TC conference call - 26. August 2015

Jump to: navigation, search
TC conference call - 26. August 2015
Title TC call
Location Google Hangout
Date Start 2015/08/26
Date End 2015/08/26
Tags
Description

Agenda

  1. Guidelines for licensing - added content "the DINA project is not requiring transfer copyright"
  2. Guidelines for style - logotype license, stronger font
  3. Accesibility - Web Content Accessibility Guidelines 2.0, WCOG 2.0, tools for testing our applications, Glen Newton
  4. Presentation of OWASP requirements (Open Web Application Security Project), Glen Newton
  5. Agenda for DINA Technical workshop Copenhagen
  6. "SETF" mailinglist - auto managed or alternatives, MfN or closed Google group
  7. SeqDB installation Stockholm
  8. SeqDB web service announcement
  9. Any other business, please add more items here!

Minutes

Present: Ingimar, Kevin, Karin, Satpal, Nazir, Glen, Falko, Kessy, Elspeth, Rob, Thomas and David

Decision on guidelines for licensing

TC members expressed a preference for the MIT license for DINA code, which will be recommended to the DINA Steering Group at their next meeting. Both SeqDB and the DINA Data Tool have been developed in compliance with this license. Whether there needs to be one type of license for all DINA components is unclear. In Canada, for example, the Director has the final word on licensing so choosing a single license for DINA software may not be a useful goal. Creative Commons, version 4, is the content license preferred by TC members although we discussed the pros and cons for "share-alike" and "non-commercial" options. The Swedish government recommends cc-by; other TC members suggested cc-by-nc-sa (Edinburgh) or cc-by-sa (Berlin).

Decision on guidelines for style

The TC recommendation to the Steering Committee is that style choice should follow WK2 accessibility guidelines. Choice of web fonts is not considered a responsibility of TC, nor is any font required for a DINA compliant web interface. Maintaining a list of font types in use or under evaluation was noted, however, as desirable.

Web Content Accessibility Guidelines 2.0, WCOG 2.0

Glen gave a short lecture on Web Content Accessibility Guidelines. The degree of web content accessibility can be improved by testing web interfaces with at least two tools during development. Section 508 and WK2 standards were strongly suggested for evaluating web content accessibility, during which one answers questions such as “What level of adherence do we need with respect to WK2?” There are some difficulties in understanding, however, target levels when specific failures to meet a standard are not listed explicitly.

Favoured tools for accessibility testing would allow developers to describe the details of standard adherence, provided to users by, for example, html output. An “accepted minimum” may be a useful principle for DINA development combined with a high ideal level of adherence (e.g., "go for single A and try for triple A"). The tests should also be sophisticated enough to test dynamic pages, specifically, those developed using AJAX (whose tests scores might otherwise be incorrectly characterised as meeting 100% standard adherence). Recommended tools: http://wave.webaim.org, http://achecker.ca/checker/index.php

Open Web Application Security Project (OWASP)

Glen presented OWASP, and its associated Java-based web testing tools, and outlined principles and the importance of security tests for TC web development. Security testing represents good practice for developer groups and has both political and practical benefits. The “OWASP Ten” provides a good baseline for evaluating security (see: https://www.owasp.org/index.php/Top_10_2013-Top_10). In this respect, OWASP would be helpful in identifying the most egregious website vulnerabilities. Security issues may include service dependencies that must be tested in different ways but should be included in TC practices (e.g., vulnerabilities to SQL injection).

Since May 2015, Glen has used OWASP tools to test over 150 websites in Canada. A proposal for the TC group is to test and post results (OWASP report) on GitHub : for every software release. Satpal has implemented security tests for SeqDB that are available for TC members to examine in more depth: http://search.maven.org/#artifactdetails.org/owasp/dependency-check-maven/1.3.0/maven-plugin

Agenda for DINA Technical Workshop, Copenhagen

The meeting will start at midday to allow all participants time to arrive at Copenhagen, with updates on modules expected as an early agenda item. Demonstrations and discussions have been suggested (e.g., WCAG, security, best practices, securing packages for vagrant boxes). The hackathon portion of the workshop emphasises the need for a detailed list of topics/targets, allowing decisions to be made now on the duration of the workshop as well as schedules of individual participants.

TC ("SETF") mailinglist

The TC ("SETF") mailing list is now open again! Warning: do not cc the entire participants list or it will be treated as email spam and immediately filtered out!

SeqDB installation Stockholm

After exploration by Niklas (CGI) at the NRM, the work with SeqDB will be extended to customization. Getting SeqDB running on the same stack as rest of the Stockholm DINA applications will require continued work, primarily by Ingimar and Satpal.

SeqDB web service announcement

Nazir announced that SeqDB web services have been tested for compliance with DINA API standard. It scored well and is the first attempt to use the DINA API standard!

Other business

  • Providing stable versions of applications for the DINA Web Github repository was discussed. Rather than tagging and cloning into the repository, we should "pull" these stable versions using a script that builds the tagged versions. Updates to the script would then be used to pull the correct version.

Action Items

  • The TC members will update the licensing guidelines on GitHub with amendments from email discussions.
  • The TC members will continue to propose agenda items for the DINA Technical Workshop, Copenhagen.
  • Glen and Satpal will lead follow-up discussions via email on methods to improve web accessibility.

Next Meeting

Wednesday, 23. September, 2015 15-17 (13-15 UTC)


This page was last modified on 7 September 2015, at 20:38. Content is available under Attribution-Share Alike Non-commercial 2.5 or later, Unported unless otherwise noted.