[OpenAjaxSecurity] Minutes Interoperability WG phone call 2007-09-19

Jon Ferraiolo jferrai at us.ibm.com
Thu Sep 20 10:12:37 PDT 2007


Thanks Bertrand. I updated the minutes.

Jon



                                                                           
             Bertrand Le Roy                                               
             <Bertrand.Le.Roy@                                             
             microsoft.com>                                             To 
             Sent by:                  OpenAjax Alliance Security Task     
             security-bounces@         Force <security at openajax.org>,      
             openajax.org              "interop at openajax.org"              
                                       <interop at openajax.org>,             
                                       "communicationshub at openajax.org"    
             09/20/2007 10:05          <communicationshub at openajax.org>    
             AM                                                         cc 
                                                                           
                                                                   Subject 
             Please respond to         Re: [OpenAjaxSecurity] Minutes      
             OpenAjax Alliance         Interoperability WG phone call      
               Security Task           2007-09-19                          
                   Force                                                   
             <security at openaja                                             
                  x.org>                                                   
                                                                           
                                                                           
                                                                           




<nitpicking>I said json.js in addition to (not instead of) prototype.js
because both are widely used libraries that are not part of the alliance
afaik</nitpicking>

From: security-bounces at openajax.org [mailto:security-bounces at openajax.org]
On Behalf Of Jon Ferraiolo
Sent: Wednesday, September 19, 2007 6:36 PM
To: interop at openajax.org; security at openajax.org;
communicationshub at openajax.org
Subject: [OpenAjaxSecurity] Minutes Interoperability WG phone call
2007-09-19



Hi everyone,
We had a big turnout today. As a result, I might have not recorded when
some of you joined the call. If you attended the phone call and your name
is not listed, please fix the wiki page that contains the minutes.

Thanks!
Jon

-----------------------------------------------

Full minutes:
http://www.openajax.org/member/wiki/Interoperability_Minutes_2007-09-19




OpenAjax Alliance Interoperability Committee meeting minutes 2007-09-19

Attendees
            Gideon Lee <glee(at)openspot.com>
            Jon Ferraiolo <jferrai(at)us.ibm.com>
            Ted Thibodeau <tthibodeau(at)openlinksw.com>
            Coach Wei <coach(at)nexaweb.com>
            Bertrand Le Roy <bleroy (at) microsoft.com>
            David Boloker <boloker(at)us.ibm.com>
            Howard Weingram <weingram (at)tibco.com>
            Larry Koved <koved(at)us.ibm.com>
            Naohiko Uramoto <uramoto(at)jp.ibm.com>
            Todd Kaplinger <todkap(at)us.ibm.com>
            Frederik De Keukelaere <EB41704(at)jp.ibm.com>
            Michael Steiner <msteiner(at)us.ibm.com>
            Sumeer Bhola <sbhola(at)us.ibm.com>
            Suresh N. Chari <schari(at)us.ibm.com>
            Haik Sahakian <Haik.Sahakian(at)fmr.com>
            Sachiko Yoshihama <sachikoy(at)jp.ibm.com>
            Mike Pittaro <mikeyp(at)snaplogic.org>

Original Agenda
            Agenda
                        InteropFest_1.0 reminder - time is running out
                                    http://www.openajax.org/member/wiki/InteropFest_1.0

                        Next week's face-to-face meeting
                                    Meeting home page:
                                    http://www.openajax.org/member/wiki/2007_September_Members_Meeting

                                    Agenda:
                                    http://www.openajax.org/member/wiki/2007_September_Members_Meeting_Agenda

                                    Registration:
                                    http://www.openajax.org/member/wiki/2007_September_Members_Meeting_Registration

                        OpenAjax Registry
                                    Jon has built some tools and fleshed
                                    out the Registry section of the Web
                                    site
                                                Main Registry folder:
                                                http://www.openajax.org/Registry

                                                Approved Registry:
                                                http://www.openajax.org/Registry/OpenAjax_Registry.js

                                                HTML for Registry:
                                                http://www.openajax.org/Registry/OpenAjax_Registry.html

                                                Search globals template:
                                                http://www.openajax.org/Registry/assessments/templates/search_globals.html

                                                Search globals on OpenAjax
                                                Hub:
                                                http://www.openajax.org/Registry/assessments/tests/OpenAjax_v0.7/search_globals.html

                                    Other Registry URLs:
                                                http://www.openajax.org/member/wiki/OpenAjax_Registry

                                                http://www.openajax.org/member/wiki/Registry_Candidates

                                                http://www.openajax.org/member/wiki/Registry_Candidates_for_Microsoft_Ajax

                        OpenAjax Hub 1.1
                                    Target feature set
                                    Current status
                                    Plans in the coming months
                        OpenAjax Hub 1.0 Issue 17
                                    Allow arbitrary text at end of
                                    OpenAjax.hub.registerLibrary() version
                                    strings?
                                    http://www.openajax.org/member/wiki/OpenAjax_Hub_Specification_Issues


Minutes

Topic: Introductory comments


Jon: We have an exceptionally high turnout today because we will be
discussion Hub 1.1 with people from InteropWG, now defunct CommHub TF and
Security TF. CommHub TF has now merged with InteropWG. Therefore, the
Security TF people are special guests today.



Topic: InteropFest


Jon: Reminder - press release next week. quotes need to be in by tomorrow


Bertrand: MS will be participating


Jon: Do you want to be listed in the press release?


Bertrand: Yes


Jon: Provide a quote?


Bertrand: Probably not.


Jon: I'll send you the information.



Topic: Face-to-face meeting


Jon: Big week next week. AJAXWorld mon-wed. OpenAjax f2f thurs. Mobile Ajax
workshop on friday. Our generous hosts MS need to know who will be
attending. Is there anyone here who will be attending that hasn't added
their name to the registration page?


(one person says yes and then adds his name to the registration page)


Jon: I included a link to the f2f agenda in the agenda for this meeting. If
anyone has suggestions about missing topics or other changes, please tell
me.



Topic: OpenAjax Registry


(Jon asks everyone to navigate to http://www.openajax.org/Registry and
subdirectories. Explains the assessments/ subdirectory and the
search_globals.html tool which loops recursively through the window object
to look for all JavaScript objects and properties and then allows
comparisons to determine what changes were added to the JavaScript
environment.)


Bertrand: What does the logic do?


Jon: Starts with window object. for/in loop to get all properties. If a
property is an object, then recursive go through that object.


Bertrand: Should be easy enough to add logic to look at the built-in types
and add lookups for HTML extensions.


Jon: Please send in the code.


Bertrand: Will do.


Jon: Feedback on this approach?


Howard: Have companies do this themselves.


Bertrand: Yes, in everyone's interests to submit accurate information.


Howard: Self-police. We aren't trying to do this for everyone in the
industry.


Jon: Yes. I was thinking that toolkit vendors would submit an HTML file
along with their proposal registry entry.


Howard: Some toolkits have many instantiations. Don't want to put a burden
on ourselves to study all of those permutations.


Jon: How about we encourage them to use the tools.


Howard: At some level, it is like the InteropFest.


Jon: OK, here is a proposal. I'll take this discussion and update the
Registry wiki page to reflect this discussion then send an email telling
everyone to review the diffs. Any objections to this approach?


(no objections)


Jon: Next proposal is that we start with some easy well-behaved toolkits to
see if the Registry process works for them. Then add a toolkit such as
Prototype that extends core objects. Then look at MS, which is likely to be
more complex.


Bertrand: How about json.js instead of Prototype.


Jon: Yes, good idea.



Topic: Hub 1.1


Jon: This is largely a repeat of things we have talked about many times,
but this time we are all together so I will present this again. The target
features for Hub 1.1 are to extend pub/sub beyond a single frame to
cross-frame, add a framework for secure mashups, and add mediated comet
support per the work in the CommHub task force. The proposed process is to
have volunteers work on experimental open source. This is the same process
that we used for Hub 1.0. People produced experimental open source. When
the open source was ready, we talked about it and decided what we liked and
didn't like. We consolidated contributions from multiple sources, such as
some of the Tibco/Dojo contribution with some of the Nexaweb contribution.
What do people think?


(no comments)


Jon: The SMash team has already submitted their source code to the open
source project. I am expecting them to transform the SMash code into a form
such that it will be upwardly compatible with Hub 1.0. When that is at a
point, we will look at it just like any other contribution.


Jon: The timeframe I have in mind is to have working code by the end of
2007. If there isn't enough volunteer effort, I will probably have
bandwidth after the horrible week next week to do some of this work myself.



Topic: Version string issue


Bertrand: Don't feel too strongly one way or the other. Not sure it is
worth ...(lost what he said)


MikeP: Is the issue whether we think people will want to do version number
comparisons?


Ted: ODBC has had success with four numbers separated by dots followed by
arbitrary text. The version comparison is rarely needed in early phases but
is used more in later phases.


(others - thumbs up on ODBC's success in this area)


Frederick: What is the purpose of the free text?


Jon: I can only guess what Adam had in mind and assume that most often it
would be used to say alpha N or beta M or build N.


Frederick: Human readable?


Ted: Yes. But the leading numbers can be used for comparison.


Jon: Here is what I propose. Ted sends links to ODBC specs. We agree in
principle to adopt the ODBC approach pending detailed review. But no real
decision until we review the ODBC specs. Any objections?


(no objections) _______________________________________________
security mailing list
security at openajax.org
http://openajax.org/mailman/listinfo/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openajax.org/pipermail/security/attachments/20070920/3f277228/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
Url : http://openajax.org/pipermail/security/attachments/20070920/3f277228/attachment-0003.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic21517.gif
Type: image/gif
Size: 1255 bytes
Desc: not available
Url : http://openajax.org/pipermail/security/attachments/20070920/3f277228/attachment-0004.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
Url : http://openajax.org/pipermail/security/attachments/20070920/3f277228/attachment-0005.gif 


More information about the security mailing list