See also: IRC log
quick review for tim on the scribe role and scribe conventions
<tlr> http://www.w3.org/2007/01/30-wsc-minutes
<tlr> http://www.w3.org/2007/01/31-wsc-minutes
<tlr> http://www.w3.org/2007/02/06-wsc-minutes.html
<tlr> RESOLVED: minutes approved
no denials on the acceptance of minutes
scribe: so approved
mez: thanks everyone for making progress on the action items
mez: suggest change to content of meeting to
discuss chrome
... at least one critical party is lacking
<tlr> we could do the chrome discussion however, it sseems better for the list
tlr: reason - it has been a useful discussion on the list
<beltzner> seriously!
beltzner: suggest continue the discussion on the list as it is progressing well there.
<tlr> http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0026.html
mez: has everyone read this through and found
it OK?
... is silence affirmation? Is this a good set of replacement text
tjh: has not read it all the way through and thus must abstain
<Pau1> ditto :)
<tlr> Variations: The URI that Doyle typed can be correct or not. Orthogonal to this, he can end up on the web site he intended to interact with, or not. Doyle might also have typed a keyword glanced from the movie screen into a search box.
<PHB> Orthogonal in use cases means that satisfying one use case does not necessarily affect another
tlr: suggests different wording here and
there.
... to make clear that this is in a different direction
beltzner: intends to read today.
phb: thinking about orthogonal piece
... not sure there can be orthogonal use cases
<tlr> ACTION: thomas to replace "orthogonal" by clearer language in the use case rework [recorded in http://www.w3.org/2007/02/13-wsc-minutes.html#action01]
<trackbot> Created ACTION-141 - Replace \"orthogonal\" by clearer language in the use case rework [on Thomas Roessler - due 2007-02-20].
phb: use cases tend to be variations and thus terming them independent may be better than orthogonal.
tlr: happy to replace it (see ACTION-141)
<Mez_> http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0053.html
tyler: looking at e-mail - use case 18 was
reworked from use case 11.
... current use case does not talk about matching up names
... it is likely that this issue will come up
<tlr> http://www.w3.org/2006/WSC/drafts/note/#introduction
<Tyler> http://www.w3.org/2006/WSC/drafts/note/Overview.html#introduction
tlr: discusses use case 11, and clarifies 18
... we would not deal with where a reputation service is, just that it exists
somewhere
mez: so what is the right fix?
tlr: there are multiple use cases related to
what Tyler referred to in use case 11
... for example, a bank that has just changed its name.
tlr: believes the intended question (from Tyler) is covered by several of the use cases
tyler: any feedback from Stuart yet on how these fit in to a more structured model?
mez: he is out this week, so not yet. Hopefully
he will engage next week.
... it will be important to get his feedback.
hal: likes the idea of extracting out these
properties.
... this is a way to clear up the large number of potential cases.
tlr: one thing noted was that some of the critical distinctions were not along the same lines as the original use cases
<Mez_> http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0053.html
mez: let us look forward to mike's reply
... do the use cases cover Confidentiality, Integrity, Authenticity?
... and cover Reputation?
tyler: need to re-evaluate them for this.
tlr: one that is not covered well is
integrity.
... use case 19 covers authenticity
... tlr to take an action to clarify use case 19 covers network-level
authenticity
<tlr> ACTION: thomas to change use case 19 to make clear that network-levle confdentiality threats are covered [recorded in http://www.w3.org/2007/02/13-wsc-minutes.html#action02]
<trackbot> Created ACTION-142 - Change use case 19 to make clear that network-levle confdentiality threats are covered [on Thomas Roessler - due 2007-02-20].
mez: looking for first public draft of this soon
mez: after this discussion completes, these use cases should be dropped into the first public working document (FPWD).
<tlr> tlr: PROPOSED to take use case rework into FPWD
hal: is this supposed to represent what is or
how users think about what they are seeing?
... suspects that users view/assess reputation quite a bit more than, say,
integrity
... users also tend to think of CIA wholistically, rather than separately
tlr: at the F2F we looked at some basic roles
around these scenarios
... then write a story around the scenario so that people can understand the
scenario, and also describe the important aspects
... of that scenario from a security perspective.
... if there is some additional questions that a user would ask that are not
covered here
... then let us create additional use cases to cover those.
... hopes that we would go back and review these, then revisit/update the use
case as appropriate.
... if there are more questions we need to address that are not motivated by
these use cases, then we need to add more use cases
... to ensure those questions have a basis
mez: really want FPWD by next meeting
<tlr> look over the current text for huge issues
mez: requests everyone look over the draft today or tomorrow
tyler: requests Thomas drop the new use cases into the note
tlr: not able to do it by tomorrow (in other
meetings)
... also have an action item due today to do some re-formatting and
updates
... could just send an updated text version to the list
mez: suggest we go with whatever is there at end of day tomorrow - or wait another week.
tlr: feels this need not shift the deliverable a whole week
mez: asks how much time we need from the final re-wording to review
tlr: should only take a couple days to review
it
... proposes tyler re-format during the day tomorrow
tyler: reformat, yes, but resolving parenthetical comments no
tlr: sounds like there will be SOME version by end day tomorrow
mez: sounds good
... have we closed discussion on ACTION-125 ?
... no responses - it appears that we have closed discussion.
tlr: proposed title: Web Security Context Use Cases and Requirements
<tlr> PROPOSED title: Web Security Context Use Cases and Requirements
tyler: everyone I have talked to has been baffled by "web Security Context"
mez: agrees
mez, tlr: request folks find or dream up a better name/phrase
<Zakim> tlr, you wanted to raise ISSUE-10
<tlr> http://www.w3.org/2006/WSC/Group/track/issues/10
tlr: in the current note text, there is
confusion over the term "web"
... what is "web" and what is "non-web"
... there is some discussion about HTTP, HTTPS protocols
... there is some stuff "nearby" like SOAP.
... things out of scope like "touch e-mail"
... but what about things related to information in a URI (wherever that URI
might appear)?
... proposes: we start out saying the core of our scope is the web, surfed
using HTTP, with a reference to the web architecture document.
... then that we will be dealing with security layer, in particular HTTPS.
... and then other protocols that show up in URIs, while not a goal, we may
offer some guidance on
mez: this text needs to get in by close of business tomorrow ... or we wait a week
tlr: what do people think of the current text?
mez: the stuff there so far looked ok (thus no
response)
... but please propose text.
beltzner: is this a blocker?
... seems not
... assuming not, let the first draft go and we can discuss outside of a
rush.
tlr: feels this is important
tyler: am aware of the time-sink that this can take us down.
<tlr> ACTION: thomas to propose text to resolve ISSUE-10 [recorded in http://www.w3.org/2007/02/13-wsc-minutes.html#action03]
<trackbot> Created ACTION-143 - Propose text to resolve ISSUE-10 [on Thomas Roessler - due 2007-02-20].
<Pau1> no complaints from me
tlr: one more issue with the draft - section
9.3 (Implementation)
... current text is relatively strong about having open source reference
implementations.
... would be delighted to see this, but can we make this request?
<Tyler> http://www.w3.org/2006/WSC/drafts/note/Overview.html#usability-testing
tlr: also, it says sample code will be made available by the working group
<tlr> http://www.w3.org/mid/OF75AA6DF6.9CE9675E-ON8525727A.00765350-8525727B.00573FDA@LocalDomain
tlr: or at least be made available
publically
... concerned that we are making this bold statement
<Mez_> and thomas' reply online is
<Mez_> http://lists.w3.org/Archives/Public/public-wsc-wg/2007Feb/0034.html
hal: then let us just drop it, and not promise anything
tjh: I ack hal's idea
... (or at least I ack not promising we will deliver sample code)
<staikos> I hope to provide sample code and make it publically available
<staikos> :-)
<staikos> publicly
tlr: mez to take an action to make this change.
<tlr> ACTION: zurko to drop public sample code promise from 10.3 and send text to list & tyler [recorded in http://www.w3.org/2007/02/13-wsc-minutes.html#action04]
<trackbot> Created ACTION-144 - Drop public sample code promise from 10.3 and send text to list & tyler [on Mary Ellen Zurko - due 2007-02-20].
<Tyler> Mez and TLR can we talk after the call?
<tlr> we can just stay on the bridge
mez: we adjourn now at 0:59
... hopefully threat trees in two weeks.
<tlr> http://www.w3.org/2005/08/transition?docstatus=fpwd-wd-tr
<tlr> http://w3.org/brief/MzE=