See also: IRC log
<trackbot> Date: 01 August 2007
<ifette> Zaki, what conference is this?
<tlr> ScribeNick: maritzaj
http://www.w3.org/2007/07/18-wsc-minutes
mez: actions that are overdue and haven't received attention
tlr: on action-256, let's keep it
open and see if johnath will pick it up
... don't think it should be lost
mez: won't keep it open but we
can reassign
... anything else about closing action items?
mez: does audian want to say
anything about our process
... he's not on the call
... recap agenda
... anyone want to bash the agenda?
tlr: would it be useful to talk
about the structure of the rec track document either at the end
today or next week
... i see overlap and i think we should merge
... go through the indicator themed proposals
<tlr> mez, was that a "yes" or "no"?
<rachna> http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFirstCut
<Mez> yes, "so noted" is an affirmation
Rachna: we've started to walk
through the recommendations to evaluate them
... this is a work in progress
... we want to see if there are proposals we can test together
or group
... we want feedback from the group or from the recommendation
authors
... did we capture what you intended
... as tlr also mentioned, to do anything more detailed than
what we've done we need lo-fi prototypes where there's
interaction to be tested
tlr: this is useful, second
thing, the suggested experiments for the ev experience, right
now it looks like the study proposes using them as a tool
against the user
... another option would be to test a pop-up you are accessing
a site with an EV cert
... we want to know is user's trust ev certs
<tlr> alert("You are accessing an extended validation protected site. You are now secure.");
<Zakim> ifette, you wanted to discuss malware issues in indicator
ifette: i see a lot of security indicators and i was wondering if malware is in-scope or out-of-scope
<tlr> Software installation user experience is in scope. Subverted systems are our of scope.
mez: see wsc-usecases for general things
Rachna: i would say an indicator that says you're at a bad site is in scope
ifette: i hope that's in scope
mez: i haven't had time to read through this
Rachna: we haven't had time to review each other's work, we just wanted to get this out
tim: glad to see this in our wiki, haven't had a chance to get through it
mez: sounds like props all around
and criticism to come
... thanks and let me know if you need time on a call to talk
about this
Rachna: we need more detail on
the proposals to go forward
... i think tlr wants to touch on this
mez: please put in mail what the process will be for this
<Mez> http://www.w3.org/2006/WSC/Group/track/products/2
mez: i think we're going good on
this, we've made progress on the issues
... all but issue-25 are moving toward consensus
... i think that's a good state to take us to last call
... meaning I need to send the chair a heads up and I need a
refresh on the process
... unless someone has an issue to bring up
tlr: i'd like to hear how far the editing of the document is going
mez: there are 6 substantive issues that don't have consensus declared
tlr; right, i know we're close on some, has tyler had a chance to fold them in
mez: tyler, could you remind us which have consensus
tyler: i don't know
mez: issue-6 does, issue-73 does
not
... i give the shy and slow people a week to speak up against
consensus
tlr: is issue-76 ready?
mez: it is
tlr: i think issue-83 is still open?
mez: yes
tlr: looks like we need to
resolve these issues and make the changes
... the meaning of last call is the group thinks we're done
with the document
... or at the very least there is a document and a very clear
list of edits
mez: pointer?
tlr: fundamental meaning of last call, we get comments like good job, then we try not to make further edits
<Zakim> ifette, you wanted to talk about adding a use case
ifette: looking through the
use-cases, if i return to a previously visited site that's now
on a blacklist, how is that communicated?
... i'd like to see a use case on that
mez: the process for doing that is to create an issue
<tlr> ACTION: fette to supply use case on previous interaction site being blacklisted - due 2007-08-03 [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action01]
<trackbot> Sorry, couldn't find user - fette
<tlr> trackbot, reload
<tlr> ACTION: tlr to make fette supply use case on previous interaction site being blacklisted - due 2007-08-03 [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action02]
<trackbot> Created ACTION-275 - make fette supply use case on previous interaction site being blacklisted [on Thomas Roessler - due 2007-08-03].
mez: i found the pointers for the w3c documentation on the process, it was sent in email to the list
<Mez> http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jul/0310.html
mez: i'm hoping anyone concerned
has read this
... if you don't follow the process, you'll get directed
there
<Mez> http://www.w3.org/2006/WSC/drafts/rec/#favicon
mez: My proposal for coming to
consensus on the proposals is to start with the ones that are
available to the user during their primary tasks, recs that
highlight something we're doing wrong seem to be a good
start
... favicons seems like a good place to start
... we need consensus on the conformance language and a few
other things
... the conformance language defines what it means to conform
to the standard
... looking at the proposal, 2.1.4, one of them reflects tlr's
belief and the other reflects what tlr thinks is Mike
McCormick's interpretation
... anyone have questions before we get started?
... the two variants are on how we talk about where SCI is
displayed
... I like variant 1 better
... let's do a straw poll on what we think is better
... everyone give an opinion on 2.1.4.1
<Mez> I say good
<tlr> sorry
<asaldhan> I need to pass
<asaldhan> will get back
<tjh> good
I like 2.1.4.1, we may have a better chance at saying where we want to communicate trust information than what the user expects to be under the control of the user agent
<ifette> I can liv e with, prefer variant 2
<asaldhan> today I am using this complex conferencing system that I need time to figure out how to unmute
can live with, edging towards good
rachna: i can live with it
... but it's not very defined
tlr: i prefer variant 1
... i'm in the can live with part of variant 2, but strong
preference for 1
tyler: i can live with
<asaldhan> I prefer variant1
<tlr> some people were strongly objecting against variant 2 in Dublin
<Zakim> ifette, you wanted to discuss preference for 2.1.4
ifette -- could you put that in irc?
<ifette> sure
thx
tlr: the intent of variant 1 is to abstract from saying you should not put favicons where people would normally look for SCI
<ifette> My preference towards 2.1.4.2 was to protect users who are familiar with a particular browser, and have an expectation to find indicators in a specific location, I want those users to be protected if they switch to a different browser. However, if that is deemed to fall under "areas... commonly used" then I have no objection with rev. 1
tlr: i think the intent is to
address the concern you brought up
... we want to address the concern without deprecating the
favicon
<Mez> rachna, I really want to hear what you were looking for in definitions
<asaldhan> I prefer if browsers follow the same setup/lookup/location as far as security is concerned
<Mez> will you go on queue? Or I can remember to call you when it gives out (but easier for me ifyou queue up)
tyler: to tlr, one way to gain
that is to adjust user's expectations for where the favicon
should be used, so we can hold on to use
... this calls out bitmaps when it seems like we might have the
same problem with text
tlr: you're right about that, and
we don't talk about scripts either
... change to visual information
... or something along those lines
... the fundamental contract is tied to visual presentation,
the underlying is requirement is SCi should be differentiated
from content
... that point is too general to be useful
... want to keep this clear that it addresses favicons, but
there's also something more general here
mez: i like and support that temptation
rachna: to comment on tlr?
<tlr> ACTION: thomas to rewrite favicons material in light of call's discussion (try generalizing usefully) [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action03]
<trackbot> Created ACTION-276 - Rewrite favicons material in light of call\'s discussion (try generalizing usefully) [on Thomas Roessler - due 2007-08-08].
mez: you seemed to have a question about the terms used
rachna: i take my point back, is
it the user's interpretation of where trust is communicated or
ours?
... where are the areas?
... are the areas where other information appears? I don't know
what a trusted area is.
tlr: to get compliance with this we'd need user testing, i wonder if we even need to step back and say what the high level idea is, then have a longer list of techniques/approaches that cover it
<Zakim> Mez, you wanted to talk about doing user testing to comply
mez: so you think user testing is
scary, one of the things that came up at SOUPS -- will we need
to specify something about conformance for our testing in order
to get recommendations that will have a positive impact
... statements on how to do things
... having conformance language on how we're testing and
whether or not it is user testing
tlr: interesting thought.
... i'll put a note into the draft -- we aren't sure how you
would implement conformance language on this
mez: does anyone think variant 2 is stronger?
<rachna> variant 2 is at least more specific.
mez: let's say variant 2 will be removed
<tlr> RESOLUTION: variant 2 dropped. Result of straw poll: 3 good, 0 bad, 3 can live with.
mez: we have some more
conformance language on the favicon proposal under
techniques
... i'm assuming anything using must, may, should in all caps
is meaning to be conformance language
<tlr> variant 2 is section 2.1.4.2 in r1.54 of http://www.w3.org/2006/WSC/drafts/rec/Overview.html; resolution provides input to ACTION-276
mez: let's look at 2.1.5
<Zakim> ifette, you wanted to talk about favicon
ifette: question -- if the browser doesn't display the favicon in the chrome, but wants to put it in the bookmark list, does it conform?
<Zakim> tlr, you wanted to talk about compliance
<tyler> http://www.w3.org/2006/WSC/drafts/note/#misleading-bookmark
tlr: the current draft, the must
is used as a sufficient but necessary
... we should make it clear that this is one way to implement,
but not mandatory
... would be a sufficient technique
... the MUST should be MAY
tyler: we've had discussion about having the favicon in the bookmarks, in the threat tree doc, we identify getting the user to select the wrong site from bookmarks as a threat
tlr: if this happens, it seems very likely i'd fall for the phish
<ifette> ack tyler's point, but I think if you can get phishing sites into a user's bookmarks they're in trouble anways
mez: can you push a bookmark through webcontent
tley: you can prompt a dialog to get the user to click ok and create a bookmark
tlr: if an attacker can push a
bookmark, then this is an attack we might wish to deal
with
... this is a trust decision
mez: let's not lose this as a robustness practice
<Zakim> tlr, you wanted to ask about status bar?
tlr -- could you put that in irc, i missed it
<tlr> tlr: mention status bar as a place where you really don't want to have favicons?
thx
<tlr> ... could think of "cool" ui metaphors that might cause trouble ...
tlr: could also look into visual interaction, what is a useful visual separation?
mez: time for another straw poll, consensus on the language of 2.1.5?
<tlr> putting it on the record.... I would also like to hear about the "MAY" in the third one
<tlr> +1 to these two
<tjh> can live with - assuming Location Bar is defined in the glossary
<Mez> good with both
<tlr> rachna, the location bar is primary ui, the second is about secondary
<ifette> can live with
<asaldhan> live with
<rachna> ok you are right.
<Zakim> ifette, you wanted to discuss consistency issue between first two bullets re: favorite icons beinf suffixed with [FAVICON]
result of straw poll: 2 good, 0 bad, 6 can live with
mez: do we have location bar in the glossary
<tlr> ACTION: tjh to supply definition of "location par" and put it into glossary [recorded in http://www.w3.org/2007/08/01-wsc-minutes.html#action04]
<trackbot> Created ACTION-277 - Supply definition of \"location bar\" and put it into glossary [on Tim Hahn - due 2007-08-08].
<rachna> why isn't bullet one phrased the same way bullet 2 is? That is why is the Location Bar singled out from all content used to enable trust decisions.
rachna: so bullet one is about
primary ui and 2 is about secondary, why is the first only
talking about the location bar?
... just wondering if there's a reason
tlr: the assumption is the users
might be using different browsers
... first technique is still drill down the most egregious case
we can think of
... and also put a stop where secondary UI is concerned
... specify things you really don't want to do
mez: looks like consensus
<tlr> argh
tlr: have we agreed on wording on
meaning?
... i do have an action item on the wording
mez: adding definitions doesn't
change but helps the conformance language
... i think the focus of the straw poll needs to be
recorded
... i was going for the actual wording because the wording is
important in conformance
tlr: i'm going to make minor
changes
... i don't want to have every word in concrete
... there are probably changes that will be made, but the
intent won't be changed
mez: i'm happy to do straw polls on alternative things, but they need to be written down so we know what we're voting on
<tlr> PROPOSED: agree on meaning of first two techniques; editor has license to refine language
mez: i downgrade to can live
with
... i'm unclear on the meaning of doing this as a process
<tlr> RESOLUTION: so accepted
<tlr> rragent, bookmark
mez: i think that's all the
conformance language in the favicon proposal
... and we're done with the agenda items
mez: tlr wants to talk about what we'll put in the rec track document
tlr: IdentitySignal seems to
indicate trust, identity and security, we should attempt to
extract what's in EV, what's in Secure letterhead and put that
up for discussion
... i've begun the process, but i think we should try to
combine the various proposals and discuss the various
alternative
mez: we should give time for reading before we discuss
tlr: i can't have it by this week
mez: we'll discuss
identitySignal
... we'll use whatever is there Friday morning and we can pull
anything else into discussion
tlr: to prepare -- is anyone thinking of any other proposals that should be folded in with IdentitySignal
mez: send out mail, not
everyone's on the call
... maritza, rachna, who's looking at PII EditorBar
tyler: i have
questions/discussion who should I talk to about this
... i need clarification on some things, expensive by email
rachna: I'm hoping the expected user behavior will be agreed on
tlr: i'm trying to figure out if i want to start identify issues or if i should wait
tyler: i don't have a good idea of what comments you have in mind
rachna: to answer your question, no we haven't looked at what will or will not conform
tlr: you might want to and start
trimming the edges
... could also be a useful exercise for evaluation
mez: so tyler and rachna will clarify and report back
<tlr> meeting adjourned
This is scribe.perl Revision: 1.128 of Date: 2007/02/23 21:38:13 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/proposal/proposals/ Succeeded: s/ceret/cert/ Succeeded: s/out/our/ Succeeded: s/2.1.4/2.1.4.1/ Succeeded: s/the intent/tlr: the intent/ Succeeded: s/bookmakr/bookmark/ Succeeded: s/location par/location bar/ Found ScribeNick: maritzaj Inferring Scribes: maritzaj WARNING: No "Present: ... " found! Possibly Present: Bill_Doyle DanSchutzer HP Maritza_Johnson MaryEllen_Zurko PROPOSED Rachna ScribeNick Thomas Tim_Hahn aaaa aabb aacc aadd asaldhan ifette joined mez tim tjh tley tlr trackbot tyler wsc You can indicate people for the Present list like this: <dbooth> Present: dbooth jonathan mary <dbooth> Present+ amy Regrets: Johnathan_N Dan_S Chuck W Agenda: http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jul/0361.html Found Date: 1 Aug 2007 Guessing minutes URL: http://www.w3.org/2007/08/01-wsc-minutes.html People with action items: fette thomas tjh tlr[End of scribe.perl diagnostic output]