[OpenAjaxSecurity] Minutes from today's call

Jon Ferraiolo jferrai at us.ibm.com
Fri Jul 13 15:32:00 PDT 2007



OpenAjax Alliance Security Task Force minutes 2007-06-29

Attendees
      Larry Koved <koved at us.ibm.com>
      Jon Ferraiolo <jferrai(at)us.ibm.com>
      Bertrand Le Roy <bleroy (at) microsoft.com>
      David Boloker <boloker(at)us.ibm.com>
      Naohiko Uramoto <uramoto(at)jp.ibm.com>
      Sachiko Yoshihama <SACHIKOY(at)jp.ibm.com>
      Michael Steiner <msteiner(at)us.ibm.com>
      Yuecel Karabulut <yuecel.karabulut(at)sap.com>
      Suresh N. Chari <schari(at)us.ibm.com>
      Sumeer Bhola <sbhola(at)us.ibm.com>
      Frederik

Original Agenda
      Summary of the second meeting (consensus and open issues, action
      items for the group)
      Discuss Hub 1.1 roadmap (Jon Ferraiolo) -
      http://www.openajax.org/member/wiki/OpenAjax_Hub_1.1_Roadmap
      Discussion of recent publications (MashupOS, IBM Ajax security white
      paper, SMash)
      Discuss use cases that will drive the ongoing security discussion
            See http://www.openajax.org/member/wiki/Security_Use_Cases
      Decide on how to proceed with an OpenAjax Alliance security white
      paper (including security best practices)
            If / how to bring in marketing into this discussion
            Building a list of links to materials (resources) on
            web/mashup/ajax security
      All other business
      Date/time for follow-up task force phone call
      Wrap up

Minutes


Jon to fix some some of the markup that was messed up.


Yuecel -- the ws scenario


Naohiko -- submitted SNS


Sachiko -- JSON & related attacks need to be added to the devWorks page.


OWSAP web site may have material might be useful. Sachiko: it may not be up
to date. Other web site may be better.


Next step for the white paper? Jon to go off in a corner and write a draft.
Jon to copy text to the Wiki. Then can use the wiki history / diff system
to see the changes.


Summary of SMash paper (Frederik & Michael).


Jon to attach to the Wiki. It is in the mail archive, although the file
extension is misleading, but it is a PDF file.


Jon asked Bertrand to ask Helen Wang, et al., to look at the paper. Larry
asked that MS/MSR security folks join the next call to discuss the paper.


Jon discussed strawman proposal for OAA Hub 1.1 roadmap Motivation for why
a roadmap.


Larry -- how to reach convergence between comm hub & security?


Comm hub meeting is next week. Meets (F2F) week after next


Greg Wilkins writing much of the comm task force proposal, including
Bayeau.


Larry: do we do API spec, or provide reference implementation?


Steiner: We also need to specify the protocol. Gideon agrees


Jon: Early August we should have a joint conference call w/comm task force


Steiner: Why is local storage included in the Hub 1.1 roadmap?


Jon: Looking forward to the future.


Jon: How about interacting w/Caplet?


Larry: Sure. Point them toward what we're doing.



Next time:
      Review SMash paper
       ???
      Synch up on the communication task force & schedule a joint call.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openajax.org/pipermail/security/attachments/20070713/a43b1d7b/attachment.html 


More information about the security mailing list