[OpenAjaxSecurity] Minutes Interoperability WG phone call 2007-09-19

Jon Ferraiolo jferrai at us.ibm.com
Wed Sep 19 18:36:26 PDT 2007

Hi everyone,
We had a big turnout today. As a result, I might have not recorded when
some of you joined the call. If you attended the phone call and your name
is not listed, please fix the wiki page that contains the minutes.



Full minutes:

OpenAjax Alliance Interoperability Committee meeting minutes 2007-09-19

      Gideon Lee <glee(at)openspot.com>
      Jon Ferraiolo <jferrai(at)us.ibm.com>
      Ted Thibodeau <tthibodeau(at)openlinksw.com>
      Coach Wei <coach(at)nexaweb.com>
      Bertrand Le Roy <bleroy (at) microsoft.com>
      David Boloker <boloker(at)us.ibm.com>
      Howard Weingram <weingram (at)tibco.com>
      Larry Koved <koved(at)us.ibm.com>
      Naohiko Uramoto <uramoto(at)jp.ibm.com>
      Todd Kaplinger <todkap(at)us.ibm.com>
      Frederik De Keukelaere <EB41704(at)jp.ibm.com>
      Michael Steiner <msteiner(at)us.ibm.com>
      Sumeer Bhola <sbhola(at)us.ibm.com>
      Suresh N. Chari <schari(at)us.ibm.com>
      Haik Sahakian <Haik.Sahakian(at)fmr.com>
      Sachiko Yoshihama <sachikoy(at)jp.ibm.com>
      Mike Pittaro <mikeyp(at)snaplogic.org>

Original Agenda
            InteropFest_1.0 reminder - time is running out
            Next week's face-to-face meeting
                  Meeting home page:



            OpenAjax Registry
                  Jon has built some tools and fleshed out the Registry
                  section of the Web site
                        Main Registry folder:
                        Approved Registry:

                        HTML for Registry:

                        Search globals template:

                        Search globals on OpenAjax Hub:

                  Other Registry URLs:



            OpenAjax Hub 1.1
                  Target feature set
                  Current status
                  Plans in the coming months
            OpenAjax Hub 1.0 Issue 17
                  Allow arbitrary text at end of
                  OpenAjax.hub.registerLibrary() version strings?


Topic: Introductory comments

Jon: We have an exceptionally high turnout today because we will be
discussion Hub 1.1 with people from InteropWG, now defunct CommHub TF and
Security TF. CommHub TF has now merged with InteropWG. Therefore, the
Security TF people are special guests today.

Topic: InteropFest

Jon: Reminder - press release next week. quotes need to be in by tomorrow

Bertrand: MS will be participating

Jon: Do you want to be listed in the press release?

Bertrand: Yes

Jon: Provide a quote?

Bertrand: Probably not.

Jon: I'll send you the information.

Topic: Face-to-face meeting

Jon: Big week next week. AJAXWorld mon-wed. OpenAjax f2f thurs. Mobile Ajax
workshop on friday. Our generous hosts MS need to know who will be
attending. Is there anyone here who will be attending that hasn't added
their name to the registration page?

(one person says yes and then adds his name to the registration page)

Jon: I included a link to the f2f agenda in the agenda for this meeting. If
anyone has suggestions about missing topics or other changes, please tell

Topic: OpenAjax Registry

(Jon asks everyone to navigate to http://www.openajax.org/Registry and
subdirectories. Explains the assessments/ subdirectory and the
search_globals.html tool which loops recursively through the window object
to look for all JavaScript objects and properties and then allows
comparisons to determine what changes were added to the JavaScript

Bertrand: What does the logic do?

Jon: Starts with window object. for/in loop to get all properties. If a
property is an object, then recursive go through that object.

Bertrand: Should be easy enough to add logic to look at the built-in types
and add lookups for HTML extensions.

Jon: Please send in the code.

Bertrand: Will do.

Jon: Feedback on this approach?

Howard: Have companies do this themselves.

Bertrand: Yes, in everyone's interests to submit accurate information.

Howard: Self-police. We aren't trying to do this for everyone in the

Jon: Yes. I was thinking that toolkit vendors would submit an HTML file
along with their proposal registry entry.

Howard: Some toolkits have many instantiations. Don't want to put a burden
on ourselves to study all of those permutations.

Jon: How about we encourage them to use the tools.

Howard: At some level, it is like the InteropFest.

Jon: OK, here is a proposal. I'll take this discussion and update the
Registry wiki page to reflect this discussion then send an email telling
everyone to review the diffs. Any objections to this approach?

(no objections)

Jon: Next proposal is that we start with some easy well-behaved toolkits to
see if the Registry process works for them. Then add a toolkit such as
Prototype that extends core objects. Then look at MS, which is likely to be
more complex.

Bertrand: How about json.js instead of Prototype.

Jon: Yes, good idea.

Topic: Hub 1.1

Jon: This is largely a repeat of things we have talked about many times,
but this time we are all together so I will present this again. The target
features for Hub 1.1 are to extend pub/sub beyond a single frame to
cross-frame, add a framework for secure mashups, and add mediated comet
support per the work in the CommHub task force. The proposed process is to
have volunteers work on experimental open source. This is the same process
that we used for Hub 1.0. People produced experimental open source. When
the open source was ready, we talked about it and decided what we liked and
didn't like. We consolidated contributions from multiple sources, such as
some of the Tibco/Dojo contribution with some of the Nexaweb contribution.
What do people think?

(no comments)

Jon: The SMash team has already submitted their source code to the open
source project. I am expecting them to transform the SMash code into a form
such that it will be upwardly compatible with Hub 1.0. When that is at a
point, we will look at it just like any other contribution.

Jon: The timeframe I have in mind is to have working code by the end of
2007. If there isn't enough volunteer effort, I will probably have
bandwidth after the horrible week next week to do some of this work myself.

Topic: Version string issue

Bertrand: Don't feel too strongly one way or the other. Not sure it is
worth ...(lost what he said)

MikeP: Is the issue whether we think people will want to do version number

Ted: ODBC has had success with four numbers separated by dots followed by
arbitrary text. The version comparison is rarely needed in early phases but
is used more in later phases.

(others - thumbs up on ODBC's success in this area)

Frederick: What is the purpose of the free text?

Jon: I can only guess what Adam had in mind and assume that most often it
would be used to say alpha N or beta M or build N.

Frederick: Human readable?

Ted: Yes. But the leading numbers can be used for comparison.

Jon: Here is what I propose. Ted sends links to ODBC specs. We agree in
principle to adopt the ODBC approach pending detailed review. But no real
decision until we review the ODBC specs. Any objections?

(no objections)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openajax.org/pipermail/security/attachments/20070919/69b13304/attachment.html 

More information about the security mailing list