Action items

- Stefan to get rest of OASIS Standards page data loaded to spreadsheet

- (NEW) Chet to ask Frederick for any copies of information on the security concerns section of W3C specifications

- (NEW) Chet set up the document in Google Docs and we can craft it into an incident response

Agenda

1) Roll call

2) Approve agenda

3) Approve minutes

4) Status of public reviews

5) Status of action items

6) Progress on the Google sheet

7) Bret Jordan suggestion to add Security Considerations to the OASIS spec template

8) Board Process Committee request for incident response plan

9) Progress on the editor's manual

10) AOB

Minutes

1. Roll call

Jacques Durand
Patrick Durusau
Chet Ensign

Stefan Hagen, Trey Darley - regrets

Invited expert:

Ashok Malhotra

2. Approve agenda

No discussion of agenda. No objections. Agenda unanimously

approved.

3. Approve minutes

04 April 2018: https://www.oasis-open.org/apps/org/workgroup/tab/email/archives/201804/msg00026.html

No discussion of minutes. No objections. Minutes unanimously approved.

4. Status of public reviews

New first public review: XHE Version 1.0, ends May 29th

Announcement: https://www.oasis-open.org/news/announcements/invitation-to-comment-on-exchange-header-envelope-xhe-v1-0-ends-may-29th. Labels are added to the TAB JIRA

5. Status of action items

- Chet to make agreed to edit to part 3 of editor's manual then circulate to TAB for final approval
Done & closed

- Stefan to get rest of OASIS Standards page data loaded to spreadsheet
Progress, still open

6. Progress on the Google sheet

Jacques loaded latest spreadsheet from Stefan. 98 standards now listed

Chet: Once we have all the OS and CS loaded, I can start maintaining the data in it and stop using the standards page as the master list and in future reverse engineer HTML of the standards list from the spreadsheet

Stefan wrote us that he found anomalies in the latest records. He is continuing to load and clean

7. Bret Jordan suggestion to add Security Considerations to the OASIS spec template

Agreement that this is a good ideal generally speaking. We note that W3C spec templates have a security section that is optional. Patrick notes that the difficult question is where you draw the line on what security concerns a TC should address?

Patrick pointed to https://www.w3.org/TR/2018/REC-ttml-imsc1.0.1-20180424/ K. Privacy and Security Considerations (non-normative)

Consensus is we should include a section in our template as non-normative and find some explanatory texts to point TCs at for guidance / ideas on what to cover.

8. Board Process Committee request for incident response plan

Discussed. Noted that one problem is how does a TC know who has implemented their spec and thus may be at risk.

Should be plenty written up on the subject however.

AI: Chet set up the document in Google Docs and we can craft it into an incident response

9. Progress on the editor's manual

https://docs.google.com/document/d/1yA-wt2wB4NOpgoQ81VBfuJ1WPA1GK_BuddiVP_L6BnU/edit#

Chet recapped the changes made

Agreed that we'll review between now and next meeting so we can approve at next meeting.

10. AOB

No other business raised.

Next meeting will be Wednesday, June 16, 2018 at at 16:00 UTC.

Chat log

2018-05-02 GMT+00:00
[15:01] anonymous morphed into Trey
[15:46] Chet: Today's agenda: 1) Roll call 2) Approve agenda 3) Approve minutes https://www.oasis-open.org/apps/org/workgroup/tab/email/archives/201804/msg00026.html 4) Status of public reviews XHE Version 1.0 - ends May 29th - https://www.oasis-open.org/news/announcements/invitation-to-comment-on-exchange-header-envelope-xhe-v1-0-ends-may-29th 5) Status of action items - Chet to make agreed to edit to part 3 of editor's manual then circulate to TAB for final approval - Stefan to get rest of OASIS Standards page data loaded to spreadsheet 7) Progress on the Google sheet 7) Bret Jordan suggestion to add Security Considerations to the OASIS spec template 8) Board Process Committee request for incident response plan https://lists.oasis-open.org/archives/tab/201804/msg00028.htm 9) Progress on the editor's manual 10) AOB
[16:08] Chet: 1) roll call
[16:08] Chet: Patrick, Jacques, Chet - Regrets - Stefan, Trey
[16:11] Chet: Have quorum.
[16:11] Chet: 2) Approve agenda
[16:11] Chet: No discussion. No objs. Agenda approved.
[16:11] Chet: 3) Minutes
[16:11] Chet: No discussion. No objs. Minutes approved.
[16:11] Chet: 4) Public reviews
[16:17] Chet: 5) Action items
[16:18] Chet: - Chet to make agreed to edit to part 3 of editor's manual then circulate to TAB for final approval
[16:18] Chet: Doen.
[16:18] Chet: - Stefan to get rest of OASIS Standards page data loaded to spreadsheet
[16:18] Chet: Still open
[16:19] Chet: 7) Progress on the Google sheet
[16:20] Chet: Question: Jacques - did you see the spreadsheet? Yes.
[16:20] Chet: And converted and loaded to the Google sheet.
[16:20] Chet: No change made to the schema / columns
[16:21] Chet: Checked it in the Google client sheet
[16:21] Chet: Sharing screen
[16:22] Chet: 98 standards now listed
[16:32] Chet: Once we have all the OS and CS loaded, I can start maintaining the data in it and stop using the standards page as the master list and in future reverse engineer HTML of the standards list from the spreadsheet
[16:33] Chet: 8 ) Bret Jordan suggestion to add Security Considerations to the OASIS spec template
[16:35] Chet: What do you all think? Ashok: good idea.
[16:35] Chet: A: W3C specs have a security section - most all of them
[16:36] Chet: A: but they don't provide guidance on what to put in it
[16:37] Chet: P: good idea to have a mention but e.g. for Open Office would we have to explain how something using the format might cause a security concern. In other words, where do you draw the line on what security concerns the TC should address?
[16:37] Chet: A: I think it is in the template but it is optional.
[16:38] Chet: Where should we give TCs guidance on what to include?
[16:38] Chet: We don't have access to a copy of the W3C template.
[16:39] Chet: Chet to ask Frederick for a copy
[16:40] Patrick: For example: https://www.w3.org/TR/2018/REC-ttml-imsc1.0.1-20180424/ K. Privacy and Security Considerations (non-normative) TTML security The security and privacy considerations of [rfc3023] and [TTML1] apply, particularly in relation to document parsing. XML Entities are excluded from the Reduced XML Infoset of TTML and are therefore not considered part of Document Instances; nevertheless implementations are encouraged to provide protection against recursive entity expansion or prevent entity expansion altogether in processors.
[16:42] Chet: P: a security section needs to be made NON-normative. It doesn't guarantee anything. Just there as a placeholder to get them to think about it a bit.
[16:43] Chet: Consensus - include as non-normative and find some explanatory texts to point them too for guidance / ideas
[16:44] Chet: 9) Board Process Committee request for incident response plan
[16:44] Chet: A: I read the document - only thing I didn't see is if they find a hole they ought to fix the spec
[16:46] Chet: C: Frederick said fix code first behind closed doors - then announce and fix spec
[16:49] Chet: C: my idea is to have a closed Kavi group where TCs can work to fix the code and then make it public. P: shouldn't all the background info be made public after the fix
[16:51] Chet: A: one situation could come up - people go off and implement the spec but they don't tell you. How do you find them?
[16:52] Chet: How do you make an announcement that it is really important that you get in touch with us but we can't tell you why. Patrick - put it on slash.dot
[16:53] Chet: AI: Chet set up the document in Google Docs and we can craft it into an incident response
[16:53] Chet: 9) Progress on the editor's manual
[16:54] Chet: https://docs.google.com/document/d/1yA-wt2wB4NOpgoQ81VBfuJ1WPA1GK_BuddiVP_L6BnU/edit#
[16:59] Chet: Chet recaps the changes made
[17:00] Chet: Let's review between now and next meeting so we can approve at next meeting
[17:00] Chet: AOB?
[17:00] Chet: None

20180502 (last edited 2018-05-03 20:52:51 by chet.ensign)