[hardware based secure services CG] minutes of our call today

Dear all,

Here is the live minutes of our call today, thanks for the ones who answered my last minute call for meeting. Abother session will be organized for the ones who missed it on Thursday 28th of July @ 14:00 UTC.

Chair informal take away is :

-          We did review the issues related to the report,

-          We decided that members would have until the 4th of August to bring their issues, after that date, the report will be considered as finished

-          We confirmed that there would be a F2F meeting on the Monday of the TPAC week in Lisbon.

Thanks again to Sébastien, our editor, keeping careful track of all the issues !


present : NIST, CESG, UK gov, Morpho, gemalto, Oberthur
[16:08] <marko> Purpose of call: discuss recent github issues on draft report
[16:08] <virginie_> Virginie : sebastien will report recent changes on github
[16:08] <virginie_> sébastien : most of the fixes were editorial, there is no new feature, but rather typo fixes
[16:09] <virginie_> sébastien : we have some poitn to discuss, based on issues open by Mark and Anders
[16:09] <Sebastien> https://github.com/w3c/websec/issues
[16:10] <marko> Discussing https://github.com/w3c/websec/issues/80
[16:12] <virginie_> sébastien : this security context should be in the "future" section
[16:12] <marko> https://github.com/w3c/websec/issues/91
[16:13] <virginie_> Sébastien : we had some exchanges with anders, adn we may discuss it with him later
[16:15] <virginie_> Colin : we dont really want to delay our work with such a problems
[16:16] <marko> Have not been in contact with Brian at Visa yet: shall we write this section or shall we remove it?
[16:16] <virginie_> Sébastien : we dont have any news on payment side : https://github.com/w3c/websec/issues/96
[16:16] <marko> Section 3.3, 3DSecure scheme - regarding online payments
[16:17] <virginie_> action : virginie to ping visa on that matter
[16:17] <virginie_> Sébastien : https://github.com/w3c/websec/issues/99
 [16:20] <marko> The issue of having a trusted return path will have impacts on other sections of the document. Sebastien will add some content into 4.1.2, about GenerateKey method
[16:20] <virginie_> Sébastien : check with Aurélien to add in 4.2.3 a generate key method, indicating the trusted path type, and improve section 4.1.2
[16:21] <marko> Discussing https://github.com/w3c/websec/issues/101
[16:23] <virginie_> Sébastien : we need to make a trade off between term and conditions being accurate and display capability
[16:23] <virginie_> mark : a hash of the Terms and condition may be a way, but the insurance associated is not sure
[16:24] <virginie_> mark : perhaps finding the version o fthe term and condition is enough
[16:24] <virginie_> sébastien : lets make a note to complete the sentence, reminding that the current solution is not perfect, but an acceptable approach
[16:25] <marko> https://github.com/w3c/websec/issues/103
[16:25] <virginie_> mark : we need a consistent name to refer to
[16:26] <virginie_> virginie : lets make the terminology as open as possible
[16:27] <marko> Should we replace Secure Element by Hardware Secure Device throughout?
[16:27] <marko> Colin: doesn't that have a different meaning?
[16:27] <Sebastien> (https://github.com/w3c/websec/issues/103)
[16:28] <virginie_> colin : we need to find a way which is english-apropriate, and device is broader then element
[16:30] <colin> virginie: leave till later but we need consistent vocabulary
[16:31] <colin> virginie: all do your homework:
[16:33] <marko> Mark: Would be good if someone can review the IDL in this document to make sure that it's sensible
[16:33] <virginie_> sébastien : make a call for the section 5 organization, changes are needed, but a fresh look would help.
[16:33] <virginie_> action : aurélien to look at the IDL
[16:33] * RRSAgent records action 2
[16:34] <marko> Virginie will schedule another call for 28 July. Rigo, Wendy,chaals not on this call.
[16:35] <marko> Sebastien would like one more week for comments: until 4th August. Virginie will schedule another quick call.
[16:36] <marko> Colin: will there be a face to face mtg at TPAC: V: yes, there will be a meeting on the Monday
[16:37] <marko> Bruno, Sebastien, Aurelien, David Rogers will be able to be there - either a full day or half day meeting depending on number of attendees
[16:38] <colin> virginie: invite browser folk to one hour briefing at TPAC?
[16:41] <colin> calls on 28 July and 4 August
[16:41] <virginie_> virginie : yes, we will have a complementary meeting on thursday 28th of July and another official one on the 4th of august
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

Received on Tuesday, 26 July 2016 14:50:54 UTC