[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OSLC CORE TC Minutes October 29, 2015
Please note that next meeting starts a half hour later than usual. Due to the unusual start to the meeting I forgot to request any corrections/additions/deletions to the Oct 15 minutes. If you have any issues with the minutes please raise them in the next 24hrs, else I will declare the minutes as accepted. Finally, I will be unable to attend that meeting since I am needed at a customer meeting. Minutes
Chair
Scribe
Attendees
Regrets Resolutions
·
Reference the code in Nick's
ReSpec repository rather than the one currently owned by Steve Speicher Actions
Chat transcript from room: oslc [07:08] Martin Sarabura (PTC): Martin to be scribe [07:09] Martin Sarabura (PTC): Action items from previous meeting
[07:10] Martin Sarabura (PTC): Nick: Statement from LDP editor regarding creation factories and LDPCs
[07:11] Martin Sarabura (PTC): Issue is nature of preference header
[07:12] Martin Sarabura (PTC): This issue is still open - leave on list as action item, hopefully report via email
[07:12] Martin Sarabura (PTC): Martin: List published in advance of meeting
[07:13] Martin Sarabura (PTC): Issues today: [07:14] Martin Sarabura (PTC): Probably should wait for Jim to join before discussing because as editor he will have input
[07:15] Martin Sarabura (PTC): Question: Shift this meeting later by half hour for the next 3 meetings?
[07:16] David Honey (IBM): Works for me as well. [07:16] Martin Sarabura (PTC): Ian will not be able to attend next meeting anyway, otherwise time shift ok
[07:20] Martin Sarabura (PTC): Issue 42: Nick bring us up to speed re conversations
[07:21] Martin Sarabura (PTC): Steve Speicher currently owns respec code, could change the script inclusion line to reference Nick's clone
[07:21] Martin Sarabura (PTC): PROMCODE also wanted some changes
[07:21] Martin Sarabura (PTC): Steve was travelling and unable to accommodate
[07:22] Martin Sarabura (PTC): Two possible homes: Steve's or Nicks; discussing with OASIS whether they will host a hub. Will not allocate resources to maintain it
[07:23] Martin Sarabura (PTC): OASIS proposed that we host it in a neutral location and then all other TCs could use it
[07:23] Martin Sarabura (PTC): Still not yet agreed by OASIS staff
[07:24] Martin Sarabura (PTC): What should the repo be and format in which we publish?
[07:24] Martin Sarabura (PTC): Edit the specs in respec - that's our "authoritative source" and we publish in authoritative, html and pdf
[07:25] Martin Sarabura (PTC): Click on "respec" button in upper right to support downloading in various formats including html. pdf can be generated from that
[07:26] Martin Sarabura (PTC): Steve could add Nick as committer to his repository.
[07:27] Martin Sarabura (PTC): Steve may have some time to work on oslc-related stuff and is somewhat involved in promcode tc
[07:29] Martin Sarabura (PTC): Using Steve's repository adds work, and he won't be primary author anyway.
[07:29] Martin Sarabura (PTC): Martin: That's the nature of open-source development, continue to credit him
[07:30] Martin Sarabura (PTC): Proposal: [07:30] Martin Sarabura (PTC): Shift over to Nick's repo [07:32] Martin Sarabura (PTC): Jim: What is the risk if Nick became unavailable?
[07:33] Martin Sarabura (PTC): Nick: Didn't take too long to build new repo. Readme in the project that describes how to build. Confirms that the instructions are correct
[07:34] Martin Sarabura (PTC): Therefore risk is small; some risk of proliferation of repos
[07:35] Martin Sarabura (PTC): Steve is willing to accept pull requests back.
[07:35] Martin Sarabura (PTC): Need to squash them first [07:35] Martin Sarabura (PTC): Seconded by Martin S [07:36] Jim Amsden (IBM): +1 [07:36] David Honey (IBM): +1 [07:36] ian green (ibm): img: +1 [07:36] Martin Sarabura (PTC): +1 [07:36] Martin Pain (IBM)2: +1 [07:36] Harish (SoftwareAG): +1 [07:36] Nick Crossley (IBM): +1 [07:36] Martin Sarabura (PTC): Accepted [07:37] Martin Sarabura (PTC): Nick will let Steve know and why, request that he pull the changes back to keep them in sync
[07:38] Martin Sarabura (PTC): Next one? Issue 40 - potential click jacking issue for delegated dialogs
[07:38] Martin Sarabura (PTC):
https://issues.oasis-open.org/browse/OSLCCORE-40 [07:40] Martin Sarabura (PTC): Jim: Ignore any messages you are not expecting
[07:40] Martin Sarabura (PTC): Just augment the wording to say this
[07:41] Martin Sarabura (PTC): Martin P: UI provider is the one under attack
[07:42] Martin Sarabura (PTC): Martin P: User must be tricked into opening a malicious page which loads an iFrame onto a public site
[07:43] Martin Sarabura (PTC): Covers that iFrame with some other UI which encourage the user to click on it.
[07:43] Martin Sarabura (PTC): Worst case provide credentials to malicious server
[07:43] Martin Sarabura (PTC): Variation: iFrame inside iFrame
[07:44] Martin Sarabura (PTC): That requires the administrator to configure the malicious server as trusted
[07:44] Martin Sarabura (PTC): Ian: Malicious server configured as OSLC provider?
[07:45] Martin Sarabura (PTC): Ian: Subject to user authentication via cookie but not client auth via oauth
[07:46] Martin Sarabura (PTC): Jim: We don't control what servers put into the iFrame, can't get rid of delegated dialogs
[07:47] Martin Sarabura (PTC): Martin P: Whitelists would be detrimental to goal of OSLC integration\
[07:48] Martin Sarabura (PTC): Shift social engineering vector to administrator rather than regular user
[07:48] Martin Sarabura (PTC): Jim: Can't force particular authentication method.
[07:49] Martin Sarabura (PTC): Can suggest recommending OAuth over basic, warn users
[07:49] Martin Sarabura (PTC): Martin P: If we can provide example of how using OAuth could help that would be helpful
[07:50] Martin Sarabura (PTC): Jim: Martin P write up a paragraph?
[07:50] Martin Sarabura (PTC): Martin P action item [07:51] Martin Sarabura (PTC): Mike Saylor could be used as a SME to guide us
[07:54] Martin Sarabura (PTC):
https://issues.oasis-open.org/browse/OSLCCORE-16 [07:54] Martin Sarabura (PTC): Discovery should include text about vocabulary discovery
[07:54] Martin Sarabura (PTC): section 5 just before uml diagram
[07:55] Jim Amsden (IBM):
http://tools.oasis-open.org/version-control/browse/wsvn/oslc-core/trunk/specs/discovery.html
[07:57] Martin Sarabura (PTC): The "must" should be capitalized
[07:58] Martin Sarabura (PTC): Nick: Probably a SHOULD instead of MUST anyway
[07:58] Martin Sarabura (PTC): Jim: Agreed [07:59] Martin Sarabura (PTC): Two MUSTs and a SHOULD in the normative paragraph
[07:59] Martin Sarabura (PTC): First MUST -> SHOULD, other SHOULD in caps
[08:00] Martin Sarabura (PTC): Jim: Propose we close the issue and see what other feedback we get from review
[08:03] Martin Sarabura (PTC): As a policy, if anybody has problems with closing an issue we will reopen it
[08:04] Martin Sarabura (PTC): Next:
https://issues.oasis-open.org/browse/OSLCCORE-1 [08:05] Martin Sarabura (PTC): Ian to add scenario to
https://wiki.oasis-open.org/oslc-core/DeletgatedUIUseCases [08:06] Martin Sarabura (PTC): Servers can expose any available methods to improve resource selection experience
[08:07] Martin Sarabura (PTC): Ian: Pattern of use where user is required to pick a configuration, but there are constraints to the configuration they can choose, host application knows the nature of the constraint.
[08:07] Martin Sarabura (PTC): User would like to not be presented with invalid options
[08:08] Martin Sarabura (PTC): How does host of delegated ui pass that information to the delegated ui
[08:08] Martin Sarabura (PTC): Martin: Use POST to pre-fill dialog
[08:09] Martin Sarabura (PTC): Just like creation dialog [08:09] Martin Sarabura (PTC): Ian: Behavior in that case is not defined anywhere
[08:10] Martin Sarabura (PTC): Jim: Helpful to have a written-up use case
[08:10] Martin Sarabura (PTC): Jim: Pre-fill based on shape of dialog
[08:11] Martin Sarabura (PTC): Ian: Need coherent thread in case of wizard, for example
[08:13] Martin Sarabura (PTC): Ian: This is a real use case, should be documented at some level. Not standardized
[08:13] Martin Sarabura (PTC): Nick: Precedent in resize [08:14] Martin Sarabura (PTC): Nick: Nothing inconsistent in defining a possible method
[08:14] Martin Sarabura (PTC): Ian: Customers keen to see development on this point
[08:15] Martin Sarabura (PTC): Concerned that usability will drop for lack of context
[08:17] Martin Sarabura (PTC): Jim: Integration supposed to be loosely coupled. Need a place to create mediators
[08:18] Martin Sarabura (PTC): Ian: Like resource shapes - talking about richer constraints than just the basic standard
[08:18] Martin Sarabura (PTC): Jim: When you integrate tools, currently we allow links across them created via select/create dialogs
[08:19] Martin Sarabura (PTC): Issues are that user in both tools can't provide integrated context. No way to save context across tools
[08:20] Martin Sarabura (PTC): Better to create mediator application whose responsibility it is to integrate the domains, put the interface into that application, and don't try to push that down into the individual tools
[08:20] Martin Sarabura (PTC): Avoid coupling the tools [08:21] Martin Sarabura (PTC): Ian: What we have currently is too weak and yet they seem natural constraints
[08:22] Martin Sarabura (PTC): Ian to write down scenario and how we might recommend their resolution
[08:22] Martin Sarabura (PTC): Do it on the issue (1) [08:22] Martin Sarabura (PTC): Action item: Ian to augment issue 1 to describe scenario
[08:23] Martin Sarabura (PTC): Next: Issue 39 [08:23] Martin Sarabura (PTC):
https://issues.oasis-open.org/browse/OSLCCORE-39 [08:23] Martin Sarabura (PTC): Names and descriptions of impact analysis direction properties are misleading
[08:24] Martin Sarabura (PTC): Define upstream and downstream relative to order of development - downstream comes after upstream
[08:24] Martin Sarabura (PTC): So requirements are often upstream and tests are written to validae the requirements - they are downstream
[08:25] Martin Sarabura (PTC): Tool needs to know which artifacts are upstream and which are down
[08:25] Martin Sarabura (PTC): Links should point upstream from downstream. Link stored in the subject of the triple
[08:26] Martin Sarabura (PTC): Upstream is developed first and baselined while downstream development continues
[08:26] Martin Sarabura (PTC): Can't easily create a link from up to downstream
[08:27] Martin Sarabura (PTC): Want to indicate which way the impact goes on the link
[08:27] Martin Sarabura (PTC): Impact could be symmetric, or no impact, or upstream or downstream
[08:28] Martin Sarabura (PTC): Vocabulary is wrong - impact is always downstream
[08:28] Martin Sarabura (PTC): Link pointing upstream and impact goes the opposite direction
[08:29] Martin Sarabura (PTC): Want to capture the correct vocabulary as part of the core
[08:30] Martin Sarabura (PTC): Trying to express idea that impact goes in opposite direction of link
[08:31] Martin Sarabura (PTC): Jim: OK to shift meeting by a half hour for next three instances
[08:32] Martin Sarabura (PTC): Jim: With issues winding down we should start shifting focus towards getting to public review
[08:33] Martin Sarabura (PTC): Please review all specs and submit reviews
[08:33] Martin Sarabura (PTC): Done via emails to core distribution list - real issues should be posted to Jira
[08:33] Martin Sarabura (PTC): Meeting adjourned |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]