Meeting record: WSC WG weekly 2008-08-20 from Thomas Roessler on 2008-09-03 (public-wsc-wg@w3.org from September 2008)

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 3 Sep 2008 18:25:07 +0200
To: WSC WG <public-wsc-wg@w3.org>
Message-ID: <20080903162507.GA30873@iCoaster.does-not-exist.org>
Minutes from our meeting on 2008-08-20 were approved and are
available online here:

   http://www.w3.org/2008/08/20-wsc-minutes

A text version is included below the .signature.

-- 
Thomas Roessler, W3C  <tlr@w3.org>




   [1]W3C

               Web Security Context Working Group Teleconference
                                  20 Aug 2008

   See also: [2]IRC log

Attendees

   Present
          Thomas Roessler, Mary Ellen Zurko, Philip Hallam Baker, Joe
          Steele, Maritza_Johnson, Jan Vidar Krey, Ian Fette, Tyler Close

   Regrets
          Johnathan_N, Yngve_P

   Chair
          Mez

   Scribe
          Maritza Johnson

Contents

     * [3]Topics
         1. [4]Approve minutes from previous meeting
         2. [5]Open action items
         3. [6]Agenda bashing
         4. [7]Testing for CR Exit - work through test scenario for 6.1.1
            and 6.1.2
         5. [8]Next meeting
     * [9]Summary of Action Items
     __________________________________________________________________

Approve minutes from previous meeting

   <Mez> [10]http://www.w3.org/2008/08/13-wsc-minutes.html

   mez: approved

Open action items

   <Mez> [11]http://www.w3.org/2006/WSC/track/actions/open

   mez: standard set of open action items, i don't know of any extras
   ... first agenda, working through our first test scenario
   ... on vacation for the next two weeks
   ... tlr will chair

Agenda Bashing

   <Mez> work through test scenario for 6.1.1 and 6.1.2

   mez: someone should be in the wiki writing done the test scenario

   thomas to capture conversation for wiki

   <tlr> [12]http://www.w3.org/2006/WSC/wiki/TestCases

Testing for CR Exit - work through test scenario for 6.1.1 and 6.1.2

   <Mez> [13]http://www.w3.org/TR/wsc-ui/#identity-requirement

   mez: what will the test scenario be for viewing the identity
   information in the primary interface

   tlr: there is a lot of check it off the list if it's ok in 6.1.1, they
   might depend on the individual browser

   mez: do we ask them to go to the url and look for it

   steele: the identity signal is consistent as the user navigates

   tlr: an interesting question about the enumeration of conditions are
   things affected by the implementation in the second parapraph

   s/pararaph/paragraph

   mez: have we handled the second paragraph

   tlr: the 3rd talks about consistency
   ... the UA must indicate no information is available
   ... the test would using the identity signal when interacting with
   different classes of websites

   <steele> with a pinned cert?

   tlr: set to test: plain http, https with regular cert, https with ev
   certs, https with broken ev cert, and possible cert conditions
   ... which we might find when testing for certificate errors
   ... we need more precise situations for these
   ... we need to understand the sites one visits when the identity
   information is available

   mez: a forward reference to 6.1.2

   <tlr> issue: clarify "positive form of identity" language in 6.1.1

   <trackbot> Created ISSUE-215 - Clarify \"positive form of identity\"
   language in 6.1.1 ; please complete additional details at
   [14]http://www.w3.org/2006/WSC/track/issues/215/edit .

   mez: are we up to the 4th paragraph?
   ... why is the last line about web content there in 6.1.1

   tlr: need to add material for when identity information is available
   ... the last sentence, as i read it, is that the identity signal is
   security chrome, might need an editorial clarificaiton
   ... the must in the last sentence might be redundant
   ... should deal with it in 7.1.4

   mez: So we have a draft to cover 6.1.1

   tlr: and we need to have the webpages with special variables to run
   this against

   mez: planning the testbed? is that a different discussion?

   tlr: let's focus on what the tests mean in the first place

   mez: moving on to 6.1.2

   tlr: sounds like another requirement that depends on how the UA shows
   it
   ... it should also be dealt with when there are many implementations

   mez: i thought the test plan would cover what we need to do to make
   that claim

   tlr: some things might be inspection of X, it's hard to test the
   absence of something

   mez: so we'll have activities around verifying that there are
   conforming implementations not in the test plan

   tlr: no, i'm having a hard time saying the questions we're asking are
   tested
   ... there is a difference between a test plan and a test

   <tlr> me too

   mez: i like having one place to cover everything
   ... don't care what name it has
   ... point in wiki on identity signal content

   <tlr> I'm not actually sure it's code inspection.

   steele: it sounds like we're requiring code inspection?
   ... is that gonna fly?

   <Mez> someone in adobe claims they checked, it's good

   mez: doesn't need to be an external person

   <Mez> we nod our heads sagely

   tlr: we could give a checklist but someone has to check it, maybe not
   our place to say how it happens

   mez: we talked about it last week, how exposed do the tests need to be
   ... in the public? unnecessary, other tests have been done in house
   ... don't know of a good alternative for code that isnt' open source
   ... test cases for top-level that's at least AA/EV

   tlr: we need to enumerate, tls secured webpage, and webpages where any
   of the criteria do not apply
   ... do/do not apply and need to verify the behavior in the cases

   mez: tables format?

   tlr: painful to do on phone and in wiki
   ... ... maybe someone should go through and write up what it should be
   ... there are some conclusions that derive from the initial spec that
   is useful

   mez: something to do at the end of the call?
   ... we're doing in the call because of lack of volunteers to do it
   another time

   <tlr> ACTION: baker to drive test case matrix for 6.12 - due 2008-09-03
   [recorded in
   [15]http://www.w3.org/2008/08/20-wsc-minutes.html#action01]

   <trackbot> Sorry, couldn't find user - baker

   <tlr> ACTION: phb to drive test case matrix for 6.12 - due 2008-09-03
   [recorded in
   [16]http://www.w3.org/2008/08/20-wsc-minutes.html#action02]

   <trackbot> Created ACTION-502 - drive test case matrix for 6.12 [on
   Phillip Hallam-Baker - due 2008-09-03].

   tlr: covers 6.1.2 in the spec
   ... looking through, we have conditions under which information is
   displayed, and we need cases where it is displayed
   ... shall we move further through the spec?

   steele: in 6.1.2, phb's action item, is it a list of candidate
   certificates and how they'll be displayed?
   ... what do you mean by all the different cases

   tlr: for the different types of certificates and the content conditions
   where they may be used, the cases need to be enumerated and the input
   needs to be broken into categories based on the interactions that
   occur, and state the output of the identity information

   steele: 6.1.2 seems to talk about other properties of the certificate
   ... how does each certificate behave under conditions

   tlr: would be a great piece of input

   mez: not enough time to get another section done in remaining time

   tlr: 6.3
   ... if we know the states when it should display we should know when
   the indicator should be present
   ... it appears the cases from 6.1 will cover it, but we should check
   ... is there anything else to say about 6.3 now

   mez: need output from phb's action-502
   ... will that get folded into the parts that are there after it is
   fleshed out
   ... ok, good start, having worked examples is useful, any topics to
   bring up for next week

Next meeting

   tlr: i'll plan to go over the comments we have so far, right now
   there's at least one comment to look at

Summary of Action Items

   [NEW] ACTION: baker to drive test case matrix for 6.12 - due 2008-09-03
   [recorded in
   [17]http://www.w3.org/2008/08/20-wsc-minutes.html#action01]
   [NEW] ACTION: phb to drive test case matrix for 6.12 - due 2008-09-03
   [recorded in
   [18]http://www.w3.org/2008/08/20-wsc-minutes.html#action02]

   [End of minutes]
     __________________________________________________________________


    Minutes formatted by David Booth's [19]scribe.perl version 1.133
    ([20]CVS log)
    $Date: 2008/08/21 11:20:02 $

References

   1. http://www.w3.org/
   2. http://www.w3.org/2008/08/20-wsc-irc
   3. http://www.w3.org/2008/08/20-wsc-minutes#agenda
   4. http://www.w3.org/2008/08/20-wsc-minutes#item01
   5. http://www.w3.org/2008/08/20-wsc-minutes#item02
   6. http://www.w3.org/2008/08/20-wsc-minutes#item03
   7. http://www.w3.org/2008/08/20-wsc-minutes#item04
   8. http://www.w3.org/2008/08/20-wsc-minutes#item05
   9. http://www.w3.org/2008/08/20-wsc-minutes#ActionSummary
  10. http://www.w3.org/2008/08/13-wsc-minutes.html
  11. http://www.w3.org/2006/WSC/track/actions/open
  12. http://www.w3.org/2006/WSC/wiki/TestCases
  13. http://www.w3.org/TR/wsc-ui/#identity-requirement
  14. http://www.w3.org/2006/WSC/track/issues/215/edit
  15. http://www.w3.org/2008/08/20-wsc-minutes.html#action01
  16. http://www.w3.org/2008/08/20-wsc-minutes.html#action02
  17. http://www.w3.org/2008/08/20-wsc-minutes.html#action01
  18. http://www.w3.org/2008/08/20-wsc-minutes.html#action02
  19. http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/scribe/scribedoc.htm
  20. http://dev.w3.org/cvsweb/2002/scribe/

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Wednesday, 3 September 2008 16:25:47 UTC