Updated schedule for today (day 2 of our 2nd f2f) from Mary Ellen Zurko on 2007-01-31 (public-wsc-wg@w3.org from January 2007)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Wed, 31 Jan 2007 08:26:01 -0500
To: public-wsc-wg@w3.org
Message-ID: <OFB3FDBE6F.872D3820-ON85257274.0049C05D-85257274.0049CADA@LocalDomain>

Wednesday, 2007-01-31 - Chair, Mary Ellen Zurko 

Breakfast (8:30) 

7. Agenda bashing (9:00)

8. Best of breed Mozilla extensions for displaying security context 
information (9:15)
Presentation led by Mike B 
Will include Beltzner's Suggested Do's And Don't From Being a Brower UI 
Guy 

9. UI for cardspace ? Rob (10:15)

Break (10:30)

10. Safe Browsing Mode (11:00)
led by Bob P
What it would mean, how it would work, etc. 

11. Continue discussion of Process (section 9)

11a. Continue discussion of 9.1, Design Principles, picking up at 9.1.6 
(11:30)
Maritza leads
Check against wiki source:
http://www.w3.org/2006/WSC/wiki/NoteDesignPrinciples

Lunch (12:00)

11b. Section 9.2 ? Learning from past efforts (13:00)
Tyler ? what is the wiki source for this one? 

11c. Section 9.3 ? Implementation and testing (13:30)
Check against wiki source:
http://www.w3.org/2006/WSC/wiki/NoteAssumptions
http://www.w3.org/2006/WSC/wiki/NoteUserTestVerification

12. WG schedule redux (14:15)

Break (14:30)

13. Recommendation 1 discussions

Editors are needed

13a. Minimal set of security context information (15:00)

The description of our first recommendation begins with:
A W3C Recommendation that specifies a minimal set of security context 
information to be made accessible to users, and best practices for the 
usable presentation of this information 

We'll discuss what that means and brainstorm on what that minimal set 
might be. The minimal set can be targeted at the combination of web user 
agents, web application authoring, and web server deployment guidelines. 

Possible team exercise ? assign use cases, list the items in Available 
Security Information (section 7) needed for each one


13b. Recommendation 2 discussions (16:00)

The description of our second recommendation begins:
a W3C Recommendation that specifies techniques that render the 
presentation of security context information more robust against spoofing 
attacks. The Group expects to establish two levels of conformance to these 
techniques: required and recommended. 

Draft categories for security context information robustness:
o Limitations on scripting capabilities 
o Shared and protected "secrets" - both cryptographic and human (i.e. 
personalization) 
.. and protection of those secrets 
o Trusted path between web user agent and user 
o Safe mode browsing (restrictions on allowed browsing activity based on 
one or more levels of security context required)


11. Wrapup (17:00)
Any follow up action items, decisions on editor(s) of the 
recommendation(s), next face to face scheduling, FSTC annual conference 


Recess (17:30)

Received on Wednesday, 31 January 2007 13:26:11 UTC