- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 14 Mar 2011 18:08:01 -0700
- To: public-ietf-w3c <public-ietf-w3c@w3.org>
0. Roll Call and Agenda Bashing Present: Mark Nottingham, Peter Saint Andre, Thomas Roessler, Stephen Farrell, Pete Resnick, Robert Sparks, Sean Turner, Russ Housley, John Klensin, Philippe Le Hegaret, Alexey Melnikov, Larry Masinter 0. IETF / IESG Changes Alexey's term is shortly ending; Prague will replace him as APPS AD with Pete Resnick. Peter will continue as co-AD. RAI ADs will continue. Sean Turner (Security AD) will continue; Stephen Farrell will take over for Tim Polk. John Klensin: IAB members may become more active; I may or may not continue to be involved. 1. RTCweb BoF is scheduled for Tuesday AM (Prague IETF); breakout session on Friday Counting on Harald to be first point of coordination (involved in both W3C and IETF efforts) Information is flowing; any particular questions/concerns to Robert Sparks Q: What is W3C status? Philippe: We have a draft charter; currently under review. Closes March 18. If response is positive, will launch WG within two weeks. Can sync w/ IETF. http://www.w3.org/2010/12/webrtc-charter Peter: Will have BoF at end of month, so depending on community discussion and consensus, it will probably be formed in the next month or two. PLH: W3C should wait for the BoF to happen, so there are no surprises. Pete Resnick: Result of IETF BoF and W3C charter review will result in a division of labour? PLH: Correct (as captured in the charters). Q: What is the division planned at a high level? Robert Sparks: W3C's WG will be focusing on APIs, IETF will be working on changes to protocols (if necessary) to realise the APIs. E.g., RTP, HTTP Headers, etc. There are several drafts in datatracker that have been early contributions. See: https://datatracker.ietf.org/doc/search/?name=rtcweb&activeDrafts=on&rfcs=on Discussion on the dispatch list and some on Harald's site. PLH: Seems to be going smoothly. Q: Who's point in RAI? Robert Sparks: Gonzalo. I'm a proxy. 2. IETF WEBSEC WG / Content Security Policy / etc. Peter: WEBSEC formed end of last year; not very active. Two-pronged approach; 1) broad security framework in the longer term (initial I-D last week), also 2) short-term topics such as HTTP Strict Transport Security (HSTS), mime-sniff (Adam Barth), and the "web origin" concept. Will be discussion in Prague. Will also have presentation about Do Not Track. Also may have side meeting on DNT. Thomas: Charter ready to go for CSP; having trouble finding a chair. Discussion is taking off. Risk of losing opportunity / non-standard output if a chair can't be found. Peter: My understanding is that other work may be involved? Thomas: Also may include XHR2 (xmlhttprequest), CORS (Cross-Origin Resource Sharing) Recommendation work. 3. Web tracking / Do Not Track / W3C workshop Peter: W3C Workshop in Princeton at end of April. Hannes, Alissa Cooper, browser folks, W3C folks will be there. Background? Thomas: There is a huge political interest in Web tracking. Various products, ideas shipping from browsers. Discussion deserves a broader workshop; hence Princeton. Microsoft has made a submission to W3C for tracking protection lists, DNT header, DOM property. IETF draft from Mozilla for DNT header, and an overview I-D from Hannes/Alissa. Primary purpose of workshop is to figure out what Standards-Track work W3C should undertake in this area. W3C/IETF relationship needs discussion, given the Mozilla I-D. Should be discussion at both Prague and Princeton likely. Stakeholders are browsers, ad networks, public policy folk; all need to be involved. Current proposals have vastly different language about what the semantics are. Peter: Agreed; getting semantics right is a challenge. Stephen Farrell: Any work on actual tracking practices? Mark: There is P3P. Effort at W3C some years ago. Browsers have mixed feelings (in IE, not in Mozilla). Peter: Web has come quite some way since then. Ecosystem has evolved; concerns may be different. John K: Other issue with P3P is that there's a complexity to it, imposed upon the user. Issue with tracking proposals is that unless one gets real regulatory involvement, it's basically hopeless because advertisers have a strong incentive to ignore the DNT mechanism. We need to be clear that this is a problem where the incentives are funny. Thomas: I agree with much of what you say, we've just demonstrated why this really needs a long discussion. One proposal is for the site to reflect the header back; there's a lot more discussion especially in the public policy dimension. John: Enough people became skeptical during the P3P process that they walked away, allowing the remainder to achieve consensus. Workshop CFP: http://www.w3.org/2011/track-privacy/ 4. Next-generation HTTP authentication methods at SAAG session / WOES / WebID Peter: http-auth@ietf.org list is active; will be a presentation by Yutaka Oiwa in Prague at the SAAG session. May have some discussions after that, maybe BoF at IETF 81. Thomas: Identity in the Browser Workshop being formed, Late May in the Bay Area. Idea is to get the Web identity crowd and Browser crowd in the same room to see what happens. Slightly different set of people than the http-auth discussion. Peter: Is that part of the WebID discussions at W3C? That's been quite active. Thomas: Two sets of discussions; at time confusing. WebID Group is an Incubator. Workshop is asking a more general question. Not clear that what the result will be, but it's likely there will be overlap that we need to track/discuss. Peter: Possible overlap with "mash-up" of Web and security. There is a BarBoF on WOES (Encryption and signing in Javascript) scheduled for Monday night at 2000 (starts after plenary is over). WOES mailing list is woes@ietf.org. 5. special meaning to headers with prefix "Sec-*" Mark: xmlhttprequest guys have given special meaning to headers starting with "sec-" (e.g., browsers will ignore them). This has implications for future registrations. Not a good precedent because others might hardcode header "prefixes" in the future. Did have a discussion about this, but from a liaison perspective need to figure out what the right approach is going forward. Alexey: In IETF's HYBI WG, the WebSocket protocol is using some of these headers as well. Mark: Makes sense from application standpoint, but a bit of a blind alley from the HTTP perspective. Alexey: And it does affect header registrations as well. Mark: If everyone adopts this pattern, would be a concern. Alexey: Are there practical steps to take to have a conversation about this. Larry: It would be good to at least document in the relevant spec that there are issues with this approach. Thomas: [not captured by the scribe] Mark: The problem is it was done unilaterally for implementer convenience. Mark: raised this on the webapps working group mailing list: http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0616.html 6. XML Security 1.1 CR & PAG Thomas: 1.1 spec survived Last Call. Has some normative dependencies on RFC6090. Has some disclosures against it, resulting in a Patent Advisory Group; see: http://www.w3.org/2011/02/xmlsec-pag-charter.html PAG is Member-confidential; results are bounded. http://www.w3.org/Consortium/Patent-Policy/ Sean: When will it conclude? Thomas: 31 August. Can be extended if needed. Stephen Farrell: Why didn't the license satisfy the requirements? Thomas: defensive suspension clause 7. IRI WG Topic: Progress slow, does HTML reference IRI? Original motivation for WG was to enable: http://www.w3.org/2002/09/wbs/40318/issue-56-objection-poll/results Larry: confess I haven't put as much in as I promised Peter: Need to find a new co-Chair. I know this was a priority for W3C; are there still people who need this to happen? Because if so, we need to harness that energy. Larry: So far, no comments/objections on change proposals for normative references. Philippe: Deadline is today, and we have at least one objection re: schedule. Thomas: And another. This looks messy. Peter: I think we need to have a frank discussion on this work; it's easy to say that the IETF WG has failed, but anyone can contribute. Maybe we can talk about this in Prague. Philippe: Three change proposals, end today, then Chairs need to issue a decision. May take some time, but they can be quick. So, it's up to the Chairs. Larry: If I were active in the HTML WG, I'd withdraw the proposal, because it was predicated on people being active in the IETF, while they haven't been. (As far as I can tell, there is no "no change" proposal. ) Thomas: There is a proposal on the table restoring text that would have this effect. Larry: If we can get the IRI WG to do something, that would be new information and the issue can be reopened. It's more productive to get this document finished. (Getting help from browser world to actively co-chair or co-edit document(s) would be a good step.) Thomas: Is the WG able to consider that new information? Philippe: I believe so. 8. WebSocket / HyBi WG Peter: We've been putting energy into this, with regular calls, very busy list. People come and question things that have happened, but progress has been made. Alexey: Was chatting wth Salvatore (co-Chair), they want to start WGLC after Prague. It looks like there are several people attempting to implement and reasonably happy with -06. Mark: Some summary of status, consensus calls would be helpful; it's difficult to track/review this work. Does -06 represent current consensus? Alexey: Think so, need to check with chairs. Peter: Yes, given the volume, summaries would help (e.g. chairs, WG secretary). Alexey and I are going to review/sanity check before Prague. We have positive implementation feedback, but that doesn't mean all of the issues are solved. Mark: What's the status of the API work? Philippe: No, there hasn't been any effort to sync the API with the protocol lately. Larry: Review, feedback from middleware/firewall/proxy community? Mark: Yes, we did this before (and got negative feedback), need to do this again after the recent changes to affirm that their concerns are addressed. 9. IANA (including MIME) registration processes for web values Topics: URI schemes, link relations, MIME types, charsets, "willful violations" Meeting at Prague planned to talk about this. See http://tools.ietf.org/html/draft-masinter-mime-web-info and http://www.w3.org/html/wg/wiki/ChangeProposals/RelRegistryAtTheW3C Alexey: Can't go through all of the issues here, but one of the major concerns expressed is that it's difficult to determine the state of registrations submitted from SDOs. I've started discussion within the IESG on addressing this. Starting work on text/n3 and text/turtle registrations. Thomas: Details on those registrations? Alexey: I was having conversations wtih Eric and TBL; they sent registrations to me and I gave comments. Larry: The topic is much broader -- it's the use of IANA at all. Comments on the link relations registry are relevant. Mark: We really need to look at this systemically. Larry: The world has changed a bit, and we need to adapt. John: During the US Gov NOI, it is unlikely that much will change. If you have feedback, provide feedback during that NOI process. In general, it is worth assuming that IANA does what they are told, both in terms of general rules and in specific allocations. So a little parsing of the issues would also be appropriate. Mark: This is urgent because many implementors seem to want to route around IANA. 10. IAB plenary on future of applications -- see Monday evening at https://datatracker.ietf.org/meeting/80/agenda.html Peter: This should be quite an interesting plenary; I know many people have strong views. Larry [offline] : Henry Thompson is giving a talk from W3C TAG on related issues. http://www.w3.org/2001/tag/group/track/actions/527 , http://www.w3.org/2001/tag/group/track/actions/519 , etc. Thomas: If there are things we should know about the background discussions, it would be good for IAB folks to fill us in. Peter: John? Russ? John: Not much more. Jon Peterson is coordinating. Pete Resnick: I will be throwing hand grenades. There are architectural disagreements. 11. draft-holsten-about-uri-scheme Alexey: I was helping editors to finish before end of my term; they have a deadline that I don't believe they will meet. Disappointed in progress. Thomas: Who told them they haven't done their job? I.e., what process are we in here? Alexey: They received lots of comments (in LC, AD Review), they promised to address them but haven't. I'll enter details into the datatracker; Peter will be taking over shepherding. Peter: I will be following up. Larry [offline]: this goes back to resistance to using IANA at all 12. draft-lear-iana-timezone-database Peter: Timezone database has been personally maintained by Arthur Olson; he's close to retirement. We're trying to figure out where to maintain it, and IANA is one of the possibilities. Elliot Lear is leading. Challenges in terms of format, processes, cultures. Will discuss in Prague -- meeting of small group of people who care on Wednesday 8am-9am; announced/discussed on apps-discuss@ietf.org. Also at APPS area meeting on Monday AM. 13. draft-faltstrom-5892bis (the Unicode code points and IDNA) Peter: Unicode version agility was part of IDNA; general consensus seems to be that unicode code point changes weren't a big deal. State is summarised in this draft. We'll try to push this forward after Prague. 14. Content-Disposition header field for HTTP Mark: We've just asked for IETF Last Call. This was an appendix in RFC 2616. Broke it off into a separate draft in HTTPBIS. There was confusion and mis-implementation regarding internationalization. Julian Reschke did a lot of testing on this topic. Some back-and-forth with browser vendors -- not a lot of feedback, but did receive productive input. Agreement on basic error handling, but not on advanced handling. Alexey: Hopefully approved by IESG next week. 15. Any other business? Topics for Prague and/or future meetings: Larry: IAB/TAG coordination (e.g., extensibility and versioning), joint meeting etc (pls coordinate with W3C TAG chair) Larry: Forking documents and registries Larry: maintenance of file:, ftp:, etc. Larry: +zip, +json mime types, and general issue of assumptions about registered values 16. Tentative scheduling of next call IESG Retreat - 2-3 May (Amsterdam) W3C AC meeting -- 15-17 May (Bilbao) IETF -- July 24-29 (Quebec City) W3C Tech Plenary -- 31 Oct-4 Nov (Santa Clara) IETF -- November 13-18 (Taipei) Peter: Mid-June seems like a possibility... Mark: yes Thomas: Post-Prague call? Peter: next call early-to-mid May, then early-to-mid June Mark: I'll send out the poll. ### -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 15 March 2011 01:08:30 UTC