- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 10 Jan 2007 13:38:18 +0100
- To: WSC WG <public-wsc-wg@w3.org>
The minutes from our meeting on 2 January have been approved; they are available online here: http://www.w3.org/2007/01/02-wsc-minutes.html A text/plain rendering is included below the .signature. Thanks to Stephen Farrell for minuting. Regards, -- Thomas Roessler, W3C <tlr@w3.org> WSC WG Weekly 2 Jan 2007 [2]Agenda See also: [3]IRC log Attendees Present Thomas Roessler Mary Ellen Zurko Tyler Close Sunil Agrawal Hal Lockhart Yakov Sverdlov Tim Hahn Maritza Johnson Bill Doyle Phillip Hallam-Baker Rob Franco Chair Mary Ellen Zurko Scribes maritza Thomas Roessler Contents * [4]Topics 1. [5]Approve previous meeting's minutes 2. [6]close open action items 3. [7]Goals 4. [8]Non-Goals part 5. [9]AOB * [10]Summary of Action Items _________________________________________________________________ Approve previous meeting's minutes <tlr> [11]http://lists.w3.org/Archives/Member/member-wsc-wg/2006Nov/0017.html <tlr> RESOLVED: Previous meeting's minutes accepted, see [12]http://www.w3.org/2006/12/19-wsc-minutes close open action items <tlr> approved as proposed in agenda Goals <Mez> [13]http://www.w3.org/2006/WSC/wiki/GoalsNonGoals scribe: (the url where Phil drafted goals and non-goals) <Mez> [14]http://www.w3.org/2006/WSC/wiki/NoteGoals <Mez> [15]http://www.w3.org/2006/WSC/wiki/NoteNonGoals mez: does the note section include all goals and non-goals? tyler: I haven't updated it mez: let's talk about goals/non-goals, starting with the goals the Phil drafted followed by the note index goals <tlr> [16]http://www.w3.org/2006/WSC/wiki/GoalsNonGoals <tlr> [17]http://www.w3.org/2006/WSC/wiki/NoteGoals mez: anything else about the goals at this stage? tlr: the one goal I'm concerned about is the way the best practice one is phrased mez: I agree with Thomas, we haven't gotten around to it before the meeting, how do other forms of communication fit scribe: tlr asks this be put in the wiki tlr: how other forms of communication are used for security context information mez: any other commentary on goals and non-goals? <tlr> ACTION: zurko to propose re-wording of "Best Practices Recommendation for Site-to-User Communication" text in NoteGoals, post to list [recorded in [18]http://www.w3.org/2007/01/02-wsc-minutes.html#action01] <trackbot> Created ACTION-61 - Propose re-wording of \"Best Practices Recommendation for Site-to-User Communication\" text in NoteGoals, post to list [on Mary Ellen Zurko - due 2007-01-09]. hal: I posted on ACTION-56, an attempt to start a thread about a standard way of presenting the results of unspecified protocols ... I'm satisfied with the last item on this page covering what I meant by this action <tlr> I think Hal is speaking about this: [19]http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01. amer.bea.com hal: my feeling is the last item on this page is something I'd like to see in the scope, I don't think we are missing anything ... browsers may use algorithms that make use of historical information ... while we don't want to specify how they do this, we may want to say what they display given the security info they want to display action-56 [20]http://www.w3.org/2006/WSC/Group/track/actions/56 hal: there should be a standardized indicator to indicate an unstandard protocol tlr: the discussion we had last time might say people wouldn't read this ... maybe we should pull your message into the text for the particular goal mez: the note and the recommendation are two different things hal: just to clarify, we have four bullets followed by four sections, my understanding is we eventually want nothing but titles and text Action-56 will extend into a drafting of this section for the note <tlr> ACTION: hal to re-draft "Recommendation for Consistent Presentation of Security Information" to reflect discussion about [21]http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01. amer.bea.com [recorded in [22]http://www.w3.org/2007/01/02-wsc-minutes.html#action02] <trackbot> Created ACTION-62 - Re-draft \"Recommendation for Consistent Presentation of Security Information\" to reflect discussion about [23]http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01. amer.bea.com [on Hal Lockhart - due 2007-01-09]. mez: anymore commentary on the goals/non-goals ... phil can you merge the two pages on the wiki for goals/non-goals on the wiki <tlr> ACTION: Hallam-Baker to merge the Goals and Non-Goals related Wiki items into English text. [recorded in [24]http://www.w3.org/2007/01/02-wsc-minutes.html#action03] <trackbot> Created ACTION-63 - Merge the Goals and Non-Goals related Wiki items into English text. [on Phillip Hallam-Baker - due 2007-01-09]. <tlr> ACTION-56 to be closed. Non-Goals part mez suggests we continue and talk about the non-goals section mez: anyone want to add any non-goals? hal: Do we need to specifically say cryptographic algorithm? mez: algorithms can be used to combine security context info the user ... how far do you want to take the meaning of algorithm? hal: i thought there was a discussion about browsers using various history information to make decisions about pages "risk-assessment" <tlr> tlr: out of scope or non-goal? <tlr> hal: out of scope, oops tlr: is the a non-goal or is it out-of-scope? mez: out of scope phil: the thing about the non-goals, it's technically an infinite list ... i wanted to focus on things that might come up and we might want to rely on, but things we won't do ourselves mez: phil is there a place in non-goals that should point to a list of prior work phil: it's things that people might think are goals but aren't mez: really good guidance, we should stay sensitive to this ... anything else for the current version tim: I suggest we say that educating users is a non-goal ... i think that we're going to empower users but i don't think we'll be successful in saying we'll educate users or increase their level of understanding mez: i think that's a good point. At one time we had a talk about the difference between users learning and understanding things ... and it's not necessarily in our charter tlr: If this was a goal, what would we not be doing. I'm having a hard time seeing what educating users would look like as a goal mez: a pro-active campaign to educate users tim: example, we're not going to go take out ads on city busses tlr: I'm not saying we should take bus ads, but I don't think we need to say this explicitly as a non-goal tyler: does this include short tutorials to show how an anti-phishing toolbar is used tim: i agree with mez. I was trying to say that we shouldn't be construed as a group the is trying to educate the world on how to use the web securely ... I wasn't sure how to answer tyler's question, about whether we should condone or not the various help for tools ... I didn't think this group would go out and publish a user's guide for tools tyler: I just wanted to see if there was a dividing line on these two tlr: I would like to keep the note focused ... what tyler mentioned strikes me as a non-goal of our group ... maybe we shouldn't say at this point that we won't be doing outreach ... how do we distinguish outreach to users and outreach to developers phil: i agree with tlr, our results may be different than what we might expect, anti-phishing working groups have done outreach to users. If they want to promote our work and we're collaborating with them and we find ourselves with funding, then where does the line fall for what we're doing and not doing. Maybe this shouldn't be a non-goal tlr: I think we're saying this note isn't about what types of communication efforts will be made <Tyler> I like TLR's distinction of non-goals of the Recommendation versus non-goals of the group. I think the Note should contain *only* non-goals for the Recommendation <tlr> tyler, +1 mez: i expect something about user education in the design principles or assumptions section <tlr> maritza, mind minuting yourself? ;) mez asked maritza if she included anything about user education in design principles maritza: I haven't written anything specifically about user education in the design principles section, but I made a few notes about the results from previous user studies about what users do and do not know mez: so the note should only contain non-goals for the recommendation, not non-goals for the group ... that's reasonable. If anything creeps in about user education it should fall in either design principles or in assumptions tlr: something about user education would be something about how much is necessary mez: I'm still drafting the assumptions section <tlr> ACTION: zurko to make sure role of user education is addressed in assumptions section of note [recorded in [25]http://www.w3.org/2007/01/02-wsc-minutes.html#action04] <trackbot> Created ACTION-64 - Make sure role of user education is addressed in assumptions section of note [on Mary Ellen Zurko - due 2007-01-09]. mez: the only thing we have left on our agenda is the next meeting Jan 9th, two days before the drafts are due of the note sections <Zakim> Thomas, you wanted to ask about use cases mez: don't forget I've asked for examples on the wiki for our recommendation tlr: I'm wondering if we should be thinking about mapping the use-cases to the goals section. To see if the things we have in mind are captured accurately. ... just to ask what we will be doing with the use-cases tyler: should examples of spoofing be made into a use-case ... how are these normally described? <tlr> [26]http://www.w3.org/mid/08CA2245AFCF444DB3AC415E47CC40AF592896@G3W0072.ame ricas.hpqcorp.net tyler: should things that are considered attacks be use-cases ... I was going to put them in the section for note problems in the current interface tlr: I could see these as useful use-cases ... I would encourage you to write these with this is what we'd like to happen, this is what happens hal: I'd like to comment on where the use-cases fall in. We should make sure we get the obvious use cases instead of focusing on the smaller ones AOB mez: anything left in the next 5 minutes hal: I'd like to go through workshop proceedings and match these against our in scop out of scope for the recommendations <tlr> hal: would like to map proposals from workshop to scope / out-of-scope; goals / non-goals <tlr> workshop -> [27]http://www.w3.org/2005/Security/usability-ws/ hal: I'd like to consider the things people have recommended we do. I think we should say we started with this list of recomendations from other people and after clarifying our goals, we know which are applicable <tlr> ACTION-27, way overdue, hal reinforces commitment to that hal: We should clarify who will and will not attend the F2F <tlr> ACTION: Roessler to add "phone" option to registration form, and fix some responses [recorded in [28]http://www.w3.org/2007/01/02-wsc-minutes.html#action05] <trackbot> Created ACTION-65 - Add \"phone\" option to registration form, and fix some responses [on Thomas Roessler - due 2007-01-09]. hal: I'm hoping the people who fill out the form will show who will be in CA in person <tlr> ACTION-65 due on 15 Jan Summary of Action Items [NEW] ACTION: hal to re-draft "Recommendation for Consistent Presentation of Security Information" to reflect discussion about [29]http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01. amer.bea.com [recorded in [30]http://www.w3.org/2007/01/02-wsc-minutes.html#action02] [NEW] ACTION: Hallam-Baker to merge the Goals and Non-Goals related Wiki items into English text. [recorded in [31]http://www.w3.org/2007/01/02-wsc-minutes.html#action03] [NEW] ACTION: Roessler to add "phone" option to registration form, and fix some responses [recorded in [32]http://www.w3.org/2007/01/02-wsc-minutes.html#action05] [NEW] ACTION: zurko to make sure role of user education is addressed in assumptions section of note [recorded in [33]http://www.w3.org/2007/01/02-wsc-minutes.html#action04] [NEW] ACTION: zurko to propose re-wording of "Best Practices Recommendation for Site-to-User Communication" text in NoteGoals, post to list [recorded in [34]http://www.w3.org/2007/01/02-wsc-minutes.html#action01] [End of minutes] _________________________________________________________________ References 1. http://www.w3.org/ 2. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Dec/0184.html 3. http://www.w3.org/2007/01/02-wsc-irc 4. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#agenda 5. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#item01 6. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#item02 7. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#item03 8. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#item04 9. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#item05 10. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#ActionSummary 11. http://lists.w3.org/Archives/Member/member-wsc-wg/2006Nov/0017.html 12. http://www.w3.org/2006/12/19-wsc-minutes 13. http://www.w3.org/2006/WSC/wiki/GoalsNonGoals 14. http://www.w3.org/2006/WSC/wiki/NoteGoals 15. http://www.w3.org/2006/WSC/wiki/NoteNonGoals 16. http://www.w3.org/2006/WSC/wiki/GoalsNonGoals 17. http://www.w3.org/2006/WSC/wiki/NoteGoals 18. http://www.w3.org/2007/01/02-wsc-minutes.html#action01 19. http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com 20. http://www.w3.org/2006/WSC/Group/track/actions/56 21. http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com 22. http://www.w3.org/2007/01/02-wsc-minutes.html#action02 23. http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com 24. http://www.w3.org/2007/01/02-wsc-minutes.html#action03 25. http://www.w3.org/2007/01/02-wsc-minutes.html#action04 26. http://www.w3.org/mid/08CA2245AFCF444DB3AC415E47CC40AF592896@G3W0072.americas.hpqcorp.net 27. http://www.w3.org/2005/Security/usability-ws/ 28. http://www.w3.org/2007/01/02-wsc-minutes.html#action05 29. http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com 30. http://www.w3.org/2007/01/02-wsc-minutes.html#action02 31. http://www.w3.org/2007/01/02-wsc-minutes.html#action03 32. http://www.w3.org/2007/01/02-wsc-minutes.html#action05 33. http://www.w3.org/2007/01/02-wsc-minutes.html#action04 34. http://www.w3.org/2007/01/02-wsc-minutes.html#action01
Received on Wednesday, 10 January 2007 12:37:42 UTC