Meeting record: WSC WG weekly 2008-08-13

Minutes from our meeting on 2008-08-13 were approved and are
available online here:

   http://www.w3.org/2008/08/13-wsc-minutes.html

A text version is included below the .signature.

-- 
Thomas Roessler, W3C  <tlr@w3.org>




   [1]W3C

               Web Security Context Working Group Teleconference
                                  13 Aug 2008

   See also: [2]IRC log

Attendees

   Present
          Mary Ellen Zurko, Tyler Close, Johnathan Nightingale, Ian Fette,
          Jan Vidar Krey, Thomas Roessler, Bill Doyle

   Regrets
          Yngve Pettersen

   Chair
          Mary Ellen Zurko

   Scribe
          Jan Vidar Krey

Contents

     * [3]Topics
         1. [4]Approve minutes from previous meeting
         2. [5]Open action items
         3. [6]Agenda bashing
         4. [7]Testing for candidate recomendation
         5. [8]next meeting
         6. [9]anything else on anything else?
     * [10]Summary of Action Items
     __________________________________________________________________

Approve minutes from previous meeting

   <Mez> [11]http://www.w3.org/2008/08/06-wsc-minutes.html

   Mez: approved.

Open action items

   <Mez> [12]http://www.w3.org/2006/WSC/track/actions/open

   Mez: no issues needs to be resolved in meetings.

Agenda bashing

   Mez: next week I'd like to dive in on features at risk

Testing for candidate recomendation

   Mez: tests needed, how to test, mechanical parts of the standards

   tlr: we have tables of must/should. Go through that table and come up
   with scenarios that test these options
   ... write scenarios, expected behavior, create environment
   ... this approach will mostly work for section 5 and 6 in the doc.
   ... section 7 (esp. 7.4) might need to create scenarios that test
   deprecated behavior

   Mez: any examples from other working groups?

   tlr: (points to www.w3.org/TR)
   ... clause, example, behaviour description (pass/fail),
   expected/unexpected result.
   ... a table, implementation vs test case

   <tlr> [13]http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html

   <tlr> [14]http://www.w3.org/2007/xmlsec/interop/xmldsig/report.html

   ifette: for any test case, we should release a test case file, instead
   of description of testcases
   ... for instance a webserver configuration file

   <tlr> +100 to ifette

   Mez: for creating infrastructure, what kind of restrictions do we have?

   tlr: do not want to pinpoint any particular (bank) site as a bad
   example -- bad marketing
   ... the more concrete, for instance create a shell script which can
   generate certificate examples, fake CAs
   ... some questions remains for how to install fake CA certs in browsers

   <tlr> ACTION: mez to inquire phb about ev cert for test environment
   [recorded in
   [15]http://www.w3.org/2008/08/13-wsc-minutes.html#action01]

   <trackbot> Created ACTION-500 - Inquire phb about ev cert for test
   environment [on Mary Ellen Zurko - due 2008-08-20].

   ifette: adding an EV cert to a browser is user agent dependent.

   johnath: might be problems creating a EV cert that would work on all
   browsers, but we should not depend on it.

   Mez: no test infrastructure in cabforum, or others?

   johnath: we can use debug builds to test, which can be used for certain
   edge cases and not intended for public use.

   <tlr> (and actually, same question to jvkrey)

   tlr: what kind of things exist in your (mozilla/opera) test
   infrastrucure, could we use?

   johnath: alot of things can be used with firefox, but do not know how
   it will work for other browsers.

   tlr: what do you have on the server side?
   ... more work for us to come up with something, or can Mozilla/Opera
   contribute with server side test cases?

   johnath: i have no problem giving access to our tools, but our tools
   are built for mozilla products/environment

   <tlr> (it might turn out that we're easier off *specifying* the tests,
   possibly the clients, and leaving it to the individual browser vendors
   to implement them in their respective frameworks)

   tlr: i would be inclined to take a look at the test specification, then
   include for instance an apache configuration file.
   ... in certain specs we have had anonymous test results. Implementation
   A, pass/fail. etc.

   Mez: Reviewing browser APIs, to check if robustness criterias are
   adhered to. Any specific place to go to find this?

   johnath: One example, for resizing a window to larger than the screen
   or moving off screen, the implementation will not do it. We have unit
   tests for these kind of things.

   ifette: no guarantee that a brower do not have an exotic API for doing
   something in a non-standard way.

   tlr: there are apis like open window with coordinates, a test could
   look like: click button -> open window at coordinate (10000,10000) ->
   check if the window was opened on screen.

   ifette: needs to try different coordinates.

   tlr: exercice known APIs.
   ... Add a checkbox; are there other ways to create the same behavior?

   Mez: for other tests, could there be a browser representative that
   could take care of this?

   johnath: yes, I can answer them for Mozilla, of course there might be
   bugs.

   Mez: Write up scenarios during meetings.
   ... doesn't look like Mozilla/Opera have scenarios already written up
   for immediate testing.
   ... we could try to create a scenario today.

   tlr: looks like it is easier to distribute work so that people can
   write a test or two off-line.

   Mez: experience tells me people don't do it off-line.
   ... what would be the first action item?

   <Mez> [16]http://www.w3.org/2006/WSC/wiki/FeaturesAtRisk

   tlr: 6.1.1 and 6.1.2 will be good starting points for testing, these
   are simple testcases, then we can go for the more complex ones later.

   Mez: what's the next step?

   tlr: Any volunteers?

next meeting

   Mez: we could target next week's meeting for 6.1.1 or features at risk.
   ... there are outstanding issues on the table, we could target 6.1.1

   tlr: expect 6.1.2 to be closely related to 6.1.1

   Mez: will send e-mail, if someone picks it up that's great, otherwise
   target it for next week's meeting.

anything else on anything else?

   tlr: reviewing content altering proxies for mobiles. Especially if a
   proxy serves https content as http.

   <tlr>
   [17]http://www.w3.org/mid/OF6A396D5B.C319E834-ON8525749C.0041C8D5-85257
   49C.0041D63D@LocalDomain

   <Mez>
   [18]http://lists.w3.org/Archives/Public/public-wsc-wg/2008Aug/0003.html

Summary of Action Items

   [NEW] ACTION: mez to inquire phb about ev cert for test environment
   [recorded in
   [19]http://www.w3.org/2008/08/13-wsc-minutes.html#action01]

   [End of minutes]
     __________________________________________________________________


    Minutes formatted by David Booth's [20]scribe.perl version 1.133
    ([21]CVS log)
    $Date: 2008/08/20 15:06:37 $

References

   1. http://www.w3.org/
   2. http://www.w3.org/2008/08/13-wsc-irc
   3. http://www.w3.org/2008/08/13-wsc-minutes.html#agenda
   4. http://www.w3.org/2008/08/13-wsc-minutes.html#item01
   5. http://www.w3.org/2008/08/13-wsc-minutes.html#item02
   6. http://www.w3.org/2008/08/13-wsc-minutes.html#item03
   7. http://www.w3.org/2008/08/13-wsc-minutes.html#item04
   8. http://www.w3.org/2008/08/13-wsc-minutes.html#item05
   9. http://www.w3.org/2008/08/13-wsc-minutes.html#item06
  10. http://www.w3.org/2008/08/13-wsc-minutes.html#ActionSummary
  11. http://www.w3.org/2008/08/06-wsc-minutes.html
  12. http://www.w3.org/2006/WSC/track/actions/open
  13. http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html
  14. http://www.w3.org/2007/xmlsec/interop/xmldsig/report.html
  15. http://www.w3.org/2008/08/13-wsc-minutes.html#action01
  16. http://www.w3.org/2006/WSC/wiki/FeaturesAtRisk
  17. http://www.w3.org/mid/OF6A396D5B.C319E834-ON8525749C.0041C8D5-8525749C.0041D63D@LocalDomain
  18. http://lists.w3.org/Archives/Public/public-wsc-wg/2008Aug/0003.html
  19. http://www.w3.org/2008/08/13-wsc-minutes.html#action01
  20. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
  21. http://dev.w3.org/cvsweb/2002/scribe/

-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Wednesday, 20 August 2008 15:08:20 UTC