- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 20 Aug 2008 17:07:44 +0200
- To: public-wsc-wg@w3.org
Minutes from our meeting on 2008-08-13 were approved and are available online here: http://www.w3.org/2008/08/13-wsc-minutes.html A text version is included below the .signature. -- Thomas Roessler, W3C <tlr@w3.org> [1]W3C Web Security Context Working Group Teleconference 13 Aug 2008 See also: [2]IRC log Attendees Present Mary Ellen Zurko, Tyler Close, Johnathan Nightingale, Ian Fette, Jan Vidar Krey, Thomas Roessler, Bill Doyle Regrets Yngve Pettersen Chair Mary Ellen Zurko Scribe Jan Vidar Krey Contents * [3]Topics 1. [4]Approve minutes from previous meeting 2. [5]Open action items 3. [6]Agenda bashing 4. [7]Testing for candidate recomendation 5. [8]next meeting 6. [9]anything else on anything else? * [10]Summary of Action Items __________________________________________________________________ Approve minutes from previous meeting <Mez> [11]http://www.w3.org/2008/08/06-wsc-minutes.html Mez: approved. Open action items <Mez> [12]http://www.w3.org/2006/WSC/track/actions/open Mez: no issues needs to be resolved in meetings. Agenda bashing Mez: next week I'd like to dive in on features at risk Testing for candidate recomendation Mez: tests needed, how to test, mechanical parts of the standards tlr: we have tables of must/should. Go through that table and come up with scenarios that test these options ... write scenarios, expected behavior, create environment ... this approach will mostly work for section 5 and 6 in the doc. ... section 7 (esp. 7.4) might need to create scenarios that test deprecated behavior Mez: any examples from other working groups? tlr: (points to www.w3.org/TR) ... clause, example, behaviour description (pass/fail), expected/unexpected result. ... a table, implementation vs test case <tlr> [13]http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html <tlr> [14]http://www.w3.org/2007/xmlsec/interop/xmldsig/report.html ifette: for any test case, we should release a test case file, instead of description of testcases ... for instance a webserver configuration file <tlr> +100 to ifette Mez: for creating infrastructure, what kind of restrictions do we have? tlr: do not want to pinpoint any particular (bank) site as a bad example -- bad marketing ... the more concrete, for instance create a shell script which can generate certificate examples, fake CAs ... some questions remains for how to install fake CA certs in browsers <tlr> ACTION: mez to inquire phb about ev cert for test environment [recorded in [15]http://www.w3.org/2008/08/13-wsc-minutes.html#action01] <trackbot> Created ACTION-500 - Inquire phb about ev cert for test environment [on Mary Ellen Zurko - due 2008-08-20]. ifette: adding an EV cert to a browser is user agent dependent. johnath: might be problems creating a EV cert that would work on all browsers, but we should not depend on it. Mez: no test infrastructure in cabforum, or others? johnath: we can use debug builds to test, which can be used for certain edge cases and not intended for public use. <tlr> (and actually, same question to jvkrey) tlr: what kind of things exist in your (mozilla/opera) test infrastrucure, could we use? johnath: alot of things can be used with firefox, but do not know how it will work for other browsers. tlr: what do you have on the server side? ... more work for us to come up with something, or can Mozilla/Opera contribute with server side test cases? johnath: i have no problem giving access to our tools, but our tools are built for mozilla products/environment <tlr> (it might turn out that we're easier off *specifying* the tests, possibly the clients, and leaving it to the individual browser vendors to implement them in their respective frameworks) tlr: i would be inclined to take a look at the test specification, then include for instance an apache configuration file. ... in certain specs we have had anonymous test results. Implementation A, pass/fail. etc. Mez: Reviewing browser APIs, to check if robustness criterias are adhered to. Any specific place to go to find this? johnath: One example, for resizing a window to larger than the screen or moving off screen, the implementation will not do it. We have unit tests for these kind of things. ifette: no guarantee that a brower do not have an exotic API for doing something in a non-standard way. tlr: there are apis like open window with coordinates, a test could look like: click button -> open window at coordinate (10000,10000) -> check if the window was opened on screen. ifette: needs to try different coordinates. tlr: exercice known APIs. ... Add a checkbox; are there other ways to create the same behavior? Mez: for other tests, could there be a browser representative that could take care of this? johnath: yes, I can answer them for Mozilla, of course there might be bugs. Mez: Write up scenarios during meetings. ... doesn't look like Mozilla/Opera have scenarios already written up for immediate testing. ... we could try to create a scenario today. tlr: looks like it is easier to distribute work so that people can write a test or two off-line. Mez: experience tells me people don't do it off-line. ... what would be the first action item? <Mez> [16]http://www.w3.org/2006/WSC/wiki/FeaturesAtRisk tlr: 6.1.1 and 6.1.2 will be good starting points for testing, these are simple testcases, then we can go for the more complex ones later. Mez: what's the next step? tlr: Any volunteers? next meeting Mez: we could target next week's meeting for 6.1.1 or features at risk. ... there are outstanding issues on the table, we could target 6.1.1 tlr: expect 6.1.2 to be closely related to 6.1.1 Mez: will send e-mail, if someone picks it up that's great, otherwise target it for next week's meeting. anything else on anything else? tlr: reviewing content altering proxies for mobiles. Especially if a proxy serves https content as http. <tlr> [17]http://www.w3.org/mid/OF6A396D5B.C319E834-ON8525749C.0041C8D5-85257 49C.0041D63D@LocalDomain <Mez> [18]http://lists.w3.org/Archives/Public/public-wsc-wg/2008Aug/0003.html Summary of Action Items [NEW] ACTION: mez to inquire phb about ev cert for test environment [recorded in [19]http://www.w3.org/2008/08/13-wsc-minutes.html#action01] [End of minutes] __________________________________________________________________ Minutes formatted by David Booth's [20]scribe.perl version 1.133 ([21]CVS log) $Date: 2008/08/20 15:06:37 $ References 1. http://www.w3.org/ 2. http://www.w3.org/2008/08/13-wsc-irc 3. http://www.w3.org/2008/08/13-wsc-minutes.html#agenda 4. http://www.w3.org/2008/08/13-wsc-minutes.html#item01 5. http://www.w3.org/2008/08/13-wsc-minutes.html#item02 6. http://www.w3.org/2008/08/13-wsc-minutes.html#item03 7. http://www.w3.org/2008/08/13-wsc-minutes.html#item04 8. http://www.w3.org/2008/08/13-wsc-minutes.html#item05 9. http://www.w3.org/2008/08/13-wsc-minutes.html#item06 10. http://www.w3.org/2008/08/13-wsc-minutes.html#ActionSummary 11. http://www.w3.org/2008/08/06-wsc-minutes.html 12. http://www.w3.org/2006/WSC/track/actions/open 13. http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html 14. http://www.w3.org/2007/xmlsec/interop/xmldsig/report.html 15. http://www.w3.org/2008/08/13-wsc-minutes.html#action01 16. http://www.w3.org/2006/WSC/wiki/FeaturesAtRisk 17. http://www.w3.org/mid/OF6A396D5B.C319E834-ON8525749C.0041C8D5-8525749C.0041D63D@LocalDomain 18. http://lists.w3.org/Archives/Public/public-wsc-wg/2008Aug/0003.html 19. http://www.w3.org/2008/08/13-wsc-minutes.html#action01 20. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm 21. http://dev.w3.org/cvsweb/2002/scribe/ -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 20 August 2008 15:08:20 UTC