From MemberWiki

URL: http://www.openajax.org/member/wiki/Interoperability_Minutes_2009-04-27

Contents 1 Attendees 2 Original Agenda 3 Minutes 3.1 Topic 1: params.IframeContainer.seed and params.IframeContainer.tokenlength 3.2 Topic 2: Editorial change to merge "Using the Hub" into "Library Management" chapter 3.3 Topic 3: Sample source code in "Managed Hub Overview" chapter 3.4 Topic 4: Beefed up security section in Mashup Assembly Application chapter 3.5 Topic 5: Split off Mashup Assembly Applications chapter into OpenAjax whitepaper 3.6 Review test suite status 3.7 Review spec status 3.8 Announce Friday's build? 3.9 Release Candidate

Attendees

• Jon Ferraiolo, IBM
• Matthias Hertel
• Javier Pedemonte, IBM
• Howard Weingram, TIBCO

Original Agenda

• Agenda
  • Topic 1: params.IframeContainer.seed and params.IframeContainer.tokenlength
  • Topic 2: Editorial change to merge "Using the Hub" into "Library Management" chapter
  • Topic 3: Sample source code in "Managed Hub Overview" chapter
    • http://www.openajax.org/member/wiki/OpenAjax_Hub_2.0_Specification_Managed_Hub_Overview#Sample_source_code
  • Topic 4: Beefed up security section in Mashup Assembly Application chapter
    • http://www.openajax.org/member/wiki/OpenAjax_Hub_2.0_Specification_Mashup_Assembly_Applications#Security_concerns
  • Topic 5: Split off Mashup Assembly Applications chapter into OpenAjax whitepaper
    • http://www.openajax.org/member/wiki/OpenAjax_Hub_2.0_Specification_Mashup_Assembly_Applications
  • Review test suite status
  • Review spec status
  • Announce Friday's build?

Minutes

Matthias: Lots of progress on test suite. I tried out the latest version of IE and it seems to work

Topic 1: params.IframeContainer.seed and params.IframeContainer.tokenlength

Javier: I brought this up last week. Should have brought it up earlier. I was going to talk to our security guys. Could either postpone it out of v1 or sneak it in.

Howard: I'm fine with putting it in. When I said it was too risky, I meant for last week since IBM had a need for a stable build last week. But OK now.

Javier: OK, I'll work on it.

Jon: Create a test case for it, also?

Javier: Yes, but a related question. FIM uses both parent token and child token.

Howard: The child token is necessary to prevent certain types of attacks. This is from the Needham-Schroeder-Lowe papers.

Javier: Should we use it for postMessage also?

Howard: I'll have to check

Javier: Next question: do we allow different token lengths, or keep the FIM tokens at six characters? We might think of FIM as legacy technology.

RESOLUTION: Leave reference implementation with FIM tokens at six characters

Topic 2: Editorial change to merge "Using the Hub" into "Library Management" chapter

Jon: I wanted to make sure everyone was aware with this change. My thinking was to have as few introductory chapter as possible to minimize number of chapters to skip before reaching the meat of the spec.

Howard: Probably fine.

Jon: I can restore the "Using the Hub" chapter easily if we decide to restore it

Topic 3: Sample source code in "Managed Hub Overview" chapter

Jon: Another thing I wanted to highlight is the updated sample source code. Looks correct to me, but I haven't gotten it to run.

Howard/Matthias: Needs to run.

Jon: Not that easy. For example, you need to assume a particular server with particular subdomains.

Howard: Include instructions for running on a local machine. Can use same domains as we use for test suite

RESOLUTION: Sample source code in spec must actually work

Topic 4: Beefed up security section in Mashup Assembly Application chapter

Jon: Also, just so people are aware. I noticed a red-colored comment from Howard about needing to add something about frame phishing, which spurred me to include several paragraphs about all of the security issues that need to be addressed by an implementation of the Hub and an application that uses the Hub.

Howard: I see that there are now two sections on security. Will need to look at those two sections.

Topic 5: Split off Mashup Assembly Applications chapter into OpenAjax whitepaper

Howard/Matthias: +1

Jon: I was thinking that the press release could point to the white paper to explain the mashup use case

Howard: No objections to the white paper, but I don't like the press release pointing to a white paper that only talks about a single use case.

Jon: We could make another white paper out of the introductory chapters that is more general about the Hub.

Review test suite status

Javier: Test suite now tests most if not all of the APIs. In good shape. Still need some work on porting the Hub 1.0 pubsub test cases. Some occasional problems with DOH, which works with timeouts. On some browsers, it sometimes pauses and then has problems thereafter. Seems to be DOH, not the Hub.

Review spec status

Jon: Far along now. I did a full pass on about 7 of the chapters. I didn't get to the Managed Hub APIs chapters with about 6 colored comments at top or the Best Practices chapter.

Howard: But we have been talking about those two chapters all along. They are nearly done.

Announce Friday's build?

Howard: I would wait a week

Release Candidate

Jon: What do we think about release candidate on Monday?

Howard: Need to sync the JSDoc with the wiki page

Jon: Any case where the wiki page is more accurate?

Howard: One case is publishForClient and subscribeForClient. Something that said only callable by container, but now says "typically". Also, one missing function defintion in code, getHub.

Jon: IMO, release candidate means spec, code, and test suite are done and ready.

Howard: No red comments in API chapter

(general agreement)

Jon: This allows the community to know that this is a good time for careful review

RESOLUTION: Maybe ready for Release Candidate next Monday