- From: Thomas Roessler <tlr@w3.org>
- Date: Fri, 6 Jun 2008 17:09:53 +0200
- To: public-wsc-wg@w3.org
Minutes from our meeting on 2008-05-21 were approved and are
available online here:
http://www.w3.org/2008/05/21-wsc-minutes.html
A text version is included below the .signature.
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
- DRAFT -
Web Security Context Working Group Teleconference
21 May 2008
[2]Agenda
See also: [3]IRC log
Attendees
Present
MaryEllen_Zurko, PHB, tyler, Bill_Doyle, Maritza_Johnson,
jvkrey, joesteele, yngve
Regrets
<everyone else>
Chair
Mez
Scribe
PHB2
Usability testing
Mez: We only got through day one of the agenda in oslo, this was all
the exit criteria for june
11:11 Mez: Should get to last call by end of june
Mez: Need to talk about run from LC to candidate rec
Mez: besides last call, have to do testing
11:12 Mez: interop testing, need to develop test plans, particularly
conformance test plans
Mez: Candidate rec entry and exit
Mez: Thomas not here today, but will try to get something done in his
absence
Mez: Conforming implementaitons
11:13 Mez: discuss conforming implementations after testing
Mez: not got right people here today
Mez: so discuss UT
11:14 Mez: what will we do on UT to get to exit?
11:16 Marizaj: Status of usability testing
Mez: no discussion at all since
Marizaj: Status unchanged since San Jose
11:17 maritzaj :
[4]http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFir
stCut
Marizaj: Have list of recomended proposals
Marizaj: Same status as last July, need to discuss what will do for
each rec
Mez: some have been lost due to last call
Mez: some have been lost before last call
11:18 [5]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html
Mez: One issue is to move section 8 to own doc which is not going to be
LC in June.
11:19 PHB: cuts out a lot of testing
Mez: Not clear that robustness needs testing
11:20 jvkrey : section 8 is moved to;
[6]http://www.w3.org/2006/WSC/drafts/wsc-content/
11:24 Mez: Not clear that the claims are expressed very well for
testing
tyler: Have to go soon, are there any hooks in the implementation that
would help with testing?
11:25 Marit: ok
11:26 Mez: OK lets start on Pet Name Tool (PNT) as a worked example
Mez :
[7]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-petnames
Maritzaj: yes
Mez: OK here it is for everyone
Mez: Other thing wanted to do our email discussion where did we leave
off?
Maritzaj: april 24th
11:27 Mez :
[8]http://lists.w3.org/Archives/Public/public-wsc-wg/2008Apr/0044.html
Mez: Do users remember enough to recognize pet names?
11:29 Maritz: Are people looking for pet names when they should be
Maritz: not nesc on NYT but certainly on BofA
ifette: what if users are presented with pet name not reasonably
theirs?
ifette: not sure what is a different aspect?
11:30 tyler: talking about picture in picture attack
11:31 PHB: need to expose risks even if there is a control
11:32 Mez: are we gonna capture all this in minutes or should we be
using the wiki?
PHB: wiki
Tyler: for pet name tool...
11:35 Test where there is gona be an unexpected result
Mez: not even enough resources for that
PHB: Categorites of test: Acceptance, communication of information,
vulnerability to impersonation or emulation
11:36 Mez: Need to provide some usability claims
PHB: extra category: does it reliably modify user behavior?
Tyler: can describe claims simply enough that they can be tested in a
very lofi way.
Mez: these are the claims I am relying on with the PNP
11:37 Maritz: recently
Tyler: yep
[will send]
11:38 ACTION: tyler to create list of usability claims and issues for
potential testing of petnames section 5.1.6
Created ACTION-476 - Create list of usability claims and issues for
potential testing of petnames section 5.1.6 [on Tyler Close - due
2008-05-28].
[9]http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#Robustness
Mez: shall we do robustness?
[We agree 'cos we do]
Created ACTION-477 - Put soaps position paper in shared bookmarks [on
Mary Ellen Zurko - due 2008-05-28].
11:44 Bill: People may ignore this information
Bill: May show picture but not the picture you are expecting
11:45 Mez: Has this feature been adequately tested?
Bill: Yep, its negative!
Zakim sees PHB on the speaker queue
Mez: Thats a web site not a user agent
Zakim sees PHB, maritzaj on the speaker queue
Bill: Principle is the same
Mez: Not clear to me that the results transfer.
11:46 Mez: going to the link right now, what parts speak to this...
Zakim sees no one on the speaker queue
11:50 Joe: Dpn't think we shouldn't have usability testing round this
but there is stuff we should look at.
PHB: so maybe arguing that this can be avoided due to triage
11:51 Joe: Is a conforming user agent implementation people can look at
called Skipper
[10]http://www.sxipper.com/
Sxipper
11:52 Joe: Can change your icon from a dog to graphic of your choice
Mez: very excited about your volunteering to bring this info together
Joe: Will do offline
11:54 ACTION: steele to pull together UT background on 7.1.1 robustness
recommendation (shared secret)
trackbot-ng noticed an ACTION. Trying to create it.
Created ACTION-478 - Pull together UT background on 7.1.1 robustness
recommendation (shared secret) [on Joe Steele - due 2008-05-28].
11:55 Mez: 7.1.2
11:56 Decided: 7.1.2 does not require usability testing
[Usability testing is not conformance testing]
Zakim sees maritzaj on the speaker queue
Mez: 7.2 you should not use a security indicator that content can mimic
11:59 Maritzaj: Some of this should also be in the separate document
about the Web site
Zakim sees no one on the speaker queue
yngve : [11]https://blog.startcom.org/?p=86
12:02 ifette apologizes but I have to drop off
12:03 Mez: Can see us doing usability testing to see if apps conform
with the second statement
Mez: if the chrome was not displayed in a manner that confuses
Mez: only way to test conformance would be to see if it could be
confused
12:04 Mez: test could be lo-fi or implementation, show user in a
session things and ask them if they were controlled or might be
spoofable.
12:06 PHB: I think it could be conformance testing rather than user
testing
12:07 PHB: if you can make the distinction clear it should not need
user testing to verify
12:08 PHB: need to be sparing with usability testing to avoid outdoing
resources
Mez: agree we will need triage
12:09 Mez: OK we could do usability testing but it is not essential for
7.2
12:10 Mez: last para, the same
Mez: not enough argument.
12:11 <- joesteele has disconnected (Quit: joesteele)
Mez: maritzaj, what are next steps
Maritzaj, go through document in order
Mez: what are the things we might go through in terms of the claims.
jvkrey thinks "not enough arguments" looks like an error message
12:12 Mez: would be useful for some person to go through and process as
will not get back to for several weeks
jvkrey - it is!
Maritzaj, could put together arguments people have made
12:13 [Mez prepares an action]
ACTION: maritza to pull together usability testing data from archives
in 2 weeks
trackbot-ng noticed an ACTION. Trying to create it.
Created ACTION-479 - Pull together usability testing data from archives
in 2 weeks [on Maritza Johnson - due 2008-05-28].
12:14 Mez: OK good start, close meeting early, see you next week
SEC_WSCWG()11:00AM has ended
Attendees were MaryEllen_Zurko, PHB, +1.650.862.aaaa, tyler,
Bill_Doyle, Maritza_Johnson, +47.23.69.aabb, jvkrey, +1.925.984.aacc,
joesteele, yngve, +1.650.214.aadd, ifettespan>
Summary of Action Items
[NEW] ACTION: Created ACTION-476 - Create list of usability claims and
issues for potential testing of petnames section 5.1.6 [on Tyler Close
- due 2008-05-28].
[NEW] ACTION:Created ACTION-477 - Put soaps position paper in shared
bookmarks [on Mary Ellen Zurko - due 2008-05-28].
[NEW] ACTION:Created ACTION-478 - Pull together UT background on 7.1.1
robustness recommendation (shared secret) [on Joe Steele - due
2008-05-28].
[NEW] ACTION: Created ACTION-479 - Pull together usability testing data
from archives in 2 weeks [on Maritza Johnson - due 2008-05-28].
[End of minutes]
__________________________________________________________________
Minutes formatted by hand
References
1. http://www.w3.org/
2. http://lists.w3.org/Archives/Public/public-wsc-wg/2008Apr/0028.html
3. http://www.w3.org/2008/04/16-wsc-irc
4. http://www.w3.org/2006/WSC/wiki/RecommendationUsabilityEvaluationFirstCut
5. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html
6. http://www.w3.org/2006/WSC/drafts/wsc-content/
7. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-petnames
8. http://lists.w3.org/Archives/Public/public-wsc-wg/2008Apr/0044.html
9. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#Robustness
10. http://www.sxipper.com/
11. https://blog.startcom.org/?p=86
--
Thomas Roessler, W3C <tlr@w3.org>
Received on Friday, 6 June 2008 15:10:38 UTC