- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 10 Jan 2007 13:38:18 +0100
- To: WSC WG <public-wsc-wg@w3.org>
The minutes from our meeting on 2 January have been approved; they
are available online here:
http://www.w3.org/2007/01/02-wsc-minutes.html
A text/plain rendering is included below the .signature.
Thanks to Stephen Farrell for minuting.
Regards,
--
Thomas Roessler, W3C <tlr@w3.org>
WSC WG Weekly
2 Jan 2007
[2]Agenda
See also: [3]IRC log
Attendees
Present
Thomas Roessler
Mary Ellen Zurko
Tyler Close
Sunil Agrawal
Hal Lockhart
Yakov Sverdlov
Tim Hahn
Maritza Johnson
Bill Doyle
Phillip Hallam-Baker
Rob Franco
Chair
Mary Ellen Zurko
Scribes
maritza
Thomas Roessler
Contents
* [4]Topics
1. [5]Approve previous meeting's minutes
2. [6]close open action items
3. [7]Goals
4. [8]Non-Goals part
5. [9]AOB
* [10]Summary of Action Items
_________________________________________________________________
Approve previous meeting's minutes
<tlr>
[11]http://lists.w3.org/Archives/Member/member-wsc-wg/2006Nov/0017.html
<tlr> RESOLVED: Previous meeting's minutes accepted, see
[12]http://www.w3.org/2006/12/19-wsc-minutes
close open action items
<tlr> approved as proposed in agenda
Goals
<Mez> [13]http://www.w3.org/2006/WSC/wiki/GoalsNonGoals
scribe: (the url where Phil drafted goals and non-goals)
<Mez> [14]http://www.w3.org/2006/WSC/wiki/NoteGoals
<Mez> [15]http://www.w3.org/2006/WSC/wiki/NoteNonGoals
mez: does the note section include all goals and non-goals?
tyler: I haven't updated it
mez: let's talk about goals/non-goals, starting with the goals the Phil
drafted followed by the note index goals
<tlr> [16]http://www.w3.org/2006/WSC/wiki/GoalsNonGoals
<tlr> [17]http://www.w3.org/2006/WSC/wiki/NoteGoals
mez: anything else about the goals at this stage?
tlr: the one goal I'm concerned about is the way the best practice one is
phrased
mez: I agree with Thomas, we haven't gotten around to it before the meeting,
how do other forms of communication fit
scribe: tlr asks this be put in the wiki
tlr: how other forms of communication are used for security context
information
mez: any other commentary on goals and non-goals?
<tlr> ACTION: zurko to propose re-wording of "Best Practices Recommendation
for Site-to-User Communication" text in NoteGoals, post to list [recorded in
[18]http://www.w3.org/2007/01/02-wsc-minutes.html#action01]
<trackbot> Created ACTION-61 - Propose re-wording of \"Best Practices
Recommendation for Site-to-User Communication\" text in NoteGoals, post to
list [on Mary Ellen Zurko - due 2007-01-09].
hal: I posted on ACTION-56, an attempt to start a thread about a standard
way of presenting the results of unspecified protocols
... I'm satisfied with the last item on this page covering what I meant by
this action
<tlr> I think Hal is speaking about this:
[19]http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.
amer.bea.com
hal: my feeling is the last item on this page is something I'd like to see
in the scope, I don't think we are missing anything
... browsers may use algorithms that make use of historical information
... while we don't want to specify how they do this, we may want to say what
they display given the security info they want to display
action-56 [20]http://www.w3.org/2006/WSC/Group/track/actions/56
hal: there should be a standardized indicator to indicate an unstandard
protocol
tlr: the discussion we had last time might say people wouldn't read this
... maybe we should pull your message into the text for the particular goal
mez: the note and the recommendation are two different things
hal: just to clarify, we have four bullets followed by four sections, my
understanding is we eventually want nothing but titles and text
Action-56 will extend into a drafting of this section for the note
<tlr> ACTION: hal to re-draft "Recommendation for Consistent Presentation of
Security Information" to reflect discussion about
[21]http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.
amer.bea.com [recorded in
[22]http://www.w3.org/2007/01/02-wsc-minutes.html#action02]
<trackbot> Created ACTION-62 - Re-draft \"Recommendation for Consistent
Presentation of Security Information\" to reflect discussion about
[23]http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.
amer.bea.com [on Hal Lockhart - due 2007-01-09].
mez: anymore commentary on the goals/non-goals
... phil can you merge the two pages on the wiki for goals/non-goals on the
wiki
<tlr> ACTION: Hallam-Baker to merge the Goals and Non-Goals related Wiki
items into English text. [recorded in
[24]http://www.w3.org/2007/01/02-wsc-minutes.html#action03]
<trackbot> Created ACTION-63 - Merge the Goals and Non-Goals related Wiki
items into English text. [on Phillip Hallam-Baker - due 2007-01-09].
<tlr> ACTION-56 to be closed.
Non-Goals part
mez suggests we continue and talk about the non-goals section
mez: anyone want to add any non-goals?
hal: Do we need to specifically say cryptographic algorithm?
mez: algorithms can be used to combine security context info the user
... how far do you want to take the meaning of algorithm?
hal: i thought there was a discussion about browsers using various history
information to make decisions about pages "risk-assessment"
<tlr> tlr: out of scope or non-goal?
<tlr> hal: out of scope, oops
tlr: is the a non-goal or is it out-of-scope?
mez: out of scope
phil: the thing about the non-goals, it's technically an infinite list
... i wanted to focus on things that might come up and we might want to rely
on, but things we won't do ourselves
mez: phil is there a place in non-goals that should point to a list of prior
work
phil: it's things that people might think are goals but aren't
mez: really good guidance, we should stay sensitive to this
... anything else for the current version
tim: I suggest we say that educating users is a non-goal
... i think that we're going to empower users but i don't think we'll be
successful in saying we'll educate users or increase their level of
understanding
mez: i think that's a good point. At one time we had a talk about the
difference between users learning and understanding things
... and it's not necessarily in our charter
tlr: If this was a goal, what would we not be doing. I'm having a hard time
seeing what educating users would look like as a goal
mez: a pro-active campaign to educate users
tim: example, we're not going to go take out ads on city busses
tlr: I'm not saying we should take bus ads, but I don't think we need to say
this explicitly as a non-goal
tyler: does this include short tutorials to show how an anti-phishing
toolbar is used
tim: i agree with mez. I was trying to say that we shouldn't be construed as
a group the is trying to educate the world on how to use the web securely
... I wasn't sure how to answer tyler's question, about whether we should
condone or not the various help for tools
... I didn't think this group would go out and publish a user's guide for
tools
tyler: I just wanted to see if there was a dividing line on these two
tlr: I would like to keep the note focused
... what tyler mentioned strikes me as a non-goal of our group
... maybe we shouldn't say at this point that we won't be doing outreach
... how do we distinguish outreach to users and outreach to developers
phil: i agree with tlr, our results may be different than what we might
expect, anti-phishing working groups have done outreach to users. If they
want to promote our work and we're collaborating with them and we find
ourselves with funding, then where does the line fall for what we're doing
and not doing. Maybe this shouldn't be a non-goal
tlr: I think we're saying this note isn't about what types of communication
efforts will be made
<Tyler> I like TLR's distinction of non-goals of the Recommendation versus
non-goals of the group. I think the Note should contain *only* non-goals for
the Recommendation
<tlr> tyler, +1
mez: i expect something about user education in the design principles or
assumptions section
<tlr> maritza, mind minuting yourself? ;)
mez asked maritza if she included anything about user education in design
principles
maritza: I haven't written anything specifically about user education in the
design principles section, but I made a few notes about the results from
previous user studies about what users do and do not know
mez: so the note should only contain non-goals for the recommendation, not
non-goals for the group
... that's reasonable. If anything creeps in about user education it should
fall in either design principles or in assumptions
tlr: something about user education would be something about how much is
necessary
mez: I'm still drafting the assumptions section
<tlr> ACTION: zurko to make sure role of user education is addressed in
assumptions section of note [recorded in
[25]http://www.w3.org/2007/01/02-wsc-minutes.html#action04]
<trackbot> Created ACTION-64 - Make sure role of user education is addressed
in assumptions section of note [on Mary Ellen Zurko - due 2007-01-09].
mez: the only thing we have left on our agenda is the next meeting Jan 9th,
two days before the drafts are due of the note sections
<Zakim> Thomas, you wanted to ask about use cases
mez: don't forget I've asked for examples on the wiki for our recommendation
tlr: I'm wondering if we should be thinking about mapping the use-cases to
the goals section. To see if the things we have in mind are captured
accurately.
... just to ask what we will be doing with the use-cases
tyler: should examples of spoofing be made into a use-case
... how are these normally described?
<tlr>
[26]http://www.w3.org/mid/08CA2245AFCF444DB3AC415E47CC40AF592896@G3W0072.ame
ricas.hpqcorp.net
tyler: should things that are considered attacks be use-cases
... I was going to put them in the section for note problems in the current
interface
tlr: I could see these as useful use-cases
... I would encourage you to write these with this is what we'd like to
happen, this is what happens
hal: I'd like to comment on where the use-cases fall in. We should make sure
we get the obvious use cases instead of focusing on the smaller ones
AOB
mez: anything left in the next 5 minutes
hal: I'd like to go through workshop proceedings and match these against our
in scop out of scope for the recommendations
<tlr> hal: would like to map proposals from workshop to scope /
out-of-scope; goals / non-goals
<tlr> workshop -> [27]http://www.w3.org/2005/Security/usability-ws/
hal: I'd like to consider the things people have recommended we do. I think
we should say we started with this list of recomendations from other people
and after clarifying our goals, we know which are applicable
<tlr> ACTION-27, way overdue, hal reinforces commitment to that
hal: We should clarify who will and will not attend the F2F
<tlr> ACTION: Roessler to add "phone" option to registration form, and fix
some responses [recorded in
[28]http://www.w3.org/2007/01/02-wsc-minutes.html#action05]
<trackbot> Created ACTION-65 - Add \"phone\" option to registration form,
and fix some responses [on Thomas Roessler - due 2007-01-09].
hal: I'm hoping the people who fill out the form will show who will be in CA
in person
<tlr> ACTION-65 due on 15 Jan
Summary of Action Items
[NEW] ACTION: hal to re-draft "Recommendation for Consistent Presentation of
Security Information" to reflect discussion about
[29]http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.
amer.bea.com [recorded in
[30]http://www.w3.org/2007/01/02-wsc-minutes.html#action02]
[NEW] ACTION: Hallam-Baker to merge the Goals and Non-Goals related Wiki
items into English text. [recorded in
[31]http://www.w3.org/2007/01/02-wsc-minutes.html#action03]
[NEW] ACTION: Roessler to add "phone" option to registration form, and fix
some responses [recorded in
[32]http://www.w3.org/2007/01/02-wsc-minutes.html#action05]
[NEW] ACTION: zurko to make sure role of user education is addressed in
assumptions section of note [recorded in
[33]http://www.w3.org/2007/01/02-wsc-minutes.html#action04]
[NEW] ACTION: zurko to propose re-wording of "Best Practices Recommendation
for Site-to-User Communication" text in NoteGoals, post to list [recorded in
[34]http://www.w3.org/2007/01/02-wsc-minutes.html#action01]
[End of minutes]
_________________________________________________________________
References
1. http://www.w3.org/
2. http://lists.w3.org/Archives/Public/public-wsc-wg/2006Dec/0184.html
3. http://www.w3.org/2007/01/02-wsc-irc
4. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#agenda
5. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#item01
6. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#item02
7. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#item03
8. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#item04
9. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#item05
10. file://localhost/home/roessler/W3C/WWW/2007/01/02-wsc-minutes.html#ActionSummary
11. http://lists.w3.org/Archives/Member/member-wsc-wg/2006Nov/0017.html
12. http://www.w3.org/2006/12/19-wsc-minutes
13. http://www.w3.org/2006/WSC/wiki/GoalsNonGoals
14. http://www.w3.org/2006/WSC/wiki/NoteGoals
15. http://www.w3.org/2006/WSC/wiki/NoteNonGoals
16. http://www.w3.org/2006/WSC/wiki/GoalsNonGoals
17. http://www.w3.org/2006/WSC/wiki/NoteGoals
18. http://www.w3.org/2007/01/02-wsc-minutes.html#action01
19. http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com
20. http://www.w3.org/2006/WSC/Group/track/actions/56
21. http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com
22. http://www.w3.org/2007/01/02-wsc-minutes.html#action02
23. http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com
24. http://www.w3.org/2007/01/02-wsc-minutes.html#action03
25. http://www.w3.org/2007/01/02-wsc-minutes.html#action04
26. http://www.w3.org/mid/08CA2245AFCF444DB3AC415E47CC40AF592896@G3W0072.americas.hpqcorp.net
27. http://www.w3.org/2005/Security/usability-ws/
28. http://www.w3.org/2007/01/02-wsc-minutes.html#action05
29. http://www.w3.org/mid/D0C847B2BD75414090045D8C7EA3D59402E1469E@repbex01.amer.bea.com
30. http://www.w3.org/2007/01/02-wsc-minutes.html#action02
31. http://www.w3.org/2007/01/02-wsc-minutes.html#action03
32. http://www.w3.org/2007/01/02-wsc-minutes.html#action05
33. http://www.w3.org/2007/01/02-wsc-minutes.html#action04
34. http://www.w3.org/2007/01/02-wsc-minutes.html#action01
Received on Wednesday, 10 January 2007 12:37:42 UTC