What's our vanilla attack scenario

   <tlr> [20]http://www.w3.org/2006/WSC/drafts/note/

E-Mail lure scenario

   MEZ: Is ACTION-4 our vanilla attack?

   <tlr> [21]http://www.w3.org/2006/WSC/drafts/note/#email-lure

   PHB: Distinguish between use cases and abuse cases
   ... Some banks have given up sending email

   MEZ: Is this a legal remedy?

   PHB: No bank is still liable

   MEZ: Concrete scenario followed by discussion is preferred format for use
   cases

   PHB: Helps make the use case succinct

   MEZ: Should we close ACTION-4
   ... Moving on to next action item, ACTION-8

re-direction / federation use case

   <tlr> [22]http://www.w3.org/2006/WSC/Group/track/actions/8

   <tlr>
   [23]http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402B2D656@repbex01.
   amer.bea.com

   MEZ: Hal not on call

   TLR: Draft of text in email archive

   MEZ: Hal's email incorrectly cited ACTION-11
   ... ACTION-8 needs to be more concrete

   <Mez> [24]http://www.w3.org/2006/WSC/Group/track/actions/9

   <tlr> [25]http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0056

ACTION-9 misuse / misappropriation of padlock

   MEZ: ACTION-9 is more an enumeration of issues with the chrome, than a use
   case

   <tlr> carry over to next call

   MEZ: ACTION-9 is thorough and excellent, but want a concrete scenario

   <Mez> [26]http://www.w3.org/2006/WSC/Group/track/actions/13

ACTION-13, Elaborate on multiple certificates & domains for session servers
case

   Do you want me to use a real use case, or a fictitious use case

   TLR: Don't use a real use case, for trademark issues.
   ... Use example.com in specification examples
   ... For example, use [27]http://www.example.com/ as a URL

   <tlr> example.{com,info,org} ...

   <Mez> [28]http://www.w3.org/2006/WSC/Group/track/actions/22

ACTION-22, voice browsers

   <tlr> [29]http://lists.w3.org/Archives/Public/public-wsc-wg/2006Dec/0003

   MEZ: Want a concrete voice browser use case for the note
   ... Solicits any other participants for voice browser use case

   <Mez> [30]http://www.w3.org/2006/WSC/Group/track/actions/19

   MEZ: Want to get to the scope next
   ... Might not get to the use cases for a couple weeks
   ... Need the note for the next face2face

ACTION-19, WS-Security

   <malware> sorry for being late

   <tlr> [31]http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0105

   MEZ: The desktop decoration use case used a good format, like ACTION-4
   ... Any issues with putting future looking features out of scope?

   <tlr> Since the visual cues are not controlled by a browser, but rather the
   application program which is painting the transparent window information on
   the desktop, there is no browser chrome to define, protect, or for Alice to
   rely upon.

   <stephenF> when will our REC be done? Presumably "future" applies from then
   on, or from now on?

   tlr, could you summarize your point for the minutes?

   <tlr> tlr: one key property seems to be the one mentioned above; sounds
   similar to widgets spec work in WAF WG.

   Yakov: WS-Security might provide a concrete use case. Need to work on one

   Stephen: Is the future tomorrow, or the day after the Rec comes out?
   ... Vista is coming out while we're working. Might be some changes in usage.

   TLR: Should abstract from any particular product

   MEZ: Should look at any product that gets lots of usage

   <Paul> If spec has been approved by a relevant standards body, isn't it in
   scope, even if deployments might be several months in the future?

   MEZ: Our goals will be shaped by things we can make use-cases for today

   <Zakim> stephenF, you wanted to ask when "future" starts, if out of scope

   Stephen: Tha's fine, but want to have flexibility as we move forward

   ??: What about stuff that is standardized, but not yet deployed

   MEZ: Remember the days when standards standardized existing use

   TLR: Just being a standard doesn't put in scope. We have to believe the
   deployment story

   <stephenF> offering a tricky case for scoping here: IEFT EAI (email i18n), i
   dunno whether that should or should not be in scope

   MEZ:  We have to put a high bar on that. We need to believe it will be
   deployed, not it might be deployed.

   <stephenF> EAI stuff: fine for later

   <Zakim> malware, you wanted to ask for clarification of difference between
   "deployed" and "implemented"

   <tlr> maware, we can't hear you

   <tlr> malware

   <malware> I'm not on the bridge

   <malware> I just wanted to ask what exactly is meant by deployment

   TLR: channelling malware, Is it deployed, or implemented?

   MEZ: implemented is existing, also needs to be running

   <malware> I think we usually talk about implementations of a particular
   spec, right?

   <malware> Is same thing meant by "deployment" as it's been discussed here?

   <tlr> malware, basically, yes.

   <Paul> I think it depends. If "implemented" with intent to deploy then it is
   relevant. If it is implemented but not intended for deployment the it should
   not be considered.

   <malware> OK

   <tlr> the point was that there should be some reality check

   MEZ: Action-19 looks future looking

   <Paul> Argh, my phone just decided to reboot. It will take me a few minutes
   to rejoin the call.

   <malware> has there been any discussion about not moving to REC without
   implementations?

   TLR: It exposes an important property of non-browser, but possible web based
   that has security context
   ... The commonality is use of web-ish tech
   ... Have a look at the widget spec to determine whether in scope or out of
   scope

   <tlr>    ACTION:    tlr   to   review   widget   spec   [recorded   in
   [32]http://www.w3.org/2006/12/05-wsc-minutes.html#action02]

   <trackbot> Sorry, couldn't find user - tlr

   <tlr>   ACTION:   thomas   to   review   widget   spec   [recorded  in
   [33]http://www.w3.org/2006/12/05-wsc-minutes.html#action03]

   <trackbot> Created ACTION-37 - Review widget spec [on Thomas Roessler - due
   2006-12-12].

   rfranco: Joining discussion as a guest.

   rfranco: Use case involving futuristic hardware is out of scope?

   TLR: Are we talking about trusted computing base?

   rfranco: I don't think of it as heavily deployed
   ... It's not the mainstream case today

   MEZ: Agreed

   rfranco: It's on the bubble. I am happy deferring it to a later working
   group

   PHB: Need to consider trustworthy computing as a solution to a problem we're
   not going to solve

   TLR: The non-goal would be ensuring a trusted computing base

   <tlr> ACTION: zurko to include trusted computing base with scope and/or
   goals/non-goals [recorded in
   [34]http://www.w3.org/2006/12/05-wsc-minutes.html#action04]

   <trackbot> Created ACTION-38 - Include trusted computing base with scope
   and/or goals/non-goals [on Mary Ellen Zurko - due 2006-12-12].

next meeting; proposed: 12 December

   <PHB>  PHB: We should be able to consider the existence of Trustworthy
   computing for the purposes of deciding not to solve a problem that others
   are attempting to solve/deploy with a high probability of success. That is
   we  should  not  decide that the whole problem is impossible because a
   keystroke logger could be dropped onto a machine.

   MEZ: Will put scope out by next friday

   <PHB>  PHB:  Trusted computing exists, we all trust the computer to an
   enormous degree.The question is if they will be trustworthy

   MEZ: Want to do the goals next

   <Paul> BTW, action-38 should have some current estimates of timeline for
   deployment. How long will it be before trusted computing platforms can be
   assumed to be present in the home/retial market?

   MEZ: Remember to register for the face2face in January

   <stephenF> bye all

   MEZ: Attacks on trusted computing are out of scope regardless

   MEZ: Next meeting is December 12th

   <Paul> thanks , bye

Summary of Action Items

   [NEW]   ACTION:   thomas   to   review   widget   spec   [recorded  in
   [35]http://www.w3.org/2006/12/05-wsc-minutes.html#action03]
   [NEW]    ACTION:    tlr   to   review   widget   spec   [recorded   in
   [36]http://www.w3.org/2006/12/05-wsc-minutes.html#action02]
   [NEW]  ACTION:  tyler  to  add  note's  structure to wiki [recorded in
   [37]http://www.w3.org/2006/12/05-wsc-minutes.html#action01]
   [NEW] ACTION: zurko to include trusted computing base with scope and/or
   goals/non-goals [recorded in
   [38]http://www.w3.org/2006/12/05-wsc-minutes.html#action04]

   [End of minutes]
     _________________________________________________________________


    Minutes formatted by David Booth's [39]scribe.perl version 1.127 ([40]CVS
    log)
    $Date: 2006/12/12 19:14:30 $

References

   1. http://www.w3.org/
   2. http://www.w3.org/mid/OF81505EE7.FF8727F8-ON85257236.006D606B-85257237.004D28AA@LocalDomain
   3. http://www.w3.org/2006/12/05-wsc-irc
   4. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#agenda
   5. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item01
   6. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item02
   7. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item03
   8. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item04
   9. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item05
  10. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item06
  11. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item07
  12. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item08
  13. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item09
  14. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#item10
  15. file://localhost/home/roessler/W3C/WWW/2006/12/05-wsc-minutes.html#ActionSummary
  16. http://www.w3.org/2006/11/21-wsc-minutes
  17. http://www.w3.org/2006/WSC/wiki/
  18. http://www.w3.org/2006/12/05-wsc-minutes.html#action01
  19. http://www.w3.org/2006/WSC/Group/track/actions/4
  20. http://www.w3.org/2006/WSC/drafts/note/
  21. http://www.w3.org/2006/WSC/drafts/note/#email-lure
  22. http://www.w3.org/2006/WSC/Group/track/actions/8
  23. http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402B2D656@repbex01.amer.bea.com
  24. http://www.w3.org/2006/WSC/Group/track/actions/9
  25. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0056
  26. http://www.w3.org/2006/WSC/Group/track/actions/13
  27. http://www.example.com/
  28. http://www.w3.org/2006/WSC/Group/track/actions/22
  29. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Dec/0003
  30. http://www.w3.org/2006/WSC/Group/track/actions/19
  31. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0105
  32. http://www.w3.org/2006/12/05-wsc-minutes.html#action02
  33. http://www.w3.org/2006/12/05-wsc-minutes.html#action03
  34. http://www.w3.org/2006/12/05-wsc-minutes.html#action04
  35. http://www.w3.org/2006/12/05-wsc-minutes.html#action03
  36. http://www.w3.org/2006/12/05-wsc-minutes.html#action02
  37. http://www.w3.org/2006/12/05-wsc-minutes.html#action01
  38. http://www.w3.org/2006/12/05-wsc-minutes.html#action04
  39. http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/scribe/scribedoc.htm
  40. http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 13 December 2006 11:39:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:44 GMT