From MemberWiki

URL: http://www.openajax.org/member/wiki/Security_Minutes_2007-09-12

Contents 1 OpenAjax Alliance Security Task Force minutes 2007-09-12 1.1 Attendees 1.2 Original Agenda 2 Minutes 2.1 Topic: Interop conference call next Wednesday 8pm EDT, 5pm PDT, 9am JDT. 2.2 Topic: Jon posting the security white paper 2.3 Topic: Market 2.4 Topic: SMash released to SourceForge 2.5 Topic: Face-2-face meeting? 2.6 Topic: Authentication scenarios (Larry)

OpenAjax Alliance Security Task Force minutes 2007-09-12

Attendees

• Larry Koved <koved(at)us.ibm.com>, chair
• Jon Ferraiolo <jferrai(at)us.ibm.com>
• Todd Kaplinger <todkap(at)us.ibm.com>
• Frederik De Keukelaere <eb41704(at)jp.ibm.com>
• Bertrand Le Roy <bleroy (at) microsoft.com>
• Sachiko Yoshihama <SACHIKOY(at)jp.ibm.com>

Original Agenda

• Summary of the previous meeting (consensus and open issues, action items for the group)
• WP3 - Ajax and Mashup Security security white paper status
• Status of Hub 1.1 & the call on the 19th
  • SMash status & timeline for Hub 1.1 prototype
  • F2F meeting? Who, what, when?
  • As time allows:
    • Start discussion of the server-side issues
    • Start discussion of authentication issues
• Date/time for follow-up task force phone call
• Wrap up

Minutes

Topic: Interop conference call next Wednesday 8pm EDT, 5pm PDT, 9am JDT.

no other discussion

Topic: Jon posting the security white paper

• Mashup security white paper: http://www.openajax.org/whitepapers/Ajax%20and%20Mashup%20Security.html

Topic: Market

• AjaxWorld Magazine to publish 3 articles. One is a condensed version of the security article -- ~1200 words. References the OAA article.

Topic: SMash released to SourceForge

just an announcement

Topic: Face-2-face meeting?

• ~ 1/2 people will be either interop or security folks. Most of the discussion will be technical.
• Thursday September 27 @ MS in Mountain View.
• F2F agenda: http://www.openajax.org/member/wiki/2007_September_Members_Meeting_Agenda
• Google Gears team may show up to discuss offline features. May work around their schedule.
• (Logistics discussion to enable remote participation)

Topic: Authentication scenarios (Larry)

• Identify scenarios and technologies we want to influence.
• See how to fit this into the interop
• Jon: Seems like this fits into the OpenAjax mission.
• Larry: IBM interested in working in this area
• Bertrand: Live ID -- needs to find the right people... Maybe InfoCard / CardSpace folks
• SAP? Novell? ????