FYI: IETF Token Binding Working Group formed (tokbind)

[Arthur Barstow]

FYI (the IETF formally started the Token Binding Working Group).

 Forwarded Message 
Subject: WG Action: Formed Token Binding (tokbind)
Date: Wed, 11 Mar 2015 15:13:05 -0700
From: The IESG 
Reply-To: i...@ietf.org
To: IETF-Announce 
CC: tokbind WG 

A new IETF working group has been formed in the Security Area. For
additional information please contact the Area Directors or the WG
Chairs.

Token Binding (tokbind)

Current Status: Proposed WG

Chairs:
  John Bradley 
  Leif Johansson 

Assigned Area Director:
  Stephen Farrell 

Mailing list
  Address: unbeara...@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/unbearable
  Archive: http://www.ietf.org/mail-archive/web/unbearable/

Charter:


Web services generate various security tokens (e.g. HTTP cookies, OAuth
tokens, etc.) for web applications to access protected resources.
Currently these are bearer tokens, i.e. any party in possession of such
token gains access to the protected resource. Attackers export bearer
tokens from client machines or from compromised network connections,
present these bearer tokens to Web services, and impersonate
authenticated users. Token Binding enables defense against such attacks
by  cryptographically binding security tokens to a secret held by the
client.

The tasks of this working group are as follows:

1. Specify the Token Binding protocol v1.0.
2. Specify the use of the Token Binding protocol in combination with
HTTPS.

It is a goal of this working group to enable defense against attacks that
involve unauthorized replay of security tokens. Other issues associated
with the use of security tokens are out of scope. Another goal of this
working group is to design the Token Binding protocol such that it would
be also useable with application protocols other than HTTPS. Specifying
alternative application protocols is not a primary goal.

The main design objectives for the Token Binding protocol, in no
particular order:

1. Allow applications and services to prevent unauthorized replay of
security tokens.
2. Allow strong key protection, e.g. using hardware-bound keys.
3. Support both first-party (server generates a token for later use with
this server) and federation (server generates a token for use with
another server) scenarios.
4. Preserve user privacy.
5. Make the Token Binding protocol useable in combination with a variety
of application protocols.
6. Allow the negotiation of the Token Binding protocol without additional
round-trips.
7. Allow the use of multiple cryptographic algorithms, so that a variety
of securehardware modules with different cryptographic capabilities
could be used with Token Binding.
8. Propose Token Binding specification that can be implemented in Web
browsers (but is not limited to them). E.g. Web browsers require that the
same bound security token must be presentable over multiple TLS sessions
and connections.

The working group will use the following documents as a starting point
for its work:

- draft-popov-token-binding-00;
- draft-balfanz-https-token-binding-00.

This WG will collaborate with other IETF WGs, in particular with the TLS,
HTTPbis and Oauth WGs and with the W3C webappsec WG.


Milestones:
  Jan 2016 - HTTPS Token Binding to IESG.
  Jan 2016 - WG document for the Token Binding Protocol v1.0.
  Jan 2016 - WG document for HTTPS Token Binding.
  Jan 2016 - Token Binding Protocol v1.0 to IESG.

Re: Extending HTMLCanvasElement in Custom Element issue

[Dimitri Glazkov]

There could be more details there, but here's the summary of the problem:
https://wiki.whatwg.org/wiki/Custom_Elements#Subclassing_existing_elements

:DG<

On Wed, Mar 11, 2015 at 7:17 AM, Халитов Кирилл  wrote:

> Hello. My issue is described there
> 
>  .
>
> But I did not solve its fully. Why can not I create a pure custom canvas
> element with a full functionality like in my example code?
>
> --
> *С уважением*
> *Кирилл Халитов*
>

Re: IndieUI Teleconference Agenda; 18 March at 21:00Z

[Andy Heath]

Katie - thanks - yes I received Janina's mail (and Jason's) and knew. The 
reason these mails came out now, after the fact, is because I changed my email 
address and W3 list servs mailed me inviting my authorisation of my new email 
address, which I only just did - then it emptied it's caches of my held mails 
leading to this misunderstanding. Thanks again, all is well.

Andy

Sent from my iPad

> On 11 Mar 2015, at 17:27, Katie Haritos-Shea GMAIL  wrote:
> 
> Andy,
> 
> It is the 18th. Janina did reply to you because I got it, but maybe that
> missed you.:-)
> 
> 
> 
> * katie *
>  
> Katie Haritos-Shea 
> Senior Accessibility SME (WCAG/Section 508/ADA/AODA)
>  
> Cell: 703-371-5545 | ryla...@gmail.com | Oakton, VA | LinkedIn Profile |
> Office: 703-371-5545
> 
> -Original Message-
> From: Andy Heath [mailto:andyhe...@axelafa.com] 
> Sent: Tuesday, March 10, 2015 4:43 PM
> To: Janina Sajka; public-indie...@w3.org
> Cc: public-editing...@w3.org; public-webapps@w3.org
> Subject: Re: IndieUI Teleconference Agenda; 18 March at 21:00Z
> 
> Hi, Janina can you clarify whether this is for the 11th or the 18th please.
> The last couple of weeks or so it has been "18th" in conversations (and what
> I put in my diary at the time of the conversations).  The subject here says
> 18th but the body says 11th.
> 
> ?
> 
> My hope is its 18th because that's easier for me than 11th.
> 
> Best
> 
> andy
> 
>> On 10/03/2015 13:36, Janina Sajka wrote:
>> Cross-posting as is now usual ...
>> 
>> IMPORTANT: The U.S. is now on Daylight Time. Please carefully confirm 
>> the time of this teleconference in your time zone using the resources 
>> enumerated below.
>> 
>> What:IndieUI Task Force Teleconference
>> When:Wednesday 11 March
>> 2:00 PMSan Francisco -- U.S. Pacific  Time(PDT: UTC -7)
>> 4:00 PMAustin -- U.S. Central  Time(CDT: UTC -5)
>> 5:00 PMBoston -- U.S. Eastern  Time(EDT: UTC -4)
>> 9:00 PMLondon -- British  Time(BST: UTC +0)
>>10:00 PMParis -- Central European Time(CET: UTC +1)
>> 5:00 AMBeijing -- China Standard Time(Thursday, 12 
>> March CST: UTC +8)
>> 6:00 AMTokyo -- Japan Standard Time(Thursday, 12 
>> March JST: UTC +9)
>> Where:W3C Teleconference--See Below
>> 
>> * Time of day conversions
>> 
>> Please verify the correct time of this meeting in your time zone using 
>> the Fixed Time Clock at:
>> 
>> http://timeanddate.com/worldclock/fixedtime.html?msg=IndieUI+Teleconfe
>> rence&iso=20150311T1700&p1=43&ah=1
>> 
>> 
>> ** Preliminary Agenda for IndieUI Task Force Teleconference 11 March 
>> 2015
>> 
>> Meeting: IndieUI Task Force Teleconference
>> Chair:Janina_Sajka
>> agenda+ preview agenda with items from two minutes
>> agenda+Future of the IndieUI WG & TF -- Janina
>> agenda+Schema.org Mappings -- Rich & Andy [See Below]
>> agenda+Checkin with Web Apps' Editing TF [See below] Editors' 
>> agenda+ Reports User Context Issues & Actions
>> https://www.w3.org/WAI/IndieUI/track/products/3
>> agenda+ Events Issues & Actions
>> https://www.w3.org/WAI/IndieUI/track/products/2
>> agenda+ Other Business
>> agenda+Be Done
>> 
>> Resource: Schema.org meta data mapping to Indie UI User context
>> https://docs.google.com/spreadsheets/d/1pb92piOlud5sXQadXYnbmtp9LCut26
>> gv8ku-qqZTwec/edit#gid=0
>> 
>> 
>> Resource: Teleconference Minutes
>> http://www.w3.org/2015/02/04-indie-ui-minutes.html
>> 
>> Resource: Web Apps Editing TF
>> Editing Explainer:http://w3c.github.io/editing-explainer/
>> User Intentions: 
>> http://w3c.github.io/editing-explainer/commands-explainer.html
>> 
>> Resource: For Reference
>> Home Page:http://www.w3.org/WAI/IndieUI/
>> Email Archive: http://lists.w3.org/Archives/Public/public-indie-ui/
>> 
>> Resource: Teleconference Logistics
>> Dial the Zakim bridge using either SIP or the PSTN.
>> PSTN: +1.617.761.6200 (This is a U.S. number).
>> SIP: za...@voip.w3.org
>> You should be prompted for a pass code, This is 46343#
>> (INDIE#)
>> 
>> Alternatively, bypass the Zakim prompts and SIP directly into our 
>> teleconference.
>> SIP: 0046...@voip.w3.org
>> 
>> Instructions for connecting using SIP:
>> http://www.w3.org/2006/tools/wiki/Zakim-SIP
>> Place for users to contribute additional VoIP tips.
>> http://www.w3.org/2006/tools/wiki/Zakim-SIP-tips
>> 
>> IRC: server: irc.w3.org, channel: #indie-ui.
>> 
>> During the conference you can manage your participation with Zakim 
>> commands as follows:
>>   61# to mute yourself
>>   60# to unMute yourself
>>   41# to raise your hand (enter speaking queue)
>>   40# to lower your hand (exit speaking queue)
>> 
>> The system acknowledges these commands with a rapid, three-tone 
>> confirmation.  Mobile phone users especially should use the mute 
>> function if they don't have a mute function in their phone.  But the 
>> hand-raising function is a good idea for anyone not using IRC.

RE: IndieUI Teleconference Agenda; 18 March at 21:00Z

[Katie Haritos-Shea GMAIL]

Andy,

It is the 18th. Janina did reply to you because I got it, but maybe that
missed you.:-)



* katie *
 
Katie Haritos-Shea 
Senior Accessibility SME (WCAG/Section 508/ADA/AODA)
 
Cell: 703-371-5545 | ryla...@gmail.com | Oakton, VA | LinkedIn Profile |
Office: 703-371-5545

-Original Message-
From: Andy Heath [mailto:andyhe...@axelafa.com] 
Sent: Tuesday, March 10, 2015 4:43 PM
To: Janina Sajka; public-indie...@w3.org
Cc: public-editing...@w3.org; public-webapps@w3.org
Subject: Re: IndieUI Teleconference Agenda; 18 March at 21:00Z

Hi, Janina can you clarify whether this is for the 11th or the 18th please.
The last couple of weeks or so it has been "18th" in conversations (and what
I put in my diary at the time of the conversations).  The subject here says
18th but the body says 11th.

?

My hope is its 18th because that's easier for me than 11th.

Best

andy

On 10/03/2015 13:36, Janina Sajka wrote:
> Cross-posting as is now usual ...
>
> IMPORTANT: The U.S. is now on Daylight Time. Please carefully confirm 
> the time of this teleconference in your time zone using the resources 
> enumerated below.
>
> What:IndieUI Task Force Teleconference
> When:Wednesday 11 March
>  2:00 PMSan Francisco -- U.S. Pacific  Time(PDT: UTC -7)
>  4:00 PMAustin -- U.S. Central  Time(CDT: UTC -5)
>  5:00 PMBoston -- U.S. Eastern  Time(EDT: UTC -4)
>  9:00 PMLondon -- British  Time(BST: UTC +0)
> 10:00 PMParis -- Central European Time(CET: UTC +1)
>  5:00 AMBeijing -- China Standard Time(Thursday, 12 
> March CST: UTC +8)
>  6:00 AMTokyo -- Japan Standard Time(Thursday, 12 
> March JST: UTC +9)
> Where:W3C Teleconference--See Below
>
> * Time of day conversions
>
> Please verify the correct time of this meeting in your time zone using 
> the Fixed Time Clock at:
>
> http://timeanddate.com/worldclock/fixedtime.html?msg=IndieUI+Teleconfe
> rence&iso=20150311T1700&p1=43&ah=1
>
>
> ** Preliminary Agenda for IndieUI Task Force Teleconference 11 March 
> 2015
>
> Meeting: IndieUI Task Force Teleconference
> Chair:Janina_Sajka
> agenda+ preview agenda with items from two minutes
> agenda+Future of the IndieUI WG & TF -- Janina
> agenda+Schema.org Mappings -- Rich & Andy [See Below]
> agenda+Checkin with Web Apps' Editing TF [See below] Editors' 
> agenda+ Reports User Context Issues & Actions
> https://www.w3.org/WAI/IndieUI/track/products/3
> agenda+ Events Issues & Actions
> https://www.w3.org/WAI/IndieUI/track/products/2
> agenda+ Other Business
> agenda+Be Done
>
> Resource: Schema.org meta data mapping to Indie UI User context
> https://docs.google.com/spreadsheets/d/1pb92piOlud5sXQadXYnbmtp9LCut26
> gv8ku-qqZTwec/edit#gid=0
>
>
> Resource: Teleconference Minutes
> http://www.w3.org/2015/02/04-indie-ui-minutes.html
>
> Resource: Web Apps Editing TF
> Editing Explainer:http://w3c.github.io/editing-explainer/
> User Intentions: 
> http://w3c.github.io/editing-explainer/commands-explainer.html
>
> Resource: For Reference
> Home Page:http://www.w3.org/WAI/IndieUI/
> Email Archive: http://lists.w3.org/Archives/Public/public-indie-ui/
>
> Resource: Teleconference Logistics
> Dial the Zakim bridge using either SIP or the PSTN.
> PSTN: +1.617.761.6200 (This is a U.S. number).
> SIP: za...@voip.w3.org
> You should be prompted for a pass code, This is 46343#
> (INDIE#)
>
> Alternatively, bypass the Zakim prompts and SIP directly into our 
> teleconference.
> SIP: 0046...@voip.w3.org
>
> Instructions for connecting using SIP:
> http://www.w3.org/2006/tools/wiki/Zakim-SIP
> Place for users to contribute additional VoIP tips.
> http://www.w3.org/2006/tools/wiki/Zakim-SIP-tips
>
> IRC: server: irc.w3.org, channel: #indie-ui.
>
> During the conference you can manage your participation with Zakim 
> commands as follows:
>61# to mute yourself
>60# to unMute yourself
>41# to raise your hand (enter speaking queue)
>40# to lower your hand (exit speaking queue)
>
> The system acknowledges these commands with a rapid, three-tone 
> confirmation.  Mobile phone users especially should use the mute 
> function if they don't have a mute function in their phone.  But the 
> hand-raising function is a good idea for anyone not using IRC.
>
> * IRC access
>
> An IRC channel will be available. The server is irc.w3.org, The port 
> number is 6665 (Note this is not the normal default) and The channel 
> is #indie-ui.
>
> * Some helpful Scribing and Participation Tips 
> http://www.w3.org/WAI/PF/wiki/Teleconference_cheat_sheet
>
> For more on the IRC setup and the robots we use for agenda and speaker 
> queuing and for posting the log to the web, see:
>
> - For RRSAgent, that captures and posts the log with special attention 
> to action items:
> http://www.w3.org/2002/03/RRSAgent
>
> - For Zakim, the IRC interface to the bridge manager, that will 
> maintain speak

Re: IndieUI Teleconference Agenda; 18 March at 21:00Z

[Andy Heath]

Hi, Janina can you clarify whether this is for the 11th or the 18th 
please.  The last couple of weeks or so it has been "18th" in 
conversations (and what I put in my diary at the time of the 
conversations).  The subject here says 18th but the body says 11th.


?

My hope is its 18th because that's easier for me than 11th.

Best

andy

On 10/03/2015 13:36, Janina Sajka wrote:

Cross-posting as is now usual ...

IMPORTANT: The U.S. is now on Daylight Time. Please carefully confirm
the time of this teleconference in your time zone using the resources
enumerated below.

What:IndieUI Task Force Teleconference
When:Wednesday 11 March
 2:00 PMSan Francisco -- U.S. Pacific  Time(PDT: UTC -7)
 4:00 PMAustin -- U.S. Central  Time(CDT: UTC -5)
 5:00 PMBoston -- U.S. Eastern  Time(EDT: UTC -4)
 9:00 PMLondon -- British  Time(BST: UTC +0)
10:00 PMParis -- Central European Time(CET: UTC +1)
 5:00 AMBeijing -- China Standard Time(Thursday, 12 
March CST: UTC +8)
 6:00 AMTokyo -- Japan Standard Time(Thursday, 12 
March JST: UTC +9)

Where:W3C Teleconference--See Below

* Time of day conversions

Please verify the correct time of this meeting in your time zone using
the Fixed Time Clock at:

http://timeanddate.com/worldclock/fixedtime.html?msg=IndieUI+Teleconference&iso=20150311T1700&p1=43&ah=1 



** Preliminary Agenda for IndieUI Task Force Teleconference 11 March 2015

Meeting: IndieUI Task Force Teleconference
Chair:Janina_Sajka
agenda+ preview agenda with items from two minutes
agenda+Future of the IndieUI WG & TF -- Janina
agenda+Schema.org Mappings -- Rich & Andy [See Below]
agenda+Checkin with Web Apps' Editing TF [See below]
agenda+ Editors' Reports
agenda+ User Context Issues & Actions 
https://www.w3.org/WAI/IndieUI/track/products/3
agenda+ Events Issues & Actions 
https://www.w3.org/WAI/IndieUI/track/products/2

agenda+ Other Business
agenda+Be Done

Resource: Schema.org meta data mapping to Indie UI User context
https://docs.google.com/spreadsheets/d/1pb92piOlud5sXQadXYnbmtp9LCut26gv8ku-qqZTwec/edit#gid=0 



Resource: Teleconference Minutes
http://www.w3.org/2015/02/04-indie-ui-minutes.html

Resource: Web Apps Editing TF
Editing Explainer:http://w3c.github.io/editing-explainer/
User Intentions: 
http://w3c.github.io/editing-explainer/commands-explainer.html


Resource: For Reference
Home Page:http://www.w3.org/WAI/IndieUI/
Email Archive: http://lists.w3.org/Archives/Public/public-indie-ui/

Resource: Teleconference Logistics
Dial the Zakim bridge using either SIP or the PSTN.
PSTN: +1.617.761.6200 (This is a U.S. number).
SIP: za...@voip.w3.org
You should be prompted for a pass code,
This is
46343#
(INDIE#)

Alternatively, bypass the Zakim prompts and SIP directly into our
teleconference.
SIP: 0046...@voip.w3.org

Instructions for connecting using SIP:
http://www.w3.org/2006/tools/wiki/Zakim-SIP
Place for users to contribute additional VoIP tips.
http://www.w3.org/2006/tools/wiki/Zakim-SIP-tips

IRC: server: irc.w3.org, channel: #indie-ui.

During the conference you can manage your participation with Zakim
commands as follows:
   61# to mute yourself
   60# to unMute yourself
   41# to raise your hand (enter speaking queue)
   40# to lower your hand (exit speaking queue)

The system acknowledges these commands with a rapid, three-tone
confirmation.  Mobile phone users especially should use the mute
function
if they don't have a mute function in their phone.  But the hand-raising
function is a good idea for anyone not using IRC.

* IRC access

An IRC channel will be available. The server is
irc.w3.org,
The port number is 6665 (Note this is not the normal default) and
The channel is #indie-ui.

* Some helpful Scribing and Participation Tips
http://www.w3.org/WAI/PF/wiki/Teleconference_cheat_sheet

For more on the IRC setup and the robots we use for agenda and speaker
queuing and for posting the log to the web, see:

- For RRSAgent, that captures and posts the log with special attention
to action items:
http://www.w3.org/2002/03/RRSAgent

- For Zakim, the IRC interface to the bridge manager, that will
maintain speaker and agenda queues:
http://www.w3.org/2001/12/zakim-irc-bot

- For a Web gateway to IRC you can use if your network administrators
forbid IRC, see:
http://www.w3.org/2001/01/cgi-irc

- For more on W3C use of IRC see:
http://www.w3.org/Project/IRC/



andy
andyhe...@axelafa.com
--
__
Andy Heath
http://axelafa.com
Note I'm my moving email to the one above. It will help if, whatever address 
you received this from, you can reply to andyhe...@axelafa.com.  If you can 
change your address book and always reply to the new one that's even better, 
and if you manage any lists I'm subscribed to and can change my subscription 
you deserve a medal (or a drink when I see you).

Extending HTMLCanvasElement in Custom Element issue

[Халитов Кирилл]

Hello. My issue is described there

 .

But I did not solve its fully. Why can not I create a pure custom canvas
element with a full functionality like in my example code?

-- 
*С уважением*
*Кирилл Халитов*