Agenda

notes from the meeting in italics following each item

Update on response to cross-site scripting alert affecting VIVO search strings

A fix to the cross-site scripting vulnerability recently identified in a hacker journal has been prepared and Jim Blake will send mail to the development and implementation lists explaining how to download and apply the change, which involves a single Java file. This change protects against the particular exploit identified in the article but a more thorough investigation will be needed to avoid other possible problems, especially if people log in and have access to editing forms.

Next steps in changing the meeting time (no common available time has been found on Thursdays, but 1 pm Eastern might be an improvement)

We will move to 1 pm Eastern time as of 9/22/11 as being at least earlier for our European participants

Any concerns about W3C terms of use – review the contributor license agreement
Suggested topics and volunteers for news items – ORCID meetings at CERN, Harvard Profiles

Tour of another open source project web presence

VuFind (http://vufind.org) – seems to combine elements of what we have on http://vivoweb.org as well as Sourceforge. They use JIRA and have a Wishlist space. A roadmap PDF includes sections on governance, community development, project management, and software development.

Review of Jira issue tracking on the project – organization and current state of each project space

[ VIVO core development|http://issues.library.cornell.edu/browse/NIHVIVO]
VIVO harvester
[ VIVO implementation|http://issues.library.cornell.edu/browse/VIVOIMPL]
[ VIVO ontology|http://issues.library.cornell.edu/browse/VIVOONT]
VIVO feedback (not open because contact form entries from http://vivoweb.org are posted here)

Discussion of process for laying out, prioritizing, and scheduling development tasks

General priorities
- addressing security issues
- completing core infrastructure improvements that enable more developers to participate with less initial effort
- responding to user stories and issues raised on implementation calls, in the implementation or feedback
How can we make this transparent – we are a work in progress

Release 1.4 suggestions from the call

Make it a maintenance release – several sites will have just completed updating to 1.3 by the projected November timeframe for 1.4
Alternate between maintenance releases and releases involving new functionality – especially if sites could elect to skip the maintenance releases
December is not a good month for a release – too many people are away
Making a joint release of Vitro and VIVO – with or without the VIVO ontology, theme, and ontology-specific forms and display
Provenance
- could potentially be handled by logging – there are relatively straightforward places to plug in logging functionality
- required by law if using Vitro in applications involving confidential information
- likely to come in stages – combine with a way to identify the source of any given data and direct the user to where to request a correction (blame management for data that did not originate in VIVO)
Improvements to the merge functionality, including not leaving duplicate rdfs:labels behind

Other notes:

Working on Thomson Reuters ingest makes it clear we will need article and journal disambiguation, not just author disambiguation, since many articles and journals will overlap with data from PubMed.
Journals would be a very beneficial area to pursue shared, authoritative lists – where from? A number of lists exist (e.g., Science Metrix), but we can't publish their data as RDF without permission.

put an item here if you have something to share about your VIVO site or VIVO-related development work

if you have something to demo, mention it here

2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.

Dial 630-869-1015
Access Code: 232-787-753
Audio PIN: Shown after joining the meeting

Meeting ID: 232-787-753