- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 20 Aug 2008 17:07:44 +0200
- To: public-wsc-wg@w3.org
Minutes from our meeting on 2008-08-13 were approved and are
available online here:
http://www.w3.org/2008/08/13-wsc-minutes.html
A text version is included below the .signature.
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
Web Security Context Working Group Teleconference
13 Aug 2008
See also: [2]IRC log
Attendees
Present
Mary Ellen Zurko, Tyler Close, Johnathan Nightingale, Ian Fette,
Jan Vidar Krey, Thomas Roessler, Bill Doyle
Regrets
Yngve Pettersen
Chair
Mary Ellen Zurko
Scribe
Jan Vidar Krey
Contents
* [3]Topics
1. [4]Approve minutes from previous meeting
2. [5]Open action items
3. [6]Agenda bashing
4. [7]Testing for candidate recomendation
5. [8]next meeting
6. [9]anything else on anything else?
* [10]Summary of Action Items
__________________________________________________________________
Approve minutes from previous meeting
<Mez> [11]http://www.w3.org/2008/08/06-wsc-minutes.html
Mez: approved.
Open action items
<Mez> [12]http://www.w3.org/2006/WSC/track/actions/open
Mez: no issues needs to be resolved in meetings.
Agenda bashing
Mez: next week I'd like to dive in on features at risk
Testing for candidate recomendation
Mez: tests needed, how to test, mechanical parts of the standards
tlr: we have tables of must/should. Go through that table and come up
with scenarios that test these options
... write scenarios, expected behavior, create environment
... this approach will mostly work for section 5 and 6 in the doc.
... section 7 (esp. 7.4) might need to create scenarios that test
deprecated behavior
Mez: any examples from other working groups?
tlr: (points to www.w3.org/TR)
... clause, example, behaviour description (pass/fail),
expected/unexpected result.
... a table, implementation vs test case
<tlr> [13]http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html
<tlr> [14]http://www.w3.org/2007/xmlsec/interop/xmldsig/report.html
ifette: for any test case, we should release a test case file, instead
of description of testcases
... for instance a webserver configuration file
<tlr> +100 to ifette
Mez: for creating infrastructure, what kind of restrictions do we have?
tlr: do not want to pinpoint any particular (bank) site as a bad
example -- bad marketing
... the more concrete, for instance create a shell script which can
generate certificate examples, fake CAs
... some questions remains for how to install fake CA certs in browsers
<tlr> ACTION: mez to inquire phb about ev cert for test environment
[recorded in
[15]http://www.w3.org/2008/08/13-wsc-minutes.html#action01]
<trackbot> Created ACTION-500 - Inquire phb about ev cert for test
environment [on Mary Ellen Zurko - due 2008-08-20].
ifette: adding an EV cert to a browser is user agent dependent.
johnath: might be problems creating a EV cert that would work on all
browsers, but we should not depend on it.
Mez: no test infrastructure in cabforum, or others?
johnath: we can use debug builds to test, which can be used for certain
edge cases and not intended for public use.
<tlr> (and actually, same question to jvkrey)
tlr: what kind of things exist in your (mozilla/opera) test
infrastrucure, could we use?
johnath: alot of things can be used with firefox, but do not know how
it will work for other browsers.
tlr: what do you have on the server side?
... more work for us to come up with something, or can Mozilla/Opera
contribute with server side test cases?
johnath: i have no problem giving access to our tools, but our tools
are built for mozilla products/environment
<tlr> (it might turn out that we're easier off *specifying* the tests,
possibly the clients, and leaving it to the individual browser vendors
to implement them in their respective frameworks)
tlr: i would be inclined to take a look at the test specification, then
include for instance an apache configuration file.
... in certain specs we have had anonymous test results. Implementation
A, pass/fail. etc.
Mez: Reviewing browser APIs, to check if robustness criterias are
adhered to. Any specific place to go to find this?
johnath: One example, for resizing a window to larger than the screen
or moving off screen, the implementation will not do it. We have unit
tests for these kind of things.
ifette: no guarantee that a brower do not have an exotic API for doing
something in a non-standard way.
tlr: there are apis like open window with coordinates, a test could
look like: click button -> open window at coordinate (10000,10000) ->
check if the window was opened on screen.
ifette: needs to try different coordinates.
tlr: exercice known APIs.
... Add a checkbox; are there other ways to create the same behavior?
Mez: for other tests, could there be a browser representative that
could take care of this?
johnath: yes, I can answer them for Mozilla, of course there might be
bugs.
Mez: Write up scenarios during meetings.
... doesn't look like Mozilla/Opera have scenarios already written up
for immediate testing.
... we could try to create a scenario today.
tlr: looks like it is easier to distribute work so that people can
write a test or two off-line.
Mez: experience tells me people don't do it off-line.
... what would be the first action item?
<Mez> [16]http://www.w3.org/2006/WSC/wiki/FeaturesAtRisk
tlr: 6.1.1 and 6.1.2 will be good starting points for testing, these
are simple testcases, then we can go for the more complex ones later.
Mez: what's the next step?
tlr: Any volunteers?
next meeting
Mez: we could target next week's meeting for 6.1.1 or features at risk.
... there are outstanding issues on the table, we could target 6.1.1
tlr: expect 6.1.2 to be closely related to 6.1.1
Mez: will send e-mail, if someone picks it up that's great, otherwise
target it for next week's meeting.
anything else on anything else?
tlr: reviewing content altering proxies for mobiles. Especially if a
proxy serves https content as http.
<tlr>
[17]http://www.w3.org/mid/OF6A396D5B.C319E834-ON8525749C.0041C8D5-85257
49C.0041D63D@LocalDomain
<Mez>
[18]http://lists.w3.org/Archives/Public/public-wsc-wg/2008Aug/0003.html
Summary of Action Items
[NEW] ACTION: mez to inquire phb about ev cert for test environment
[recorded in
[19]http://www.w3.org/2008/08/13-wsc-minutes.html#action01]
[End of minutes]
__________________________________________________________________
Minutes formatted by David Booth's [20]scribe.perl version 1.133
([21]CVS log)
$Date: 2008/08/20 15:06:37 $
References
1. http://www.w3.org/
2. http://www.w3.org/2008/08/13-wsc-irc
3. http://www.w3.org/2008/08/13-wsc-minutes.html#agenda
4. http://www.w3.org/2008/08/13-wsc-minutes.html#item01
5. http://www.w3.org/2008/08/13-wsc-minutes.html#item02
6. http://www.w3.org/2008/08/13-wsc-minutes.html#item03
7. http://www.w3.org/2008/08/13-wsc-minutes.html#item04
8. http://www.w3.org/2008/08/13-wsc-minutes.html#item05
9. http://www.w3.org/2008/08/13-wsc-minutes.html#item06
10. http://www.w3.org/2008/08/13-wsc-minutes.html#ActionSummary
11. http://www.w3.org/2008/08/06-wsc-minutes.html
12. http://www.w3.org/2006/WSC/track/actions/open
13. http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html
14. http://www.w3.org/2007/xmlsec/interop/xmldsig/report.html
15. http://www.w3.org/2008/08/13-wsc-minutes.html#action01
16. http://www.w3.org/2006/WSC/wiki/FeaturesAtRisk
17. http://www.w3.org/mid/OF6A396D5B.C319E834-ON8525749C.0041C8D5-8525749C.0041D63D@LocalDomain
18. http://lists.w3.org/Archives/Public/public-wsc-wg/2008Aug/0003.html
19. http://www.w3.org/2008/08/13-wsc-minutes.html#action01
20. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
21. http://dev.w3.org/cvsweb/2002/scribe/
--
Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 20 August 2008 15:08:20 UTC