Re: Minutes: WSC WG weekly 2006-11-21

On 2006-12-05 17:00:42 +0100, Thomas Roessler wrote:

> The minutes from our last meeting were approved and posted publicly
> today; they're online here:
> 
>   http://www.w3.org/2006/11/21-wsc-minutes.html
> 
> Thanks to Sunil for scribing.

I just realized that the lack of a plain-text version means that
tracker never learned how to link to the context of various action
items.

Here we go...

-- 
Thomas Roessler, W3C  <tlr@w3.org>






   [1]W3C 

                                 WSC WG weekly
                                  21 Nov 2006

   [2]Agenda

   See also: [3]IRC log

Attendees

   Present
          Mary Ellen Zurko
          Bill Doyle
          Kevin
          Anthony Nadalin
          Thomas Roessler
          Paul
          Hal Lockhart
          Yakov Sverdlov
          Stephen Farrell
          George Staikos
          Michael Smith
          Phillip Hallam-Baker
          Tyler Close

   Regrets
   Chair
          Mary Ellen Zurko

   Scribe
          Sunil

Contents

     * [4]Topics
         1. [5]Pick a scribe http://www.w3.org/2006/WSC/scribes
         2. [6]Approve minutes from f2f
         3. [7]Update from Tyler re note
         4. [8]Discussion of Goals and Non-Goals
         5. [9]Next meeting (28th is during AC meeting)
         6. [10]Action item review
     * [11]Summary of Action Items
     _________________________________________________________________



Pick a scribe [12]http://www.w3.org/2006/WSC/scribes

   Sunil to scribe

Approve minutes from f2f

   assuming there are no problems, we'll approve the mintues

   <tlr> Last meeting's minutes: [13]http://www.w3.org/2006/11/14-wsc-minutes;
   [14]http://www.w3.org/2006/11/15-wsc-minutes

   ok, the minutes are not approved

   <tlr> RESOLVED: minutes approved.

   scribe: email doesn't get to MEZ as quickly as one would expect, as her org
   runs pre-beta servers, so there's a possibility of glitch...
   ... try to contact MEZ through some other media or go through Thomas...

Update from Tyler re note

   <Mez> [15]http://www.w3.org/2006/WSC/drafts/note/

   <stephenF> took a peek earlier - it looks good

   scribe: the above link contains the notes Tyler had put up so far...

   The notes has the skeletal version, and he has put in some use cases. He'll
   continue to extract more content from the email and put them in the notes...

   He'll send out an update when he has done that

   MEZ says that we should get the content on Wiki so that's easy on Tyler...

   Thomas will send out instructions either end of today or by tomorrow on how
   to use Wiki

   The  Wiki  will  NOT  use  the  same  username/password  as  their W3C
   username/password

Discussion of Goals and Non-Goals

   MEZ says we should work on the Goals/Non-goals agenda item

   <stephenF> got a ptr to that email?

   MEZ has started the list in one of the email responses to Mike...

   <Mez>
   [16]http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0041.html

   The charter, 2 days of f2f has provided enough context to discuss what is
   within scope and what is out

   MEZ claims that the existing list seems quite uncontentious

   MEZ is reading out the contents of the email...

   <Zakim> malware, you wanted to ask about high-level problem description

   Mike says the goal is to help the user protect themselves becoming victims
   of the phishing attacks, or correctly identity the biz they are sharing
   information with

   MEZ says we should be able to get couple of use cases, before deciding
   either way

   Mike says that with such work, we have to explain to the outside world what
   we are doing, what's the value of the work to the 'unsophisticated user'. He
   agrees, that it's little early to take a stance yet...

   <Zakim> Thomas, you wanted to note it's probably ok to talk about overall
   goal for ourselves, and then see how far the use cases get us

   Hal: has a different perspective, says phishing is an example of what we are
   solving.

   Phishing maybe a short term problem, but we should focus solving problem in
   general.

   Mez says tactically speaking, the problem we are solving is phishing, but
   strategically we are tyring to get across to layman on the browser who they
   are talking to.

   <malware> so for the record, what I wanted to say was that I think it might
   benefit to consider formulating a high-level description that explains in
   simple terms to an unsophisticated users what problems we are trying to
   solve with this work.

   Stephen: If there's a unsophisticated user whose user agent supports both
   HTTP and FTP, then how do we get it across to the user

   MEZ says that what we are trying to put in the security context that is
   general in nature, irrespective of http/ftp

   scribe: but when we get into specifics, we would like to leave out some set
   of protoocols in the universer...

   Stephen says that if we fix all the holes in HTTP, the hackers will move to
   FTP.

   MEZ agrees there will be holes

   Stephen thinks that it might not be correct to leave out FTP as user are
   using general purpose User Agent

   <staikos> without wasting air time, SOAP == HTTP

   MEZ is looking for a place to start with

   <tjh> can we formulate a use case for non-HTTP?

   Mez tells Stephen to come up with a use case scenario that includes FTP

   <scribe>  ACTION:  Stephen  to come up with a use case for FTP's usage
   [recorded in [17]http://www.w3.org/2006/11/21-wsc-minutes.html#action01]

   <trackbot> Created ACTION-32 - Come up with a use case for FTP\'s usage [on
   Stephen Farrell - due 2006-11-28].

   <stephenF> http as biggest deal is just fine by me

   scribe: MEZ says seems nobody has problems with keeping HTTP front and
   center...

   PHB says we secure HTTP and call FTP legacy. He's happy keeping protocols
   like IRC, SMTP out of scope too at this point

   <tlr> data: URIs?

   George agrees with PHB, that FTP should be out of scope. But thinks the
   'data' protocol is quite interesting

   MEZ says that generally people seem to be ok with what's in scope, but folks
   seem to have problem with what's out of scope

   scribe: we should start populating the goals/non goals section of note

   Hal says that if we are putting the goals and non-goals in the document, we
   should be very precise.

   scribe: Goals and scope are a little different...
   ... the point is we are talking about is goals, but actually they are the
   things within scope or out of scope...

   <staikos> yes

   scribe: the document has a section for goals/non-goals...

   MEZ says Goals/Non-goals is right for the document and not sure we need
   scope/out of scope

   <malware> where F00 is (in this case), base64-encoded GIF data

   <malware> oh

   Hal can you please type your example of goals/non-goals scope/out-of-scope

   <malware> then:

   <malware> just thinking and suggests that perhaps at a high level, we may be
   saying that we are trying to help users correctly evaluate the identity of
   an online business in order to decide if that business is worthy of trust
   (that is, decide if they want to exchange personal information with that
   online business)

   <Paul> HTTP is a protocol on the wire, but a lot of the attacks that we talk
   about  are display issues. For example, manipulation of the chrome, or
   obscured URLs. So should HTML be in the scope?

   <malware>  the  'data'  protocol  that staikos mentions is e.g., '<img
   src="data:image/gif;base64,F00"/>

   <staikos> tlr: should fix that logging :)

   MEZ says there are two aspects that are within scope. i) security context,
   definitely  protocols  are  within  context, ii) protecting from chrom
   manipulation, hence DHTML is within scope

   <Paul> So we want to nail the use cases before we write to specific a scope
   statement.

   <Mez> I think it's iterative; some people like the abstract scope then the
   concrete use cases, some the other way around

   tyler says, we should have a scope/out-of-scope section, as it will help the
   patent attorneys
   PHB: and non-goals need to be described at a much higher level abstraction
   then what Hal did

   <Paul> I agree with PHB.

   PHB, I am missing the subtlety, can you please type in what you just said

   <Paul> I think the scope should be driven more by use cases than jumping to
   a protocol discussion.

   <malware>  I believe I agree with PHB's distinction about statement of
   "goals" being at a higher level of abstraction than "scope"

   MEZ says we should someone drafting the goals/non-goals (more abstract) and
   have someone draft the use cases (the more concrete)

   <stephenF>  MEZ's plan sounds good, but makes me wonder when we get to
   closure on those

   <Mez> in 2 minutes...

   <tlr> ACTION: hallam-baker to draft goals / non-goals section [recorded in
   [18]http://www.w3.org/2006/11/21-wsc-minutes.html#action02]

   <trackbot> Created ACTION-33 - Draft goals / non-goals section [on Phillip
   Hallam-Baker - due 2006-11-28].

   <scribe>   ACTION:   PHB   draft   the  Goals/Non-Goals  [recorded  in
   [19]http://www.w3.org/2006/11/21-wsc-minutes.html#action03]

   <tlr>   ACTION:   zurko   to  draft  scope/out-of-scope  [recorded  in
   [20]http://www.w3.org/2006/11/21-wsc-minutes.html#action04]

   <trackbot> Created ACTION-34 - Draft scope/out-of-scope [on Mary Ellen Zurko
   - due 2006-11-28].

   mez is trying to verify if there's any section of the note as drafted by
   tyler, that is under explored or sections are missing completely

   scribe: the action items that are most imp are scope/non-scope, use cases
   and foundation principles
   ... she doubts that we have good use case coverage...

Next meeting (28th is during AC meeting)

   mez asks thomas, should we have a meeting next week?

   thomas says that traditionally we don't have meeting during AC meeting,
   suggest we skip next meeting and have the next one on Dec 5th

   <staikos> I have a full-day meeting Dec 5

   post Dec 1 will be good, as lots of actions are due by then

   <malware> I'll be in Boston on Dec. 5 for XML 2006

   Mike is fine with Dec 5

   RESOLUTION: The next phone meeting will be on Dec 5th, same time (10am EST).

   Hal asks how action items get closed

   Thomas says that his pref is that action items not get closed promptly. As
   we go forward, during meetings we actually decide that an action has been
   resolved, and we close them then

   thomas is trying to bring up list of action items and see if we can close
   them...

   <malware> I checked XML 2006 schedule. 10am sessions on Dec. 5 are about
   XQuery and w3C XML Schema, both of which I am glad to miss :)

Action item review

   Action 1 is closed

   <tlr> [21]http://www.w3.org/2006/WSC/track/actions/3

   make action 3 out of scope (as it's related to sandboxing).

   <malware> About the XPath/XQuery question, I think Staikos' point on the
   list (about it essentially being no different from Javascript) was right.

   <stephenF> yes, to what thomas said

   <tlr>  ACTION:  thomas  to open issue for xpath/xquery in/out-of scope
   [recorded in [22]http://www.w3.org/2006/11/21-wsc-minutes.html#action05]

   <trackbot> Created ACTION-35 - Open issue for xpath/xquery in/out-of scope
   [on Thomas Roessler - due 2006-11-28].

   action 10, mike, rejected the action.

   hal suggests we close action 12, enumerating the context.

   thomas  asks  do  we  have agreement that action 12 has been discussed
   sufficiently?

   <tjh> shouldn't then the action close once the info is in the wiki?

   <tlr>   ACTION-12   to   be   closed;   done   at   the  meeting;  see
   [23]http://www.w3.org/2006/WSC/security-context-info-sources

   <Mez> Tim, only if Hal really deserved to own it.

   action 14 is duplicate is something else

   action 28, minute cleanup, action 31, produce a skeletal doc, done.

   scribe: the only one that needs more attention is action 35...

Summary of Action Items

   [NEW] ACTION: hallam-baker to draft goals / non-goals section [recorded in
   [24]http://www.w3.org/2006/11/21-wsc-minutes.html#action02]
   [NEW]   ACTION:   PHB   draft   the   Goals/Non-Goals   [recorded   in
   [25]http://www.w3.org/2006/11/21-wsc-minutes.html#action03]
   [NEW] ACTION: Stephen to come up with a use case for FTP's usage [recorded
   in [26]http://www.w3.org/2006/11/21-wsc-minutes.html#action01]
   [NEW]  ACTION:  thomas  to open issue for xpath/xquery in/out-of scope
   [recorded in [27]http://www.w3.org/2006/11/21-wsc-minutes.html#action05]
   [NEW]   ACTION:   zurko   to  draft  scope/out-of-scope  [recorded  in
   [28]http://www.w3.org/2006/11/21-wsc-minutes.html#action04]

   [End of minutes]
     _________________________________________________________________


    Minutes formatted by David Booth's [29]scribe.perl version 1.127 ([30]CVS
    log)
    $Date: 2006/12/05 16:00:11 $

References

   1. http://www.w3.org/
   2. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0042.html
   3. http://www.w3.org/2006/11/21-wsc-irc
   4. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#agenda
   5. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item01
   6. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item02
   7. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item03
   8. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item04
   9. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item05
  10. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#item06
  11. file://localhost/home/roessler/W3C/WWW/2006/11/21-wsc-minutes.html#ActionSummary
  12. http://www.w3.org/2006/WSC/scribes
  13. http://www.w3.org/2006/11/14-wsc-minutes;
  14. http://www.w3.org/2006/11/15-wsc-minutes
  15. http://www.w3.org/2006/WSC/drafts/note/
  16. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Nov/0041.html
  17. http://www.w3.org/2006/11/21-wsc-minutes.html#action01
  18. http://www.w3.org/2006/11/21-wsc-minutes.html#action02
  19. http://www.w3.org/2006/11/21-wsc-minutes.html#action03
  20. http://www.w3.org/2006/11/21-wsc-minutes.html#action04
  21. http://www.w3.org/2006/WSC/track/actions/3
  22. http://www.w3.org/2006/11/21-wsc-minutes.html#action05
  23. http://www.w3.org/2006/WSC/security-context-info-sources
  24. http://www.w3.org/2006/11/21-wsc-minutes.html#action02
  25. http://www.w3.org/2006/11/21-wsc-minutes.html#action03
  26. http://www.w3.org/2006/11/21-wsc-minutes.html#action01
  27. http://www.w3.org/2006/11/21-wsc-minutes.html#action05
  28. http://www.w3.org/2006/11/21-wsc-minutes.html#action04
  29. http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/scribe/scribedoc.htm
  30. http://dev.w3.org/cvsweb/2002/scribe/

Received on Wednesday, 13 December 2006 11:37:31 UTC