[STF] STF Concall Minutes 7/22/02 from Joseph Hui on 2002-07-24 (www-ws-arch@w3.org from July 2002)

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Tue, 23 Jul 2002 17:05:09 -0700
To: <www-ws-arch@w3.org>
Message-ID: <45258A4365C6B24A9832BFE224837D5523BC39@SJDCEX01.int.exodus.net>
STF Meeting Minutes 7/22/2002

Logistics
=========
Meeting Date    07/22/2002
Meeting Time    12:00-13:00 PDT (US Pacific Day-light Time)
Duration        1 Hour
Chair           Joe Hui
Scribe          Joe Hui

Present
=======
(AB) Abbie Barbir, Nortel Networks
(AD) Ayse Dilber, AT&T
(HH) Hugo Haas, W3G
(JH) Joe Hui, Exodus
(HL) Hal Lockhart, Entegrity Solutions (Invited guest from OASIS)
(SM) Steven Monetti, AT&T
(DR) Darran Rolls, Waveset

Agendas & Minutes
=================

Intra-STF Communication

  Meeting minute preview & sanitization

   Joe, Abbie, Steve were for member previewing and 
   sanitizing concall minutes prior to their release
   to public.

   Hugo was for releasing the minutes raw right after meetings.

   The rest expressed they could go with either way.

   Resolved:
   STF meeting minutes are to be circulated among attendees
   for correction or editing prior to their release to
   the www-ws-arch@w3.org mailing list.

   Also resolved:
   Intra-STF discussion should be archived by cc'ing to
   www-archive@w3.org.  This allows the team members to
   discuss issues semi-publicly without being distracted
   by having to respond to public comments to raw ideas
   or writings meant for STF members only.


Status Update & Sync Up

  The STF is in preparation for recommending to the
  WG co-chairs for a last call for AG004's closure.
  All STF members were to sync up, in reading at least,
  on Joe's "AG004 Closure Sought" message on www-ws-arch,
  that called for closing out remaining security req issues.

  To the end of closing out AG004, several action 
  items were assigned.  (See Action Items below.)

  Security use cases/scenarios were coming along: Hugo'd
  integrated the travel-agency cases into USTF's doc,
  and would continue the integration jointly with Steve,
  incorporating as appropriate the materials that Steve
  had harvested from external sources.  (IPR was a concern
  in using harvested materials.  Extra care would be
  exercised in dealing with them.)

  The STF also needed to continue the drive toward
  the other two deliverables: the ws-sec-wg-req-scoping,
  and the techs-to-look-at.

  Darran probed how deep the STF should go into
  presenting the technologies to be recommended,
  such as those he had listed in a www-ws-arch message.
  There was no one-size-fits-all answer; but it was
  understood that it would not be the STF's job to write
  tutorials, and the discourses might selectively vary
  in depth, dependent upon context and relevancy.

  The security workshop/bof idea being floated in the
  w3c-ws-arch list was of keen interest to Abbie and Ayse.
  However, in the interst of focusing on the STF's
  deliverables for next week, no discussion of the idea
  was scheduled in the agenda.  It would definitely be
  discussed in a future meeting.


 Privacy

  Hugo clarified the remaining issue on Privacy,
  namely AC020.5; and would also do it for the WG 
  audience as in an effort to help closing out AG004.
  (Read also Action Items below.)


 Assessment from OASIS

  Hal was solicited to provide an assessment for the
  portions of security work that OASIS could do in
  terms of satisfying the WSAWG's security requirements.
  Due mainly to the reason that the WSTC (for Web
  Security Task Council?) of OASIS hadn't commenced
  its work yet (not until Sept 4), there was no
  definitive answer.


 Action Items:

 * Steve to provide a glossary-grade definition for Auditing
   in terms that are most relevant to the WSAWG's context.
   (Per general understanding, there's "active auditing"
   where a system is probed for detecting security holes;
   and there's also "passive auditing" where logs are kept
   as audit trails for accounting and intrusion detection.
   The WSAWG's sec req is about the latter.)

 * Darran to elaborate on the management aspect of security.

 * Steve to join Hugo on work of integrating "travel-agency-
   based" security use cases/scenarios into the UTSF's doc,
   incorporating externally harvested materials as appropriate.
   (The uc doc is currently frozen, save for editorial changes.
   Their work will be aiming for the next release.)

 * Hugo to clear out the remaining privacy issue, namely AC020.5.
Received on Tuesday, 23 July 2002 20:04:21 UTC