[OpenAjaxSecurity] Minutes from today's call

Jon Ferraiolo jferrai at us.ibm.com
Fri Jul 13 15:32:00 PDT 2007

OpenAjax Alliance Security Task Force minutes 2007-06-29

      Larry Koved <koved at us.ibm.com>
      Jon Ferraiolo <jferrai(at)us.ibm.com>
      Bertrand Le Roy <bleroy (at) microsoft.com>
      David Boloker <boloker(at)us.ibm.com>
      Naohiko Uramoto <uramoto(at)jp.ibm.com>
      Sachiko Yoshihama <SACHIKOY(at)jp.ibm.com>
      Michael Steiner <msteiner(at)us.ibm.com>
      Yuecel Karabulut <yuecel.karabulut(at)sap.com>
      Suresh N. Chari <schari(at)us.ibm.com>
      Sumeer Bhola <sbhola(at)us.ibm.com>

Original Agenda
      Summary of the second meeting (consensus and open issues, action
      items for the group)
      Discuss Hub 1.1 roadmap (Jon Ferraiolo) -
      Discussion of recent publications (MashupOS, IBM Ajax security white
      paper, SMash)
      Discuss use cases that will drive the ongoing security discussion
            See http://www.openajax.org/member/wiki/Security_Use_Cases
      Decide on how to proceed with an OpenAjax Alliance security white
      paper (including security best practices)
            If / how to bring in marketing into this discussion
            Building a list of links to materials (resources) on
            web/mashup/ajax security
      All other business
      Date/time for follow-up task force phone call
      Wrap up


Jon to fix some some of the markup that was messed up.

Yuecel -- the ws scenario

Naohiko -- submitted SNS

Sachiko -- JSON & related attacks need to be added to the devWorks page.

OWSAP web site may have material might be useful. Sachiko: it may not be up
to date. Other web site may be better.

Next step for the white paper? Jon to go off in a corner and write a draft.
Jon to copy text to the Wiki. Then can use the wiki history / diff system
to see the changes.

Summary of SMash paper (Frederik & Michael).

Jon to attach to the Wiki. It is in the mail archive, although the file
extension is misleading, but it is a PDF file.

Jon asked Bertrand to ask Helen Wang, et al., to look at the paper. Larry
asked that MS/MSR security folks join the next call to discuss the paper.

Jon discussed strawman proposal for OAA Hub 1.1 roadmap Motivation for why
a roadmap.

Larry -- how to reach convergence between comm hub & security?

Comm hub meeting is next week. Meets (F2F) week after next

Greg Wilkins writing much of the comm task force proposal, including

Larry: do we do API spec, or provide reference implementation?

Steiner: We also need to specify the protocol. Gideon agrees

Jon: Early August we should have a joint conference call w/comm task force

Steiner: Why is local storage included in the Hub 1.1 roadmap?

Jon: Looking forward to the future.

Jon: How about interacting w/Caplet?

Larry: Sure. Point them toward what we're doing.

Next time:
      Review SMash paper
      Synch up on the communication task force & schedule a joint call.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openajax.org/pipermail/security/attachments/20070713/a43b1d7b/attachment.html 

More information about the security mailing list