Agenda: WSC WG distributed meeting, Wednesday, 2008-05-21

        Web Security Context (WSC) Call Agenda

Calling information:
Wednesday, 21 May 2008
11:00 am - 12:30 pm Eastern time
http://www.w3.org/2006/WSC/Group/#meetings
http://www.w3.org/Guide/1998/08/teleconference-calendar#D20080521


Agenda

1) Pick a scribe 
http://www.w3.org/2006/WSC/Group/cheatsheet#Scribing
http://www.w3.org/2006/WSC/scribes

2) Approve minutes from meetings
http://www.w3.org/2008/05/07-wsc-minutes.html

3) Weekly completed action items
(Usually checkpointed Friday am, US East Coast time) 
[pending review] ACTION-415: Anil Saldhana to Add above text to 5.5.1 TLS 
errors - due 2008-05-08
[pending review] ACTION-417: Stephen Farrell to investigate completeness 
of error handling wrt TLS extensions - due 2008-05-15
[pending review] ACTION-422: Anil Saldhana to Incorporate Stephen's 
suggested change/clarification - due 2008-05-16
[pending review] ACTION-423: Anil Saldhana to incorporate 
DangerWillRobinson - due 2008-05-16
[pending review] ACTION-424: Anil Saldhana to Clean comments out of 
wsc-xit - due 2008-05-23
[pending review] ACTION-428: Anil Saldhana to Incorporate ISSUE-183 def to 
spec - due 2008-05-29
[pending review] ACTION-431: Mary Ellen Zurko to Draft plugin-related 
elaboration text (section 4ish?) - due 2008-05-20
[pending review] ACTION-432: Anil Saldhana to Incorporate the changed 
industry standard to practices text - due 2008-05-20
[pending review] ACTION-433: Anil Saldhana to Change 
robustness-apis-obscure-security-ui to include For visual user agents, 
browser chrome SHOULD always be present to signal security context 
information. This requirement does not apply when UI is explicitly 
dismissed by the user, e.g. by switching to full screen mode." - due 
2008-05-20
[pending review] ACTION-438: Thomas Roessler to Draft alternate text 
around requiring saved SSL state - due 2008-05-20
[pending review] ACTION-444: Thomas Roessler to Take XHR-over-https 
questions to webapi - due 2008-05-20
[pending review] ACTION-471: Thomas Roessler to Replace text in 6.1.1 and 
6.3 as drafted above. - due 2008-05-21

4) Open Action Items
http://lists.w3.org/Archives/Public/public-wsc-wg/2008May/0071.html

5) Action items closed due to inactivity 
None.

6) Agenda bashing

7)  Usability Testing 
Sketch out our UT plans
What will we test for? How will get get participants? Timeline? 
Responsibilities? 

8) Next meeting - 28 May 2008

Topics for future meetings, carried over from the Oslo agenda: 

Test development
Thomas to lead
Test plans, sites to test against, test execution, etc. 
Some amount of test planning is needed for CR entry.
Doing the testing is needed for CR exit. 

Conforming Implementations
Needed for CR exit. 
We may cover this in test development. We'll need at least two conforming 
implementations to test against. 
What's in the pipeline, what can we expect in terms of MUSTs, SHOULDs, 
etc. 
Will we have gaps? 

What else beyond June?
What, if anything, other than taking wsc-xit through LC to CR entry to CR 
exit (to recommendation) would we like to do after June? What would we be 
capable of doing? What should we, or someone like us, do? 
Some ideas: 
o Authoring best practices for (usably) secured sites. Some of the things 
we've wanted to recommend haven't been obviously in the scope of enabling 
security context information for user trust decisions. Should we ask for a 
charter clarification/change or new WG to do this? 
o Dealing with mixed content (there's some feeling that there might be 
more to do here). 
o Providing guidance or expertise to other standards efforts that touch on 
usable security. Can we provide guidance on how to deal with user 
expectations and implications when protocol security is 
designed/standardized? To do? Not to do?