- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 2 Jan 2007 18:50:49 +0100
- To: public-wsc-wg@w3.org
The minutes from our meeting on 19 December have been approved; they
are available online here:
http://www.w3.org/2006/12/19-wsc-minutes
A text/plain rendering is included below the .signature.
Thanks to Mike Beltzner for scribing.
I've taken the liberty to make an editorial change between the
minutes' approval and their publication, by adding a link to the
agenda.
Regards,
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
WSCWG weekly
19 Dec 2006
See also: [2]IRC log; [3]agenda
Attendees
Present
Thomas Roessler
Geoerge Staikos
Mike Beltzner
Mary Ellen Zurko
Tyler Close
Bill Doyle
Stephen Farrell
Hal Lockhart
Phillip Hallam-Baker
Mike McCormick
Tim Hahn
Paul Hill
Tony Nadalin
Chair
Mary Ellen Zurko
Scribes
beltzner
Thomas Roessler
Contents
* [4]Topics
1. [5]approve minutes from last meeting;
http://www.w3.org/2006/12/12-wsc-minutes
2. [6]Scope discussion
* [7]Summary of Action Items
_________________________________________________________________
approve minutes from last meeting; [8]http://www.w3.org/2006/12/12-wsc-minutes
mez: completes first agenda item
<tlr> RESOLVED: minutes accepted
mez: completes second agenda item, approves minutes
Scope discussion
mez: let's start talking through OutOfScope
... (starts walking through the list at
[9]http://www.w3.org/2006/WSC/wiki/NoteOutOfScope)
... "Non Web User Agents" is still definited somewhat generically ...
... the protocol point is one that's come up a lot ...
... what we should have are examples on "are web protocols" and "aren't web
protocols" ...
... second item: "Email Processing", specifically email client apps and
back-end email protocols
... including SMTP which is a non-web protocol example
... discussed on email what to do when there's a web agent that has an email
protocol, good coverage on that exists. Web agents dealing with non-web
protocols need to display a consistent security context in their interface.
... next, "assume that foundation of the computing base is trusted"
... finally, "future looking web protocol/agent use cases" basically says
that we're not psychic
stephenF: do we need a bullet about web-user agents that are headless or not
being used by users but instead by servers?
Mez: +1
... action assigned!
stephenF: I'll take the action to craft that language and bullet point
<trackbot> Created ACTION-51 - Draft \"out-of-scope\" text for proxies etc
that do not involve human interaction [on Stephen Farrell - due 2006-12-26].
hal: should we include snail mail in this somehow, or otherwise capture the
fact that phishing has tendrils into "real-world" effects
Mez: we'd need an example showing that it should be in scope
hal: right, I'm saying it should be out of scope
Paul: I believe that people are looking for best practises
<beltzner> drafted text in response to ACTION-42 on site-to-user
communication ...
<beltzner> ... that could involve snail mail ...
<beltzner> ... easy to imagine that to be phishing attack ...
tlr: my take is that what beltzner described is a best practise on the "user
interaction" between business/site and the end user; not sure to what extent
that should be our focus
... we should talk about the ways to talk about this experience, not the
specific mediums
beltzner: so you're talking about going medium independent?
Paul: yeah, sometimes you see statements that "we never ask for {whatever}",
and if those are valid anti-phishing techniques we should probably describe
those
Mez: I'd like to ensure that we not consider every aspect of the use case
scenarios as in scope
<tlr> I'm not getting the proposal.
tjh: much of this may rely on a person/entity realizing that they can't
trust just what they see from one location
... ... and they'll have to ask some independent entity to corroborate
beltzner: are you talking OpenID/cardspace?
tjh: I'm not trying to! ...
... if I go to a site, look at a zip file, look at the MD5 sum, that may or
may not still be correct, because they could generate their own
tjh: ... but if I go to some other independent site and corroborate, that
has a better value statement
... as long as I know they're independent
Mez: I think I've been using "authority" to convey overtones that aren't
covered by your suggestion
<trackbot> Created ACTION-52 - Propose text on how corroboration with
independent sites should be scoped [on Tim Hahn - due 2006-12-26].
tlr: getting back to email/speaking about security scenario, I think there
is a line between describing business practises (which is out of scope) and
saying how security context should be communicated when users are trained
about it
... ... I got concerned when I heard hal saying that if business practises
are anti-phishing practises we need to make recommendations
Mez: the part of that which is in our scope is saying what can be done
robustly and understandably
tlr: we want to say "what you can't tell people about their web environment
'cause it's just not true"
Mez: right, because it muddies the usability of what can or can't be done
billd: if we can't make a clear distinction about risk, does the scenario
fall out of scope?
Mez: because {muddled} context for the user, I'm not sure; was there
something in particular?
billd: some situations are clear (PKI, username/pwd, URL) when there is
information to build on, but should we be carrying scenarios when we don't
really have any information and just have business practises or "other
things" to go on
Mez: so if there's no security context information then it does feel like
whatever other recommendations we make would be out of scope, yes
billd: yes, yes
... just trying to determine what happens when a user knows that a site is
shady, but doesn't care, do we get in the way?
... trying to express things in term of risk to the user
Mez: you might be moving on to the next item, which is content blocking
billd: right, but even in declaring that as out-of-scope, is there something
we can say about it being out of scope (???)
Mez: we've had discussions about this on email, like what to do / how to
present "there's no security context" to users
... so I don't think null-set security context is out of scope
tlr: getting back to email exchange from a week ago, there is a situation
where we might say "giving users an override" isn't going to do them any
good
... ... as currently phrased, I'm not sure that the content blocking section
of OutOfScope doesn't pre-judge that
stephenF: about browser history, is there an assumption that the only
history that's available is the history that's stored locally; there could
be other browser history information that could be saved to improve security
context detection
Mez: yes, flushing history will be taken into account
stephenF: right, but I was thinking that even flushing history could contain
hash chains that we could use for security context
Tyler: I added the Content Blocking section to out of scope ...
... ... am I supposed to take it out?
Mez: no, I wouldn't
Tyler: should I take an action to fix the phrasing?
Mez: it was thomas who raised the point ...
tlr: so, I'm picturing man in the middle attacks, where we have good data
that users just click-through the warning dialogs
... that would be a situation in which _not_ giving the user an override
could be the right thing from a security perspective
Mez: I see that example, but I don't know if that's covered by our charter
tlr: from my perspective, in that use cas eI just described, I see two
questions ...
... .. 1) if there's something the browser knows that there's something it
could present to the user, and that's in scope ..
... .. 2) what do we provide if there isn't anything useful to present to
the user, when we know they won't be able to really understand it or the
browser can't really help ... in those cases, we might need to require a
hard-fail
Mez: so tie that to the charter
tlr: so the charter can't force a conclusion that is ultimately emperical;
if that's what our context tells us, we ought to be able to make that user
decision for them
... ... I wouldn't want a scope note to ultimately inhibiting this kind of
statement
billd: in that case you can present the fact that there is security context,
there is a risk, and the user can move forward
tlr: going back to the scoping text ...
... ... the conclusion that I see drawn from our charter and this scoping
note is that "we must never remove an override"
... ... and I don't think we've actually drawn that conclusion. have we?
Tyler: I think I agree with tlr, but also that our charter lacks clarity
here
... ... but browser vendors have agreed that blocking content makes the
browser seem broken
beltzner: I think this group can recommend that content be blocked outright,
but it will be up to the browser vendors to enforce that as a group
staikos: was gonna say the same thing
Mez: so it sounds like content blocking should be in scope? anyone disagree?
<Nadalin> I think that there are different levels of content blocking, some
may be out of scope
billd: it gets back to risk vs. no risk, and how we should act appropriately
in those situations
tony: we need to be careful to make sure it doesn't come down to describing
what content should and shouldn't be blocked
tlr: agrees with recent discussion
... content blocking should be available as a result of the security
prodigal failing
... content filtering should be available as a reaction to the security
context that is available
... when we get to interaction/usability issues, the content blocking issue
might resolve itself
Tyler: I think we can rename content blocking to connection blocking and
move that to in-scope
... like turning off SSL1/2 would be inscope, but blocking content over
supported protocols would be out of scope
<stephenF> connection not so good a term if working via proxy
tony: I worry that people might interpret that as refusing that connection
without looking at the content
hal: I was going to agree with Thomas, for today it's sufficient to say that
it's not out of scope, and we should figure it out as we go along since
today it will be hard to get consensus without thinking more deeply about
the use cases
<stephenF> +1 to hal, tlr
<trackbot> Created ACTION-53 - Edit out content blocking part [on Hal
Lockhart - due 2006-12-26].
Mez: volunteers Hal to take an action
tony: I do worry that removing this from out-of-scope opens us to
"specification creep" and nobody likes bloated specs (except the '70s)
Mez: that sounds like you're volunteering to re-write it
tlr: can you give an example of the direction you don't want things to creep
in
tony: *ponders*
Mez: let's give tony some time, so let's assign him a follow-up action as an
early christmas gift
tjh: I agree that we're struggling with the inscope/outofscope with content
blocking, and I observe that filtering/blocking is an action someone can
take as opposed to something you can watch/analyse or think about
Tyler: I want to go back to the suggestion of rephrasing as connection
blocking, since most objections seem to be about content based detection
... ... connection blocking based on outdated protocols should be in scope,
content based blocking might be harder to scope.
tjh: I was satisfied with the resolution to keep the section and simply
narrow it to reduce the amount of out of scopiness
tlr: we should stop ratholing here, and stop ruling things out of scope when
we don't even have an example
tjh: I don't think that out of scope and in scope need to be exhaustive
Mez: tony will re-write content blocking section or present himself for
group-wide shaming
<trackbot> Created ACTION-54 - Write concrete \"content blocking out of
scope\" section, or to declare defeat [on Anthony Nadalin - due 2006-12-26].
Mez: (reviews meeting to make sure nobody's unhappy)
Tyler: in content based detection, we decided we weren't making
recommendations, but rfranco said that they're going to continue doing that,
and so I was wondering if we should standardize a recommended presentation
Mez: I believe email discussion led us to believe that would be in scope
tlr: so the takeaway was ways to display were in scope, ways to detect out
of scope
... but, I'm on queue for illustrating the redundancy in outofscope with the
last section beltzner added
Mez: you just took an action, and you don't even know it!
tlr: sigh, I guess I did
<trackbot> Created ACTION-55 - Merge the TCB-related points [on Tyler Close
- due 2006-12-26].
tlr: *parries, gives action to tyler instead*
Tyler: wanted to point out that presentation of the results of content based
detection -- I'm against that if we don't know what the algorithm is
<stephenF> +1 to tyler, can't see how we can do it
Tyler: ... I also think content based detection isn't a good thing to do, as
I pointed out in email.
Mez: we should discuss further on the list
<trackbot> Created ACTION-56 - Drive discussion on presentation of
content-based filtering on list, draft text [on Hal Lockhart - due
2006-12-26].
Mez: next meeting: we'll talk about goals, start parceling out empty
sections of notes, learn about love and life through the lessons of a
friendly dog who can just never settle down ...
... you'll want to volunteer for sections you want to write about since
otherwise you'll get assigned one you don't want.
<trackbot> Created ACTION-57 - Maintain volunteer list in NoteIndex in the
wiki. [on Mary Ellen Zurko - due 2006-12-26].
Summary of Action Items
[NEW] ACTION: Farrell to draft "out-of-scope" text for proxies etc that do
not involve human interaction [recorded in
[10]http://www.w3.org/2006/12/19-wsc-minutes.html#action01]
[NEW] ACTION: Hahn to propose text on how corroboration with independent
sites should be scoped [recorded in
[11]http://www.w3.org/2006/12/19-wsc-minutes.html#action03]
[NEW] ACTION: hal to drive discussion on presentation of content-based
filtering on list, draft text [recorded in
[12]http://www.w3.org/2006/12/19-wsc-minutes.html#action07]
[NEW] ACTION: hal to edit out content blocking part [recorded in
[13]http://www.w3.org/2006/12/19-wsc-minutes.html#action04]
[NEW] ACTION: Nadalin to write concrete "content blocking out of scope"
section, or to declare defeat [recorded in
[14]http://www.w3.org/2006/12/19-wsc-minutes.html#action05]
[NEW] ACTION: tjh to describe how corroboration with independent sites
should be scoped [recorded in
[15]http://www.w3.org/2006/12/19-wsc-minutes.html#action02]
[NEW] ACTION: Tyler to merge the TCB-related points [recorded in
[16]http://www.w3.org/2006/12/19-wsc-minutes.html#action06]
[NEW] ACTION: zurko to maintain volunteer list in NoteIndex in the wiki.
[recorded in [17]http://www.w3.org/2006/12/19-wsc-minutes.html#action08]
[End of minutes]
_________________________________________________________________
References
1. http://www.w3.org/
2. http://www.w3.org/2006/12/19-wsc-irc
3. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Dec/0127.html
4. file://localhost/home/roessler/W3C/WWW/2006/12/19-wsc-minutes.html#agenda
5. file://localhost/home/roessler/W3C/WWW/2006/12/19-wsc-minutes.html#item01
6. file://localhost/home/roessler/W3C/WWW/2006/12/19-wsc-minutes.html#item02
7. file://localhost/home/roessler/W3C/WWW/2006/12/19-wsc-minutes.html#ActionSummary
8. http://www.w3.org/2006/12/12-wsc-minutes
9. http://www.w3.org/2006/WSC/wiki/NoteOutOfScope)
10. http://www.w3.org/2006/12/19-wsc-minutes.html#action01
11. http://www.w3.org/2006/12/19-wsc-minutes.html#action03
12. http://www.w3.org/2006/12/19-wsc-minutes.html#action07
13. http://www.w3.org/2006/12/19-wsc-minutes.html#action04
14. http://www.w3.org/2006/12/19-wsc-minutes.html#action05
15. http://www.w3.org/2006/12/19-wsc-minutes.html#action02
16. http://www.w3.org/2006/12/19-wsc-minutes.html#action06
17. http://www.w3.org/2006/12/19-wsc-minutes.html#action08
Received on Tuesday, 2 January 2007 17:50:04 UTC