Security TF
From MemberWiki
Contents |
Background
The members of OpenAjax Alliance decided during its October 2006 face-to-face meeting that there should be a Security Task Force, which resulted in various people signing up, preparatory discussions, selection of a Chair (Larry Koved), and then a kick-off teleconference Security_Minutes_2007-06-15.
Task Force Schedule
Special coordination phone call with Security TF
There is a special coordination phone call with the Security Task Force on May 6 as follows:
- Tuesday May 6 8amPT, 11amET, 4pm London, 5pm Paris
- Summary: We will be holding a special coordination phone call between the Mobile TF and Security TF on Tuesday, May 6, to have some kickoff discussions about the security issues associated with Mobile Device APIs and what initiatives make sense in this area for OpenAjax Alliance. This first phone call should be considered largely informal and mainly about information exchange.
- Key links:
Ongoing meeting frequency and standard time slot
The security task force schedules phone calls on an as-needed basis and does not have a regularly scheduled phone call.
- Standard time slot is Friday, 8:00 AM Pacific Time; 11:00 AM Eastern Time;
Next meeting
- (not yet schedule)
- Toll Free: 1-877-422-0052
- Toll: 1-314-655-1417
- Participant Pin access code: 142380
- IRC channel: irc.freenode.net, #oaa-security
Chair and membership
Larry Koved chairs this task force. The following list is the current members in this task force:
- Alex Russell <alex(at)dojotoolkit.org>
- Bertrand Le Roy <bleroy (at) microsoft.com>
- David Boloker <boloker(at)us.ibm.com>
- Frank Nimphius <frank.nimphius(at)oracle.com>
- Gideon Lee <glee(at)openspot.com>
- Howard Weingram <weingram (at)tibco.com>
- Joe Walker <joe(at)getahead.org>
- John Crupi <john.crupi(at)jackbe.com>
- Jon Ferraiolo <jferrai(at)us.ibm.com>
- Larry Koved <koved(at)us.ibm.com>
- Naohiko Uramoto <uramoto(at)jp.ibm.com>
- Ondrej Zara <ozara(at)openlinksw.com>
- Paddy Byers <paddy.byers(at)gmail.com> (Aplix)
- Shel Finkelstein <shel.finkelstein(at)sap.com>
- Steve Hunt <steve.hunt(at)coradiant.com>
- Ted Thibodeau <tthibodeau(at)openlinksw.com>
- Todd Kaplinger <todkap(at)us.ibm.com>
- Yuecel Karabulut <yuecel.karabulut (at) sap.com>
- Xiaofeng Fan <xiaoffan(at)exchange.microsoft.com>
- Samuel Santos <ssantos(at)present-technologies.com>
Email list
The email list for the Security Task Force is security@openajax.org. Archives can be found at: http://openajax.org/pipermail/security/. To subscribe to this list, fill out the form at: http://openajax.org/mailman/listinfo/security.
Work in progress
- Security Use Cases
- Ajax Security Resources
- Ajax Authentication : "AJAX (Re)authentication Signaling and Handling for Single-domain and Multi-domain (mashup) applications"
- CSRF Protection : "The RequesterOrigin header: CSRF protection and beyond"
Documents
- http://www.openajax.org/member/wiki/JonFerraiolo_Thoughts_On_W3C_Access_Control
- SMash: Secure Cross-Domain Mashups on Unmodified Browsers[1] - technical report (see also source on sourceforge[2], svn module
/hub/trunk/sandbox/smash) - WP3 - Ajax and Mashup Security - white paper that is in progress
- Mashup Security Approaches
Meeting minutes
- Security_Minutes_2007-11-30 (minutes taken by Suresh Chari, IBM)
- Security_Minutes_2007-09-12 (minutes taken by Larry Koved, IBM)
- Security_Minutes_2007-08-10 (minutes taken by Larry Koved, IBM)
- Security_Minutes_2007-07-27 (minutes taken by Larry Koved, IBM)
- Security_Minutes_2007-07-13 (minutes taken by Larry Koved, IBM)
- Security_Minutes_2007-06-29 (minutes taken by Suresh Chari, IBM)
- Security_Minutes_2007-06-15 - (minutes taken by Jon Ferraiolo, IBM)
