W3C home > Mailing lists > Public > public-wsc-wg@w3.org > January 2007

Web Security Context (WSC) WG Face-to-face #2 Agenda (v 2.1)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Tue, 30 Jan 2007 10:13:27 -0500
To: public-wsc-wg@w3.org
Message-ID: <OFA6B8FDF1.D2D07849-ON85257273.00538876-85257273.0053A0FD@LocalDomain>
Fixed a sequencing typo, added schecduling our next f2f to the items at 
the very end

__________________________________________________________

Web Security Context (WSC) WG Face-to-face #2 Agenda (v 2.0)
2007-01-30 through 2007-01-31 
San Jose, CA, USA

Phone number and IRC channel to be documented on WG administrative home 
page 
http://www.w3.org/2006/WSC/Group/ 

Teleconference time and length
8:30 - 17:30 both days, local time 

Tuesday, 2007-01-30 - Chair, Mary Ellen Zurko 

Breakfast (8:30) 

1. Administrative details (9:00)
Including:

1a. Selection of scribes 
One per 1/4 day (total of 8)

1b. Brief roll call 
Make sure you've already posted an introduction to yourself on our list 

2. Agenda bashing (9:15) 

3. WG schedule review (9:30)

4. Discussions on our Note, including siscussion of major Note sections 
not already covered in our previous meetings 

4a. "A word from the editor" - Note process (10:00)

4b. Assumptions (10:15)

Break (11:00)

4c. Design Principles (11:30)

Lunch (12:15) 

4d. User Test Verification (13:15)

4e. Problem with Current User Interface (14:00) 

Break (14:45)

5. Demos 

5a. Petname  (15:15)
Demo by Tyler

5b. EV (16:15) 
Demo by Phil

6. Day one wrapup (17:15)
Any logistics, agenda changes for the next day, other actions, etc. 

Recess (17:30)


Wednesday, 2007-01-31 - Chair, Mary Ellen Zurko 

Breakfast (8:30) 

7. Agenda bashing (9:00)

8. Best of breed Mozilla extensions for displaying security context 
information (9:15)
Presentation led by Mike B 
Will include Beltzner's Suggested Do's And Don't From Being a Brower UI 
Guy 

Break (10:15)

9. Safe Browsing Mode (10:45)
led by Bob P
What it would mean, how it would work, etc. 

9. Recommendation 1 discussions

Editors are needed

9a. Minimal set of security context information (11:15)

The description of our first recommendation begins with:
A W3C Recommendation that specifies a minimal set of security context 
information to be made accessible to users, ...

We'll discuss what that means and brainstorm on what that minimal set 
might be. The minimal set can be targeted at the combination of web user 
agents, web application authoring, and web server deployment guidelines. 

Lunch (12:15)

9b. Best practices for usable presentation of this information (13:15)

The description of our first recommendation continues with:
and best practices for the usable presentation of this information 

This will be a good time for us to get categories (and instances) of 
potential best practice on the table. Anything put forward will have to be 
validated as we go forward, using the techniques outlined in the 
Assumptions section of our Note. It's recommended that people post ideas 
in this area to the list (and re-post them marked with an indicator that 
they're for this list if they were part of earlier discussions). 

Draft categories for best practices: 
o Straight up usable display of security context information - for each 
piece of information, best practice on what to display to the user
.. in its presence and absence
.. alone and in combination with other pieces of security context 
information
.. with and without additional user discovery (e.g. main display vs. 
requested dialogs) 

Break (14:30)

10. Recommendation 2 discussions (15:00)

The description of our second recommendation begins:
a W3C Recommendation that specifies techniques that render the 
presentation of security context information more robust against spoofing 
attacks. The Group expects to establish two levels of conformance to these 
techniques: required and recommended. 

Draft categories for security context information robustness:
o Limitations on scripting capabilities 
o Shared and protected "secrets" - both cryptographic and human (i.e. 
personalization) 
.. and protection of those secrets 
o Trusted path between web user agent and user 
o Safe mode browsing (restrictions on allowed browsing activity based on 
one or more levels of security context required)


11. Wrapup (17:00)
Any follow up action items, decisions on editor(s) of the 
recommendation(s), next face to face scheduling. 

Recess (17:30)
Received on Tuesday, 30 January 2007 15:13:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:45 GMT