Raw chat trace from #35 on 2019-04-17

["Chris Meyer (Myriad Consulting Inc)" <v-chrmey@microsoft.com>]

anonymous morphed into Michael C. Fanning

anonymous morphed into [Co-Chair] David Keaton

[Co-Chair] David Keaton: Time

09:30-11:30 PDT

16:30-19:30 UTC

Meeting Chat Location

http://webconf.soaphub.org/conf/room/sarif

Meeting Audio and Screen Sharing

https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZmQ2ZmUyOTUtZjBmOC00MTMyLWIzMDQtYTRhYjY1OTU1NDAz%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2230165b06-8cc2-49da-938d-e00658ccc86a%22%7d

1. Opening Activities

1.1 Opening comments (Co-Chair Keaton)

1.2 Introduction of participants/roll call (Co-Chair Cartey)

1.3 Procedures for this meeting (Co-Chair Keaton)

1.4 Approval of agenda (Co-Chair Keaton)

1.5 Approval of previous minutes [Minutes of 2019-04-03 Meeting#34] (Co-Chair Keaton)

1.6 Review of action items and resolutions (Secretary Meyer)

1.7 Identification of SARIF TC voting members (Co-Chair Cartey)

1.7.1 Prospective members attending their first meeting

1.7.2 Members attaining voting rights at the end of this meeting

1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends

1.7.4 Members who previously lost voting rights who are attending this meeting

1.7.5 Members who have declared a leave of absence

2. Timeline Status

2.1 Note where we are on the schedule [SARIF TC Timeline] (Co-Chair Keaton)

         - Propose voting out CSD 2 by e-ballot following this meeting

3. Future Meetings

3.1 Future meeting schedule (Co-Chair Keaton)

The next meeting date depends on how quickly OASIS is able to schedule the public review.

Meeting to be scheduled after CSD 14-day public review plus 7-day waiting period.

Possibly May 15, 2019.

4. Document Progress (Co-Editors Golding and Fanning)

4.1 Editors' report

4.2 Feedback on issues yet to be merged

4.2.1 Any issues on which the editors desire feedback before producing the final draft

4.3 Discussion of new changes, as needed

The following are the issues addressed since the last meeting, most recent first. The committee may choose to discuss some or all of these issues depending on whether anyone would like to receive clarification or provide feedback.

4.3.1 Miscellaneous items [#376] [change draft]

4.3.2 Define an object type for the value of run.externalPropertyFileReferences [#266] [change draft]

4.3.3 Rule id-related issues [#364] [#365] [change draft]

4.3.4 Miscellaneous issues [#371] [#372] [#373] [#374] [change draft]

4.3.5 originalUriBaseIds and uri resolution [#358] [change draft]

4.3.6 artifact.artifactLocation => location; attachment.artifactLocation => location [#368] [change draft]

4.3.7 Miscellaneous issues [#366] [#367] [#369] [#370] [change draft]

4.3.8 Allow the artifactIndex property to be absent when the artifactLocation is within an artifact [#363] [change draft]

4.3.9 Define request and response objects [#362] [change draft]

4.3.10 state variables should not have syntax restriction and s/be multiformat strings [#361] [change draft]

4.3.11 Constraints in state objects [#359] [change draft]

4.3.12 Express taxonomy relationships to rules [#356] [change draft]

4.3.13 Default toolComponent.associatedComponent to theTool.driver [#357] [change draft]

4.3.14 Modify look-up procedure to look for the "closest" string first, then choose your preferred format [#354] [change draft]

4.3.15 Refine URL normalization guidance for file URLS [#355] [change draft]

4.4 Any final items to discuss before CSD 2 e-ballot

5. Other Business

6. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)

6.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton)

6.2 Review of Decisions Reached (Secretary Meyer)

6.3 Review of Action Items (Secretary Meyer)

7. Next Meeting

To be scheduled after CSD 14-day public review plus 7-day waiting period.

Possibly May 15, 2019.

8. Adjournment

[Co-Chair] David Keaton: Agenda link:  https://www.oasis-open.org/committees/download.php/65155/agenda_20190417.html

Chris Meyer: Next meeting TBD depending on OASIS

Chris Meyer: Discussion of issue 378

Chris Meyer: Discuss issue 377

Chris Meyer: Discussion of issue 375

Larry Golding: Motion to approve these change:

Larry Golding: #375: location relationships

 

physicalLocation.id => location.id

location.relatedTo:integer (current-result-scoped)

location.relationshipKinds:string[]

 

 

#377: redaction tokens in path

 

run.redactionToken:string => run.redactionTokens:string[]

 

 

#378: request failures

 

request.noResponseReceived:boolean, default: false

request.failureReason:string

Larry Golding: Approved

Larry Golding: Katrina: They have "helper rules" associated with tFLs, for example: "If the input to string.substr is tainted, so is the return value"

Chris Meyer: New issue #381 Expand ability to associate reporting metadata with thread flow locations

Michael C. Fanning: I move to accept item #381

Chris Meyer: Motion to approve #381

Michael C. Fanning: Add threadFlowLocation.taxa, an array of reportingDescriptorReferences, the default location of which (in case where only the RDR index is provided) is the relevant tool component rules data.

Chris Meyer: Approved

Chris Meyer: 4.3 Discussion of new changes

Chris Meyer: None

Chris Meyer: 4.4 Final items

Chris Meyer: Discussion of final balloting procedures

Chris Meyer: Discussion of public comment period

Chris Meyer: Next meeting depends on OASIS TC admin process

Chris Meyer: Earliest ~May 15th

Chris Meyer: Adjourned at 16:22 UTC