Security Minutes 2007-07-13

From MemberWiki

Jump to: navigation, search

URL: http://www.openajax.org/member/wiki/Security_Minutes_2007-06-29

Contents

OpenAjax Alliance Security Task Force minutes 2007-06-29

Attendees

  • Larry Koved <koved@us.ibm.com>
  • Jon Ferraiolo <jferrai(at)us.ibm.com>
  • Bertrand Le Roy <bleroy (at) microsoft.com>
  • David Boloker <boloker(at)us.ibm.com>
  • Naohiko Uramoto <uramoto(at)jp.ibm.com>
  • Sachiko Yoshihama <SACHIKOY(at)jp.ibm.com>
  • Michael Steiner <msteiner(at)us.ibm.com>
  • Yuecel Karabulut <yuecel.karabulut(at)sap.com>
  • Suresh N. Chari <schari(at)us.ibm.com>
  • Sumeer Bhola <sbhola(at)us.ibm.com>
  • Frederik De Keukelaere <eb41704(at)jp.ibm.com>

Original Agenda

  • Summary of the second meeting (consensus and open issues, action items for the group)
  • Discuss Hub 1.1 roadmap (Jon Ferraiolo) - http://www.openajax.org/member/wiki/OpenAjax_Hub_1.1_Roadmap
  • Discussion of recent publications (MashupOS, IBM Ajax security white paper, SMash)
  • Discuss use cases that will drive the ongoing security discussion
  • Decide on how to proceed with an OpenAjax Alliance security white paper (including security best practices)
    • If / how to bring in marketing into this discussion
    • Building a list of links to materials (resources) on web/mashup/ajax security
  • All other business
  • Date/time for follow-up task force phone call
  • Wrap up

Minutes

Jon to fix some some of the markup that was messed up.

Yuecel -- the ws scenario

Naohiko -- submitted SNS

Sachiko -- JSON & related attacks need to be added to the devWorks page.

OWSAP web site may have material might be useful. Sachiko: it may not be up to date. Other web site may be better.

Next step for the white paper? Jon to go off in a corner and write a draft. Jon to copy text to the Wiki. Then can use the wiki history / diff system to see the changes.

Summary of SMash paper (Frederik & Michael).

Jon to attach to the Wiki. It is in the mail archive, although the file extension is misleading, but it is a PDF file.

Jon asked Bertrand to ask Helen Wang, et al., to look at the paper. Larry asked that MS/MSR security folks join the next call to discuss the paper.

Jon discussed strawman proposal for OAA Hub 1.1 roadmap Motivation for why a roadmap.

Larry -- how to reach convergence between comm hub & security?

Comm hub meeting is next week. Meets (F2F) week after next

Greg Wilkins writing much of the comm task force proposal, including Bayeau.

Larry: do we do API spec, or provide reference implementation?

Steiner: We also need to specify the protocol. Gideon agrees

Jon: Early August we should have a joint conference call w/comm task force

Steiner: Why is local storage included in the Hub 1.1 roadmap?

Jon: Looking forward to the future.

Jon: How about interacting w/Caplet?

Larry: Sure. Point them toward what we're doing.


Next time:

  • Review SMash paper
  •  ???
  • Synch up on the communication task force & schedule a joint call.
Retrieved from "http://www.openajax.org/member/wiki/Security_Minutes_2007-07-13"
Personal tools