Meeting record: WSC WG weekly 2007-03-28

The minutes from our meeting on 28 March were approved yesterday:

  http://www.w3.org/2007/03/28-wsc-minutes

A text version is included below.
-- 
Thomas Roessler, W3C  <tlr@w3.org>






                                 WSC WG weekly

28 Mar 2007

   See also: [2]IRC log

   [3]Agenda

Attendees

   Present
          Mike Beltzner
          Johnathan Nightingale
          Thomas Roessler
          Mary-Ellen Zurko
          George Staikos
          Stuart Schechter
          Rachna Dhamija
          Martiza Johnson
          Shawn Duffy
          Serge Egelman
          Jan Vidar Krey
          Bill Doyle
          Chris Nautiyal
          Rishikesh A Pande
          Yngve Pettersson
          Dan Schutzer

   Regrets
          hal, chuck, praveen, Phill

   Chair
          MEZ

   Scribe
          serge, tlr

Contents

     * [4]Topics
         1. [5]Approval of minutes
         2. [6]Newly closed action items
         3. [7]Editing process, style, and alternatives
         4. [8]Roadmap and schedule
         5. [9]threat trees and use cases?
         6. [10]next meeting
     * [11]Summary of Action Items
     _________________________________________________________________


Approval of minutes

   <tlr> [12]http://www.w3.org/2007/03/20-wsc-minutes

   Mez_: any issues?

   Minutes approved.

Newly closed action items

   Mez_: any issues?

   Action item closures approved.

Editing process, style, and alternatives

   tlr: figuring out how to put comments and issues into a format easier to
   track

   tlr: a few questions, who is the watchdog on public comment list to say when
   comments have turned into issues
   ... Bill Doyle has volunteered

   <tlr>  Bill  Doyle volunteers to take care of tracking public list and
   deriving issues from that.

   <rachna>  can  we  edit on a wiki, and then have one or two editors to
   formalize it?

   tlr: we can edit on a wiki to a certain point; later, need agreement between
   editors to figure out who gets the lock on what sections, then use CVS or
   something to merge changes

   <Mez_> and who was the person who asked this question on the phone? did we
   capture that ok?

   tlr: can Rachna be an editor?

   rachna: don't want to be a bottleneck

   <sduffy_aol> are we talking about polishing content that's been added via
   the wiki for a final report format?

   tlr: we need a few people with a moderate amount of time to volunteer

   bill-d: the note seemed to work pretty well, though it got harder due to
   feedback and turning it into the wiki, though people contributed to their
   own sections

   tlr: when moving forward editors may need to deal with resolutions

   <sduffy_aol> since I hadn't joined when the first note was drafted, can
   someone  clarify the editor role because I'd be willing to help once I
   understand what's expected...

   <Mez_> and of course, Tyler should augment or correct tlr's description of
   Editor, based on his experience so far

   tlr: editor will roll out changes into the actual document
   ... casting text into the formal format
   ... editor transforms information from the group into the final document

   <sduffy_aol> thanks for the explanation... I'd be willing to help out with
   others... just dont want to be a bottleneck either :-)

   tlr: if you think you're a bottleneck for any given week, say so!

   <rachna> I think Tyler had to do a lot of writing to convert wiki and phone
   discussion into text. It might be good if we had sections parallel to the
   document on the wiki, so we could all contribute writing text.

   Mez_: is this for use cases and recommendations?

   tlr: that's open

   <tlr>  ACTION: thomas to set up shawn and rachna as additional editors
   [recorded in [13]http://www.w3.org/2007/03/28-wsc-minutes.html#action01]

   <trackbot>  Created ACTION-166 - Set up shawn and rachna as additional
   editors [on Thomas Roessler - due 2007-04-04].

Roadmap and Schedule

   <Mez_>
   [14]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Mar/0118.html

   Mez_: review comments on Note due April 4th

   <Mez_> [15]http://www.w3.org/2006/WSC/wiki/RecommendationIndex

   Mez_: area on wiki to track recommendations
   ... start logging recommendations on any appropriate level, by end of April

   <Mez_>
   [16]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Mar/0119.html

   Mez_: quick pitches on items on the agenda, 5 minutes each
   ... any opinions?

   <staikos> +1 for me too

   <maritzaj> signing off for another meeting. hope to return, but unlikely ...

   <sduffy_aol> sounds good... agreed here, as well

   tlr: should we go around the table to see what people expect to do?

   Mez_: we should do this at the beginning of conference calls
   ... we can always do this by email
   ... if someone wants to have a slot, send me mail

   <tlr> ACTION: Zurko to send mail to outline quick review process for further
   April  calls;  call  for  agenda  input  for  next  call  [recorded in
   [17]http://www.w3.org/2007/03/28-wsc-minutes.html#action03]

   <trackbot> Created ACTION-174 - Send mail to outline quick review process
   for further April calls; call for agenda input for next call [on Mary Ellen
   Zurko - due 2007-04-04].

   Mez_: this will take us into May, after which we have a face-to-face
   ... register!
   ... would like to have editor's draft going into face-to-face
   ... target May 14th for the draft

   tlr: bunch of people attending WWW, so maybe cancel the call?

   <johnath> no objection here to cancelling the may 8th call

   <sduffy_aol> none here

   <tlr> PROPOSED: to skip call on May 8.

   Mez_: any problems skipping May 8th call?

   <tlr> PROPOSED: to skip May 9 call

   <tlr> ACTION: zurko to really cancel May 9 call - due May 2 [recorded in
   [18]http://www.w3.org/2007/03/28-wsc-minutes.html#action04]

   <trackbot> Created ACTION-168 - really cancel May 9 call [on Mary Ellen
   Zurko - due 2007-05-02].

   Mez_: we need goals to be reflected in rec draft
   ... we need to look at the other goals when reviewing
   ... anything else on the goals?
   ...  June  is  when  we  start  figuring  out  the coding, test plans,
   functional/robustness/usability
   ... July we code and prototype
   ... if you're busy, let us know now

   tlr: there can be many public working drafts

   Mez_: people don't usually get serious about comments until later in the
   process

   rachna: I hope we have lots of iteration on the recommendations

   <tlr>   ACTION:   zurko   to   put  roadmap  into  wiki  [recorded  in
   [19]http://www.w3.org/2007/03/28-wsc-minutes.html#action05]

   <trackbot> Created ACTION-169 - Put roadmap into wiki [on Mary Ellen Zurko -
   due 2007-04-04].

   Mez_: any more comments on coding?
   ... August we'll apply the test plans

   tlr: don't expect lots of work in July/August/September

   Mez_: look at the milestones if this is you

   <tlr> ... two months worth of work, maybe, three months work, never ...

   tlr: schedule August/September instead

   <tlr> ACTION: zurko to put 4th f2f on Dublin agenda: September or November?
   [recorded in [20]http://www.w3.org/2007/03/28-wsc-minutes.html#action06]

   <trackbot> Created ACTION-170 - Put 4th f2f on Dublin agenda: September or
   November? [on Mary Ellen Zurko - due 2007-04-04].

   Mez_: what else needs to be in the outline?

   tlr: what assumptions will be broken?

   <Mez_> [21]http://www.w3.org/TR/wsc-usecases/#relevance

   <Mez_> [22]http://www.w3.org/2006/WSC/wiki/ThreatTrees

   <Mez_> [23]http://www.w3.org/TR/wsc-usecases/#use-cases

   Mez_: next topic: threat trees and relevance goals

threat trees and use cases?

   Mez_: Stuart?

   ses: whoever drafted the relevance goals, are they relevant to the threat
   trees?
   ... 2.2 is two sentences, saying what the group will do...

   Mez_: let's discuss this.

   ses: there are potentially exponential number of use cases
   ... if we did all combinations, we'd generate a very large number of use
   scenarios
   ...  is there value in enumerating all these things, or are just a few
   dimentions useful?

   tlr: the point is that academically we just need dimensions for our audience

   <Paul> Isn't the skill in picking the smallest number of use cases that
   clearly describe the problems?

   tlr: our current use cases don't elaborate on all dimensions, but do touch
   on most bifurcations

   <Mez_> or the ones we want to go after, because they're "common"

   <Mez_> which is part of goal 2.2

   <scribe> I think it's unreasonable to believe we're going to address every
   use case; I agree that we should just focus on common ones

   Mez_: there's a subset of common ones that we'll focus on in fulfilling goal
   2.2

   tlr: there seems to be agreement

   <ses> My question is whether it makes sense to use the dimensions or the
   examples to move forward.

   MEZ: change goal etc

   ses: do not understand coverage?
   ... is it "easy to enumerate" or is it "important"?

   MEZ: cover what's most common

   <ses> I don't see very many things that aren't common in the dimensions

   <sduffy_aol> I also have another meeting I need to attend...

   ses: asking to what extent use cases and nodes in threat tree match?
   ... <trying to define "match">

   <rachna> I think we are conflating usage scenarios (use cases) and attacks.
   Aren't these two separate things?

   ses: (more complicated version of what Rachna typed into IRC)

   <Paul> Sorry not on the phone.

   <Mez_> then just type it in :-)

   <Mez_> your comment/question

   <Paul> Do we have a methodology chosend for threat assesment?

   <rachna>  In  the end, we want to be able to say that recommendation X
   satisfies  use cases A,B, C, and is vulnerable or resistant to certain
   attacks 1, 2, 3.

   <Paul> pardon my typos

   tlr: +1 to rachna

   <beltzner> +2 to rachna

   <johnath> rachna++

   mez: rachna's comment seems popular

   mez: how does goal 2.2 fit there...

   <ses> You can map threats to the use-case-dimensional values. I think going
   to straight to examples is counterproductive because, once again, it doesn't
   help us to understand the _set_ of possible use cases that can be subverted
   by each threat.

   <johnath> rachna.trenchant = true;

   mez: pick common use cases ...
   ... identify what security information user requires ...
   ... hook into recommendations ...
   ... security information needed, provided ...

   <ses> Rachna: I would say that recommendation X is a countermeasure against
   threats  A  for use cases of a given set, threat B for uses cases in a
   different set, and so on.

   johnathan: got it, congrats to self ...
   ... is it just measurement of success or more? ...

   <johnath> tlr: +1

   tlr: These things are for different audiences. They are related. Please do
   not construct a dichotomy where none exists.

   <ses> I'm fine with examples, but we lose meaning and understanding if our
   work is on examples rather than on the dimensions that create the examples.

   mez: How are we going to execute goal 2.2?
   ... as part of getting out recs in April, discussion in April should be
   pulling out use cases ...

   <ses> For example, if we say "this works against usage scenario 2.X", and
   not against "all uses cases in set Y", then we don't have a definitive
   answer when someone outside the group asks "but will it help me with MY
   scenario which is different than yours?"

   <Mez_> ses, you might be saying that the specific doesn't apply to the
   abstract. If you are, I believe we need both.

   (discussion between tlr and ses about how threat trees map to use cases and
   scenarios; MEZ notes we're losing time)

   <scribe> ACTION: thomas and stuart to try to figure out how to move forward
   with this [recorded in
   [24]http://www.w3.org/2007/03/28-wsc-minutes.html#action07]

   <trackbot> Created ACTION-171 - And stuart to try to figure out how to move
   forward with this [on Thomas Roessler - due 2007-04-04].

   mez: stuart, please let's think abut how the threat trees fit in
   ... as we go through recs, let's look at the goals / use cases
   ... I think Tyler did that in his rec proposal ...

   tyler: yeah, did a stab at that

   mez: Let's do that against each of the recommendations

next meeting

   mez: 4 April; please submit review comments on note by then

   staikos: regrets, meeting, but will make effort to send stuff to list

   adjourned

Summary of Action Items

   [NEW] ACTION: thomas and stuart to try to figure out how to move forward
   with this [recorded in
   [25]http://www.w3.org/2007/03/28-wsc-minutes.html#action07]
   [NEW]  ACTION: thomas to set up shawn and rachna as additional editors
   [recorded in [26]http://www.w3.org/2007/03/28-wsc-minutes.html#action01]
   [NEW] ACTION: Zurko to send mail to outline quick review process for further
   April  calls;  call  for  agenda  input  for  next  call  [recorded in
   [27]http://www.w3.org/2007/03/28-wsc-minutes.html#action03]
   [NEW] ACTION: zurko to put 4th f2f on Dublin agenda: September or November?
   [recorded in [28]http://www.w3.org/2007/03/28-wsc-minutes.html#action06]
   [NEW]   ACTION:   zurko   to   put  roadmap  into  wiki  [recorded  in
   [29]http://www.w3.org/2007/03/28-wsc-minutes.html#action05]
   [NEW] ACTION: zurko to really cancel May 9 call - due May 2 [recorded in
   [30]http://www.w3.org/2007/03/28-wsc-minutes.html#action04]

   [End of minutes]
     _________________________________________________________________


    Minutes formatted by David Booth's [31]scribe.perl version 1.128 ([32]CVS
    log)
    $Date: 2007/04/04 22:41:15 $

References

   1. http://www.w3.org/
   2. http://www.w3.org/2007/03/28-wsc-irc
   3. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Mar/0131.html
   4. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#agenda
   5. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#item01
   6. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#item02
   7. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#item03
   8. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#Roadmap
   9. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#item04
  10. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#item05
  11. file://localhost/home/roessler/W3C/WWW/2007/03/28-wsc-minutes.html#ActionSummary
  12. http://www.w3.org/2007/03/20-wsc-minutes
  13. http://www.w3.org/2007/03/28-wsc-minutes.html#action01
  14. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Mar/0118.html
  15. http://www.w3.org/2006/WSC/wiki/RecommendationIndex
  16. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Mar/0119.html
  17. http://www.w3.org/2007/03/28-wsc-minutes.html#action03
  18. http://www.w3.org/2007/03/28-wsc-minutes.html#action04
  19. http://www.w3.org/2007/03/28-wsc-minutes.html#action05
  20. http://www.w3.org/2007/03/28-wsc-minutes.html#action06
  21. http://www.w3.org/TR/wsc-usecases/#relevance
  22. http://www.w3.org/2006/WSC/wiki/ThreatTrees
  23. http://www.w3.org/TR/wsc-usecases/#use-cases
  24. http://www.w3.org/2007/03/28-wsc-minutes.html#action07
  25. http://www.w3.org/2007/03/28-wsc-minutes.html#action07
  26. http://www.w3.org/2007/03/28-wsc-minutes.html#action01
  27. http://www.w3.org/2007/03/28-wsc-minutes.html#action03
  28. http://www.w3.org/2007/03/28-wsc-minutes.html#action06
  29. http://www.w3.org/2007/03/28-wsc-minutes.html#action05
  30. http://www.w3.org/2007/03/28-wsc-minutes.html#action04
  31. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
  32. http://dev.w3.org/cvsweb/2002/scribe/

Received on Thursday, 5 April 2007 11:52:36 UTC