W3C

- DRAFT -

Web Security Context WG Teleconference
1 Aug 2007

Agenda

See also: IRC log

Attendees

Present
Mary Ellen Zurko, Thomas Roessler, Maritza Johnson, Rachna Dhamija, Ian, Fette, Tim Hahn, Tyler Close, Anil Asaldhan
Regrets
Johnathan_N, Dan_S, Chuck, W
Chair
MEZ
Scribe
Maritza Johnson

Contents


 

 

<trackbot> Date: 01 August 2007

<ifette> Zaki, what conference is this?

<tlr> ScribeNick: maritzaj

Approve minutes from last meeting

http://www.w3.org/2007/07/18-wsc-minutes

Action items closed due to inactivity

mez: actions that are overdue and haven't received attention

tlr: on action-256, let's keep it open and see if johnath will pick it up
... don't think it should be lost

mez: won't keep it open but we can reassign
... anything else about closing action items?

Agenda bashing

mez: does audian want to say anything about our process
... he's not on the call
... recap agenda
... anyone want to bash the agenda?

tlr: would it be useful to talk about the structure of the rec track document either at the end today or next week
... i see overlap and i think we should merge
... go through the indicator themed proposals

<tlr> mez, was that a "yes" or "no"?

Update on the status of usbility testing

<rachna> http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFirstCut

<Mez> yes, "so noted" is an affirmation

Rachna: we've started to walk through the recommendations to evaluate them
... this is a work in progress
... we want to see if there are proposals we can test together or group
... we want feedback from the group or from the recommendation authors
... did we capture what you intended
... as tlr also mentioned, to do anything more detailed than what we've done we need lo-fi prototypes where there's interaction to be tested

tlr: this is useful, second thing, the suggested experiments for the ev experience, right now it looks like the study proposes using them as a tool against the user
... another option would be to test a pop-up you are accessing a site with an EV cert
... we want to know is user's trust ev certs

<tlr> alert("You are accessing an extended validation protected site. You are now secure.");

<Zakim> ifette, you wanted to discuss malware issues in indicator

ifette: i see a lot of security indicators and i was wondering if malware is in-scope or out-of-scope

<tlr> Software installation user experience is in scope. Subverted systems are our of scope.

mez: see wsc-usecases for general things

Rachna: i would say an indicator that says you're at a bad site is in scope

ifette: i hope that's in scope

mez: i haven't had time to read through this

Rachna: we haven't had time to review each other's work, we just wanted to get this out

tim: glad to see this in our wiki, haven't had a chance to get through it

mez: sounds like props all around and criticism to come
... thanks and let me know if you need time on a call to talk about this

Rachna: we need more detail on the proposals to go forward
... i think tlr wants to touch on this

mez: please put in mail what the process will be for this

wsc-usecases progress toward last call

<Mez> http://www.w3.org/2006/WSC/Group/track/products/2

mez: i think we're going good on this, we've made progress on the issues
... all but issue-25 are moving toward consensus
... i think that's a good state to take us to last call
... meaning I need to send the chair a heads up and I need a refresh on the process
... unless someone has an issue to bring up

tlr: i'd like to hear how far the editing of the document is going

mez: there are 6 substantive issues that don't have consensus declared

tlr; right, i know we're close on some, has tyler had a chance to fold them in

mez: tyler, could you remind us which have consensus

tyler: i don't know

mez: issue-6 does, issue-73 does not
... i give the shy and slow people a week to speak up against consensus

tlr: is issue-76 ready?

mez: it is

tlr: i think issue-83 is still open?

mez: yes

tlr: looks like we need to resolve these issues and make the changes
... the meaning of last call is the group thinks we're done with the document
... or at the very least there is a document and a very clear list of edits

mez: pointer?

tlr: fundamental meaning of last call, we get comments like good job, then we try not to make further edits

<Zakim> ifette, you wanted to talk about adding a use case

ifette: looking through the use-cases, if i return to a previously visited site that's now on a blacklist, how is that communicated?
... i'd like to see a use case on that

mez: the process for doing that is to create an issue

<tlr> ACTION: fette to supply use case on previous interaction site being blacklisted - due 2007-08-03 [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action01]

<trackbot> Sorry, couldn't find user - fette

<tlr> trackbot, reload

<tlr> ACTION: tlr to make fette supply use case on previous interaction site being blacklisted - due 2007-08-03 [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action02]

<trackbot> Created ACTION-275 - make fette supply use case on previous interaction site being blacklisted [on Thomas Roessler - due 2007-08-03].

Concensus and decision making

mez: i found the pointers for the w3c documentation on the process, it was sent in email to the list

<Mez> http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jul/0310.html

mez: i'm hoping anyone concerned has read this
... if you don't follow the process, you'll get directed there

Primary SCI discussion

<Mez> http://www.w3.org/2006/WSC/drafts/rec/#favicon

mez: My proposal for coming to consensus on the proposals is to start with the ones that are available to the user during their primary tasks, recs that highlight something we're doing wrong seem to be a good start
... favicons seems like a good place to start
... we need consensus on the conformance language and a few other things
... the conformance language defines what it means to conform to the standard
... looking at the proposal, 2.1.4, one of them reflects tlr's belief and the other reflects what tlr thinks is Mike McCormick's interpretation
... anyone have questions before we get started?
... the two variants are on how we talk about where SCI is displayed
... I like variant 1 better
... let's do a straw poll on what we think is better
... everyone give an opinion on 2.1.4.1

<Mez> I say good

<tlr> sorry

<asaldhan> I need to pass

<asaldhan> will get back

<tjh> good

I like 2.1.4.1, we may have a better chance at saying where we want to communicate trust information than what the user expects to be under the control of the user agent

<ifette> I can liv e with, prefer variant 2

<asaldhan> today I am using this complex conferencing system that I need time to figure out how to unmute

can live with, edging towards good

rachna: i can live with it
... but it's not very defined

tlr: i prefer variant 1
... i'm in the can live with part of variant 2, but strong preference for 1

tyler: i can live with

<asaldhan> I prefer variant1

<tlr> some people were strongly objecting against variant 2 in Dublin

<Zakim> ifette, you wanted to discuss preference for 2.1.4

ifette -- could you put that in irc?

<ifette> sure

thx

tlr: the intent of variant 1 is to abstract from saying you should not put favicons where people would normally look for SCI

<ifette> My preference towards 2.1.4.2 was to protect users who are familiar with a particular browser, and have an expectation to find indicators in a specific location, I want those users to be protected if they switch to a different browser. However, if that is deemed to fall under "areas... commonly used" then I have no objection with rev. 1

tlr: i think the intent is to address the concern you brought up
... we want to address the concern without deprecating the favicon

<Mez> rachna, I really want to hear what you were looking for in definitions

<asaldhan> I prefer if browsers follow the same setup/lookup/location as far as security is concerned

<Mez> will you go on queue? Or I can remember to call you when it gives out (but easier for me ifyou queue up)

tyler: to tlr, one way to gain that is to adjust user's expectations for where the favicon should be used, so we can hold on to use
... this calls out bitmaps when it seems like we might have the same problem with text

tlr: you're right about that, and we don't talk about scripts either
... change to visual information
... or something along those lines
... the fundamental contract is tied to visual presentation, the underlying is requirement is SCi should be differentiated from content
... that point is too general to be useful
... want to keep this clear that it addresses favicons, but there's also something more general here

mez: i like and support that temptation

rachna: to comment on tlr?

<tlr> ACTION: thomas to rewrite favicons material in light of call's discussion (try generalizing usefully) [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action03]

<trackbot> Created ACTION-276 - Rewrite favicons material in light of call\'s discussion (try generalizing usefully) [on Thomas Roessler - due 2007-08-08].

mez: you seemed to have a question about the terms used

rachna: i take my point back, is it the user's interpretation of where trust is communicated or ours?
... where are the areas?
... are the areas where other information appears? I don't know what a trusted area is.

tlr: to get compliance with this we'd need user testing, i wonder if we even need to step back and say what the high level idea is, then have a longer list of techniques/approaches that cover it

<Zakim> Mez, you wanted to talk about doing user testing to comply

mez: so you think user testing is scary, one of the things that came up at SOUPS -- will we need to specify something about conformance for our testing in order to get recommendations that will have a positive impact
... statements on how to do things
... having conformance language on how we're testing and whether or not it is user testing

tlr: interesting thought.
... i'll put a note into the draft -- we aren't sure how you would implement conformance language on this

mez: does anyone think variant 2 is stronger?

<rachna> variant 2 is at least more specific.

mez: let's say variant 2 will be removed

<tlr> RESOLUTION: variant 2 dropped. Result of straw poll: 3 good, 0 bad, 3 can live with.

mez: we have some more conformance language on the favicon proposal under techniques
... i'm assuming anything using must, may, should in all caps is meaning to be conformance language

<tlr> variant 2 is section 2.1.4.2 in r1.54 of http://www.w3.org/2006/WSC/drafts/rec/Overview.html; resolution provides input to ACTION-276

mez: let's look at 2.1.5

<Zakim> ifette, you wanted to talk about favicon

ifette: question -- if the browser doesn't display the favicon in the chrome, but wants to put it in the bookmark list, does it conform?

<Zakim> tlr, you wanted to talk about compliance

<tyler> http://www.w3.org/2006/WSC/drafts/note/#misleading-bookmark

tlr: the current draft, the must is used as a sufficient but necessary
... we should make it clear that this is one way to implement, but not mandatory
... would be a sufficient technique
... the MUST should be MAY

tyler: we've had discussion about having the favicon in the bookmarks, in the threat tree doc, we identify getting the user to select the wrong site from bookmarks as a threat

tlr: if this happens, it seems very likely i'd fall for the phish

<ifette> ack tyler's point, but I think if you can get phishing sites into a user's bookmarks they're in trouble anways

mez: can you push a bookmark through webcontent

tley: you can prompt a dialog to get the user to click ok and create a bookmark

tlr: if an attacker can push a bookmark, then this is an attack we might wish to deal with
... this is a trust decision

mez: let's not lose this as a robustness practice

<Zakim> tlr, you wanted to ask about status bar?

tlr -- could you put that in irc, i missed it

<tlr> tlr: mention status bar as a place where you really don't want to have favicons?

thx

<tlr> ... could think of "cool" ui metaphors that might cause trouble ...

tlr: could also look into visual interaction, what is a useful visual separation?

mez: time for another straw poll, consensus on the language of 2.1.5?

<tlr> putting it on the record.... I would also like to hear about the "MAY" in the third one

<tlr> +1 to these two

<tjh> can live with - assuming Location Bar is defined in the glossary

<Mez> good with both

<tlr> rachna, the location bar is primary ui, the second is about secondary

<ifette> can live with

<asaldhan> live with

<rachna> ok you are right.

<Zakim> ifette, you wanted to discuss consistency issue between first two bullets re: favorite icons beinf suffixed with [FAVICON]

result of straw poll: 2 good, 0 bad, 6 can live with

mez: do we have location bar in the glossary

<tlr> ACTION: tjh to supply definition of "location par" and put it into glossary [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action04]

<trackbot> Created ACTION-277 - Supply definition of \"location bar\" and put it into glossary [on Tim Hahn - due 2007-08-08].

<rachna> why isn't bullet one phrased the same way bullet 2 is? That is why is the Location Bar singled out from all content used to enable trust decisions.

rachna: so bullet one is about primary ui and 2 is about secondary, why is the first only talking about the location bar?
... just wondering if there's a reason

tlr: the assumption is the users might be using different browsers
... first technique is still drill down the most egregious case we can think of
... and also put a stop where secondary UI is concerned
... specify things you really don't want to do

mez: looks like consensus

<tlr> argh

tlr: have we agreed on wording on meaning?
... i do have an action item on the wording

mez: adding definitions doesn't change but helps the conformance language
... i think the focus of the straw poll needs to be recorded
... i was going for the actual wording because the wording is important in conformance

tlr: i'm going to make minor changes
... i don't want to have every word in concrete
... there are probably changes that will be made, but the intent won't be changed

mez: i'm happy to do straw polls on alternative things, but they need to be written down so we know what we're voting on

<tlr> PROPOSED: agree on meaning of first two techniques; editor has license to refine language

mez: i downgrade to can live with
... i'm unclear on the meaning of doing this as a process

<tlr> RESOLUTION: so accepted

<tlr> rragent, bookmark

mez: i think that's all the conformance language in the favicon proposal
... and we're done with the agenda items

Next meeting - Wednesday, August 8

mez: tlr wants to talk about what we'll put in the rec track document

tlr: IdentitySignal seems to indicate trust, identity and security, we should attempt to extract what's in EV, what's in Secure letterhead and put that up for discussion
... i've begun the process, but i think we should try to combine the various proposals and discuss the various alternative

mez: we should give time for reading before we discuss

tlr: i can't have it by this week

mez: we'll discuss identitySignal
... we'll use whatever is there Friday morning and we can pull anything else into discussion

tlr: to prepare -- is anyone thinking of any other proposals that should be folded in with IdentitySignal

mez: send out mail, not everyone's on the call
... maritza, rachna, who's looking at PII EditorBar

tyler: i have questions/discussion who should I talk to about this
... i need clarification on some things, expensive by email

rachna: I'm hoping the expected user behavior will be agreed on

tlr: i'm trying to figure out if i want to start identify issues or if i should wait

tyler: i don't have a good idea of what comments you have in mind

rachna: to answer your question, no we haven't looked at what will or will not conform

tlr: you might want to and start trimming the edges
... could also be a useful exercise for evaluation

mez: so tyler and rachna will clarify and report back

<tlr> meeting adjourned

Summary of Action Items

[NEW] ACTION: fette to supply use case on previous interaction site being blacklisted - due 2007-08-03 [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action01]
[NEW] ACTION: thomas to rewrite favicons material in light of call's discussion (try generalizing usefully) [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action03]
[NEW] ACTION: tjh to supply definition of "location par" and put it into glossary [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action04]
[NEW] ACTION: tlr to make fette supply use case on previous interaction site being blacklisted - due 2007-08-03 [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action02]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.128 (CVS log)
$Date: 2007/08/01 16:36:51 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.128  of Date: 2007/02/23 21:38:13  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/proposal/proposals/
Succeeded: s/ceret/cert/
Succeeded: s/out/our/
Succeeded: s/2.1.4/2.1.4.1/
Succeeded: s/the intent/tlr: the intent/
Succeeded: s/bookmakr/bookmark/
Succeeded: s/location par/location bar/
Found ScribeNick: maritzaj
Inferring Scribes: maritzaj

WARNING: No "Present: ... " found!
Possibly Present: Bill_Doyle DanSchutzer HP Maritza_Johnson MaryEllen_Zurko PROPOSED Rachna ScribeNick Thomas Tim_Hahn aaaa aabb aacc aadd asaldhan ifette joined mez tim tjh tley tlr trackbot tyler wsc
You can indicate people for the Present list like this:
        <dbooth> Present: dbooth jonathan mary
        <dbooth> Present+ amy

Regrets: Johnathan_N Dan_S Chuck W
Agenda: http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jul/0361.html
Found Date: 1 Aug 2007
Guessing minutes URL: http://www.w3.org/2007/08/01-wsc-minutes.html
People with action items: fette thomas tjh tlr

[End of scribe.perl diagnostic output]