- From: Thomas Roessler <tlr@w3.org>
- Date: Thu, 22 Feb 2007 14:41:24 +0100
- To: WSC WG <public-wsc-wg@w3.org>
The minutes from our meeting on 13 February are approved and
publicly available online:
http://www.w3.org/2007/02/13-wsc-minutes
Thanks to Tim Hahn for scribing.
Regards,
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
WSC weekly 2007-02-13
13 Feb 2007
[2]Agenda
See also: [3]IRC log
Attendees
Present
MaryEllen_Zurko, Thomas, beltzner, tyler, Hal_Lockhart,
Maritza_Johnson, Yakov_Sverdlov, Tim_Hahn, Rob_Franco, PHB,
Paul_Hill, staikos, Brad_Porter
Regrets
Chair
Mez
Scribe
tjh
Contents
* [4]Topics
1. [5]Approve minutes from last two meetings
2. [6]Newly closed action items
3. [7]Agenda bashing
4. [8]use case rework
5. [9]First Public Working Draft (FPWD) planning
6. [10]questions on ISSUE-9
7. [11]questions on ISSUE-10
8. [12]next meeting
* [13]Summary of Action Items
_________________________________________________________________
Approve minutes from last two meetings
quick review for tim on the scribe role and scribe conventions
<tlr> [14]http://www.w3.org/2007/01/30-wsc-minutes
<tlr> [15]http://www.w3.org/2007/01/31-wsc-minutes
<tlr> [16]http://www.w3.org/2007/02/06-wsc-minutes.html
<tlr> RESOLVED: minutes approved
no denials on the acceptance of minutes
scribe: so approved
Newly closed action items
mez: thanks everyone for making progress on the action items
Agenda bashing
mez: suggest change to content of meeting to discuss chrome
... at least one critical party is lacking
<tlr> we could do the chrome discussion however, it sseems better for the
list
tlr: reason - it has been a useful discussion on the list
<beltzner> seriously!
beltzner: suggest continue the discussion on the list as it is progressing
well there.
use case rework
<tlr>
[17]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0026.html
mez: has everyone read this through and found it OK?
... is silence affirmation? Is this a good set of replacement text
tjh: has not read it all the way through and thus must abstain
<Pau1> ditto :)
<tlr> Variations: The URI that Doyle typed can be correct or not. Orthogonal
to this, he can end up on the web site he intended to interact with, or not.
Doyle might also have typed a keyword glanced from the movie screen into a
search box.
<PHB> Orthogonal in use cases means that satisfying one use case does not
necessarily affect another
tlr: suggests different wording here and there.
... to make clear that this is in a different direction
beltzner: intends to read today.
phb: thinking about orthogonal piece
... not sure there can be orthogonal use cases
<tlr> ACTION: thomas to replace "orthogonal" by clearer language in the use
case rework [recorded in
[18]http://www.w3.org/2007/02/13-wsc-minutes.html#action01]
<trackbot> Created ACTION-141 - Replace \"orthogonal\" by clearer language
in the use case rework [on Thomas Roessler - due 2007-02-20].
phb: use cases tend to be variations and thus terming them independent may
be better than orthogonal.
tlr: happy to replace it (see ACTION-141)
<Mez_>
[19]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0053.html
tyler: looking at e-mail - use case 18 was reworked from use case 11.
... current use case does not talk about matching up names
... it is likely that this issue will come up
<tlr> [20]http://www.w3.org/2006/WSC/drafts/note/#introduction
<Tyler>
[21]http://www.w3.org/2006/WSC/drafts/note/Overview.html#introduction
tlr: discusses use case 11, and clarifies 18
... we would not deal with where a reputation service is, just that it
exists somewhere
mez: so what is the right fix?
tlr: there are multiple use cases related to what Tyler referred to in use
case 11
... for example, a bank that has just changed its name.
tlr: believes the intended question (from Tyler) is covered by several of
the use cases
tyler: any feedback from Stuart yet on how these fit in to a more structured
model?
mez: he is out this week, so not yet. Hopefully he will engage next week.
... it will be important to get his feedback.
hal: likes the idea of extracting out these properties.
... this is a way to clear up the large number of potential cases.
tlr: one thing noted was that some of the critical distinctions were not
along the same lines as the original use cases
<Mez_>
[22]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0053.html
mez: let us look forward to mike's reply
... do the use cases cover Confidentiality, Integrity, Authenticity?
... and cover Reputation?
tyler: need to re-evaluate them for this.
tlr: one that is not covered well is integrity.
... use case 19 covers authenticity
... tlr to take an action to clarify use case 19 covers network-level
authenticity
<tlr> ACTION: thomas to change use case 19 to make clear that network-levle
confdentiality threats are covered [recorded in
[23]http://www.w3.org/2007/02/13-wsc-minutes.html#action02]
<trackbot> Created ACTION-142 - Change use case 19 to make clear that
network-levle confdentiality threats are covered [on Thomas Roessler - due
2007-02-20].
mez: looking for first public draft of this soon
mez: after this discussion completes, these use cases should be dropped into
the first public working document (FPWD).
<tlr> tlr: PROPOSED to take use case rework into FPWD
hal: is this supposed to represent what is or how users think about what
they are seeing?
... suspects that users view/assess reputation quite a bit more than, say,
integrity
... users also tend to think of CIA wholistically, rather than separately
tlr: at the F2F we looked at some basic roles around these scenarios
... then write a story around the scenario so that people can understand the
scenario, and also describe the important aspects
... of that scenario from a security perspective.
... if there is some additional questions that a user would ask that are not
covered here
... then let us create additional use cases to cover those.
... hopes that we would go back and review these, then revisit/update the
use case as appropriate.
... if there are more questions we need to address that are not motivated by
these use cases, then we need to add more use cases
... to ensure those questions have a basis
First Public Working Draft (FPWD) planning
mez: really want FPWD by next meeting
<tlr> look over the current text for huge issues
mez: requests everyone look over the draft today or tomorrow
tyler: requests Thomas drop the new use cases into the note
tlr: not able to do it by tomorrow (in other meetings)
... also have an action item due today to do some re-formatting and updates
... could just send an updated text version to the list
mez: suggest we go with whatever is there at end of day tomorrow - or wait
another week.
tlr: feels this need not shift the deliverable a whole week
mez: asks how much time we need from the final re-wording to review
tlr: should only take a couple days to review it
... proposes tyler re-format during the day tomorrow
tyler: reformat, yes, but resolving parenthetical comments no
tlr: sounds like there will be SOME version by end day tomorrow
mez: sounds good
... have we closed discussion on ACTION-125 ?
... no responses - it appears that we have closed discussion.
questions on ISSUE-9
tlr: proposed title: Web Security Context Use Cases and Requirements
<tlr> PROPOSED title: Web Security Context Use Cases and Requirements
tyler: everyone I have talked to has been baffled by "web Security Context"
mez: agrees
mez, tlr: request folks find or dream up a better name/phrase
<Zakim> tlr, you wanted to raise ISSUE-10
<tlr> [24]http://www.w3.org/2006/WSC/Group/track/issues/10
questions on ISSUE-10
tlr: in the current note text, there is confusion over the term "web"
... what is "web" and what is "non-web"
... there is some discussion about HTTP, HTTPS protocols
... there is some stuff "nearby" like SOAP.
... things out of scope like "touch e-mail"
... but what about things related to information in a URI (wherever that URI
might appear)?
... proposes: we start out saying the core of our scope is the web, surfed
using HTTP, with a reference to the web architecture document.
... then that we will be dealing with security layer, in particular HTTPS.
... and then other protocols that show up in URIs, while not a goal, we may
offer some guidance on
mez: this text needs to get in by close of business tomorrow ... or we wait
a week
tlr: what do people think of the current text?
mez: the stuff there so far looked ok (thus no response)
... but please propose text.
beltzner: is this a blocker?
... seems not
... assuming not, let the first draft go and we can discuss outside of a
rush.
tlr: feels this is important
tyler: am aware of the time-sink that this can take us down.
<tlr> ACTION: thomas to propose text to resolve ISSUE-10 [recorded in
[25]http://www.w3.org/2007/02/13-wsc-minutes.html#action03]
<trackbot> Created ACTION-143 - Propose text to resolve ISSUE-10 [on Thomas
Roessler - due 2007-02-20].
<Pau1> no complaints from me
tlr: one more issue with the draft - section 9.3 (Implementation)
... current text is relatively strong about having open source reference
implementations.
... would be delighted to see this, but can we make this request?
<Tyler>
[26]http://www.w3.org/2006/WSC/drafts/note/Overview.html#usability-testing
tlr: also, it says sample code will be made available by the working group
<tlr>
[27]http://www.w3.org/mid/OF75AA6DF6.9CE9675E-ON8525727A.00765350-8525727B.0
0573FDA@LocalDomain
tlr: or at least be made available publically
... concerned that we are making this bold statement
<Mez_> and thomas' reply online is
<Mez_>
[28]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0034.html
hal: then let us just drop it, and not promise anything
tjh: I ack hal's idea
... (or at least I ack not promising we will deliver sample code)
<staikos> I hope to provide sample code and make it publically available
<staikos> :-)
<staikos> publicly
tlr: mez to take an action to make this change.
<tlr> ACTION: zurko to drop public sample code promise from 10.3 and send
text to list & tyler [recorded in
[29]http://www.w3.org/2007/02/13-wsc-minutes.html#action04]
<trackbot> Created ACTION-144 - Drop public sample code promise from 10.3
and send text to list & tyler [on Mary Ellen Zurko - due 2007-02-20].
<Tyler> Mez and TLR can we talk after the call?
<tlr> we can just stay on the bridge
next meeting
mez: we adjourn now at 0:59
... hopefully threat trees in two weeks.
<tlr> [30]http://www.w3.org/2005/08/transition?docstatus=fpwd-wd-tr
<tlr> [31]http://w3.org/brief/MzE=
Summary of Action Items
[NEW] ACTION: thomas to change use case 19 to make clear that network-levle
confdentiality threats are covered [recorded in
[32]http://www.w3.org/2007/02/13-wsc-minutes.html#action02]
[NEW] ACTION: thomas to propose text to resolve ISSUE-10 [recorded in
[33]http://www.w3.org/2007/02/13-wsc-minutes.html#action03]
[NEW] ACTION: thomas to replace "orthogonal" by clearer language in the use
case rework [recorded in
[34]http://www.w3.org/2007/02/13-wsc-minutes.html#action01]
[NEW] ACTION: zurko to drop public sample code promise from 10.3 and send
text to list & tyler [recorded in
[35]http://www.w3.org/2007/02/13-wsc-minutes.html#action04]
[End of minutes]
_________________________________________________________________
Minutes formatted by David Booth's [36]scribe.perl version 1.127 ([37]CVS
log)
$Date: 2007/02/22 13:33:54 $
References
1. http://www.w3.org/
2. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0058.html
3. http://www.w3.org/2007/02/13-wsc-irc
4. file://localhost/home/roessler/W3C/WWW/2007/02/13-wsc-minutes.html#agenda
5. file://localhost/home/roessler/W3C/WWW/2007/02/13-wsc-minutes.html#item01
6. file://localhost/home/roessler/W3C/WWW/2007/02/13-wsc-minutes.html#item02
7. file://localhost/home/roessler/W3C/WWW/2007/02/13-wsc-minutes.html#item04
8. file://localhost/home/roessler/W3C/WWW/2007/02/13-wsc-minutes.html#item06
9. file://localhost/home/roessler/W3C/WWW/2007/02/13-wsc-minutes.html#item07
10. file://localhost/home/roessler/W3C/WWW/2007/02/13-wsc-minutes.html#item0701
11. file://localhost/home/roessler/W3C/WWW/2007/02/13-wsc-minutes.html#item08
12. file://localhost/home/roessler/W3C/WWW/2007/02/13-wsc-minutes.html#item09
13. file://localhost/home/roessler/W3C/WWW/2007/02/13-wsc-minutes.html#ActionSummary
14. http://www.w3.org/2007/01/30-wsc-minutes
15. http://www.w3.org/2007/01/31-wsc-minutes
16. http://www.w3.org/2007/02/06-wsc-minutes.html
17. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0026.html
18. http://www.w3.org/2007/02/13-wsc-minutes.html#action01
19. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0053.html
20. http://www.w3.org/2006/WSC/drafts/note/#introduction
21. http://www.w3.org/2006/WSC/drafts/note/Overview.html#introduction
22. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0053.html
23. http://www.w3.org/2007/02/13-wsc-minutes.html#action02
24. http://www.w3.org/2006/WSC/Group/track/issues/10
25. http://www.w3.org/2007/02/13-wsc-minutes.html#action03
26. http://www.w3.org/2006/WSC/drafts/note/Overview.html#usability-testing
27. http://www.w3.org/mid/OF75AA6DF6.9CE9675E-ON8525727A.00765350-8525727B.00573FDA@LocalDomain
28. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0034.html
29. http://www.w3.org/2007/02/13-wsc-minutes.html#action04
30. http://www.w3.org/2005/08/transition?docstatus=fpwd-wd-tr
31. http://w3.org/brief/MzE=
32. http://www.w3.org/2007/02/13-wsc-minutes.html#action02
33. http://www.w3.org/2007/02/13-wsc-minutes.html#action03
34. http://www.w3.org/2007/02/13-wsc-minutes.html#action01
35. http://www.w3.org/2007/02/13-wsc-minutes.html#action04
36. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
37. http://dev.w3.org/cvsweb/2002/scribe/
Received on Thursday, 22 February 2007 13:41:50 UTC