[OpenAjaxSecurity] Minutes from today's call
jferrai at us.ibm.com
Fri Jul 13 15:32:00 PDT 2007
OpenAjax Alliance Security Task Force minutes 2007-06-29
Larry Koved <koved at us.ibm.com>
Jon Ferraiolo <jferrai(at)us.ibm.com>
Bertrand Le Roy <bleroy (at) microsoft.com>
David Boloker <boloker(at)us.ibm.com>
Naohiko Uramoto <uramoto(at)jp.ibm.com>
Sachiko Yoshihama <SACHIKOY(at)jp.ibm.com>
Michael Steiner <msteiner(at)us.ibm.com>
Yuecel Karabulut <yuecel.karabulut(at)sap.com>
Suresh N. Chari <schari(at)us.ibm.com>
Sumeer Bhola <sbhola(at)us.ibm.com>
Summary of the second meeting (consensus and open issues, action
items for the group)
Discuss Hub 1.1 roadmap (Jon Ferraiolo) -
Discussion of recent publications (MashupOS, IBM Ajax security white
Discuss use cases that will drive the ongoing security discussion
Decide on how to proceed with an OpenAjax Alliance security white
paper (including security best practices)
If / how to bring in marketing into this discussion
Building a list of links to materials (resources) on
All other business
Date/time for follow-up task force phone call
Jon to fix some some of the markup that was messed up.
Yuecel -- the ws scenario
Naohiko -- submitted SNS
Sachiko -- JSON & related attacks need to be added to the devWorks page.
OWSAP web site may have material might be useful. Sachiko: it may not be up
to date. Other web site may be better.
Next step for the white paper? Jon to go off in a corner and write a draft.
Jon to copy text to the Wiki. Then can use the wiki history / diff system
to see the changes.
Summary of SMash paper (Frederik & Michael).
Jon to attach to the Wiki. It is in the mail archive, although the file
extension is misleading, but it is a PDF file.
Jon asked Bertrand to ask Helen Wang, et al., to look at the paper. Larry
asked that MS/MSR security folks join the next call to discuss the paper.
Jon discussed strawman proposal for OAA Hub 1.1 roadmap Motivation for why
Larry -- how to reach convergence between comm hub & security?
Comm hub meeting is next week. Meets (F2F) week after next
Greg Wilkins writing much of the comm task force proposal, including
Larry: do we do API spec, or provide reference implementation?
Steiner: We also need to specify the protocol. Gideon agrees
Jon: Early August we should have a joint conference call w/comm task force
Steiner: Why is local storage included in the Hub 1.1 roadmap?
Jon: Looking forward to the future.
Jon: How about interacting w/Caplet?
Larry: Sure. Point them toward what we're doing.
Review SMash paper
Synch up on the communication task force & schedule a joint call.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security