W3C home > Mailing lists > Public > www-tag@w3.org > November 2006

minutes TAG 14 Nov for review: metadataInURI-31, namespaceDocument-8, xmlFunctions-34

From: Dan Connolly <connolly@w3.org>
Date: Wed, 15 Nov 2006 08:34:35 -0600
To: www-tag@w3.org
Message-Id: <1163601275.28647.155.camel@dirk>

http://www.w3.org/2001/tag/2006/11/14-tagmem-minutes

                              TAG Weekly
14 Nov 2006

   [2]Agenda

      [2] http://www.w3.org/2001/tag/2006/11/14-agenda.html

   See also: [3]IRC log

      [3] http://www.w3.org/2006/11/14-tagmem-irc

Attendees

   Present
          noah, Raman, Dave_Orchard, Vincent, DanC, Ht, Norm, Ed_Rice,
          TimBL

   Regrets
   Chair
          VQ

   Scribe
          DanC

Contents

     * [4]Topics
         1. [5]Convene, admin
         2. [6]Issue metadataInURI-31
         3. [7]Issue namespaceDocument-8
         4. [8]Issue passwordsInTheClear-52
     * [9]Summary of Action Items
     _________________________________________________________

Convene, admin

   <scribe> Scribe: DanC

   PROPOSED: to met 21 Nov

   NM: regrets 21 Nov

   HT: regrets 21 Nov. backplane meeting

   PROPOSED: to meet 21 Nov, Ed to scribe
   ... to accept [10]http://www.w3.org/2001/tag/2006/11/07-minutes.html
   as a true record
   ... to accept [11]http://www.w3.org/2001/tag/2006/11/07-minutes.html
   as a true record, after making the ammendment Noah requested

     [10] http://www.w3.org/2001/tag/2006/11/07-minutes.html
     [11] http://www.w3.org/2001/tag/2006/11/07-minutes.html

   <timbl> ok by me

   RESOLUTION: to accept
   [12]http://www.w3.org/2001/tag/2006/11/07-minutes.html as a true
   record, after making the ammendment Noah requested

     [12] http://www.w3.org/2001/tag/2006/11/07-minutes.html

   (minutes Nov 7 are dated 2006/11/14 18:09:46 )

   RESOLUTION: to meet 21 Nov, Ed to scribe

   "Face-to-face meeting, 11-13 Dec. 2006, Cambridge, MA, USA, hosted
   by MIT" -- [13]http://www.w3.org/2001/tag/

     [13] http://www.w3.org/2001/tag/

   TV: I'm at risk for the Dec ftf

   <Norm> My current plan is to attend 12, 13 in person and on 11 by
   phone, if possible

Issue metadataInURI-31

   VQ: so we have a draft of 7 Nov, and action on DanC and Ed to review

   NM: section 2.8 was rewritten

   VQ: I note discussion of dates in W3C URIs

   NM: I saw review comments from Ed...
   ... about strengthening the story from save-as to running it. [?]

   [odd... I see 2 URIs. ./malicious.exe and ./moviestar.jpg ]

   <DanC_> [14]The use of Metadata in URIs DRAFT TAG Finding 07
   November 2006

     [14] http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061107.html

   DC: I see 2 URIs... ./malicious.exe and ./moviestar.jpg

   NM: that's the 2nd example; look at the 1st

   DC: what's the URI in the 1st example?

   NM: there isn't a specific URI in the 1st example

   DC: then it's too abstract already for somebody, like me, who isn't
   reading all that carefully

   <dorchard> this is section 2.8?

   <timbl> ... <img src="./moviestar.exe"/>

   <timbl> ... <img src="./moviestar.exe"/> served as image/jpeg

   NM: so I see 2 ways to mitigate the risk:
   ... (1) what safari does, use the mime type to make a filename of
   moviestar.exe.jpeg
   ... (2) warn that saving as .exe won't preserve the mime type

   Ed: just recently I saw a link to an RSS feed that came up as text.

   TimBL: what was the media type?

   Ed: text

   TimBL: then the browser was doing it right; if that's not what the
   author meant, he should have used a different media type; see
   webarch and/or "authoritative metadata" finding

   <timbl> 1. The URI ends in .exe

   <timbl> 2. The contrn typ eis image/jpeg

   <timbl> 3. So the image works ina browser

   <timbl> 4. the server saves it

   TV: so I see (1) and (2); it's better to advise one over the other,
   no?

   <timbl> 4. The users saves it with "save image to desktop"

   <timbl> 5. the user clicks on it in the desktop and the thing runs
   as a file

   NM: so is the GPN OK?

   DC: it's too complicated; just say "when saving to filesystems that
   use extensions to represent media types, user agents must choose an
   extension that is constistent with the media type from the
   representation"

   Ed: is that a rfc2119:MUST ?

   DanC: yes

   TimBL: most operating systems let you rename it
   ... if you accept that your warrantee is void

   DanC: well, that's separate

   <scribe> ACTION: NM to rework metadataInURI 1st example to be more
   explicit as per Tim's suggestion above, and update GPN per Dan's
   suggestion recorded in [15]http://www.w3.org/2006/11/14-tagmem-irc]

     [15] http://www.w3.org/2006/11/14-tagmem-irc

   <DanC_> (did he say keep the 2nd example? I haven't looked at it.)

   NM: I have gotten comments on other parts of the document...
   ... ok to change "create" to "assign"?

   TBL: where is that comment?

   NM: Stuart has advised against "authority" all over the document; I
   think he's accepted that different editors would say it differently

   <noah> Note from Ed Davies:

   <noah>
   [16]http://lists.w3.org/Archives/Public/www-tag/2006Nov/0048.html

     [16] http://lists.w3.org/Archives/Public/www-tag/2006Nov/0048.html

   NM: Ed Davies 8 Nov wrote about a UK court case
   ... which we have previously discussed

   DanC: I think we treated this in the deep linking finding

   HT: no, this is a different case
   ... we don't have very good sources about this case; we're still
   awaiting the official record

   <Zakim> DanC, you wanted to answer TV's question: (1) is better and
   to ask if it wasn't the deep linking finding, what did happen to
   this court case when we last discussed it?

   <scribe> ACTION: HT to seek a copy of the official court record of
   the UK case on ../../ etc. [recorded in
   [17]http://www.w3.org/2006/11/14-tagmem-irc]

     [17] http://www.w3.org/2006/11/14-tagmem-irc

   HT: I intended to get a copy before, so yes, let's track it as an
   action now

   TimBL: I don't see this metadata in URI finding saying anything
   terribly relevant to the UK case

   <scribe> DONE: Review security section on risks of serving
   executables as .jpeg to metadataInURI draft.

   <scribe> ACTION: Ed to Review security section on risks of serving
   executables as .jpeg to metadataInURI draft. [DONE] [recorded in
   [18]http://www.w3.org/2006/11/14-tagmem-irc]

     [18] http://www.w3.org/2006/11/14-tagmem-irc

   NM: I don't see much opportunity to make progress until ftf prep;
   ETA 4 Dec

   <scribe> ACTION: DanC to Review security section on risks of serving
   executables as .jpeg to metadataInURI draft. [CONTINUES] [recorded
   in [19]http://www.w3.org/2006/11/14-tagmem-irc]

     [19] http://www.w3.org/2006/11/14-tagmem-irc

   <ht> [20]http://www.ltg.ed.ac.uk/~ht/malicious.html illustrates the
   case Noah describes in
   [21]http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061107.html

     [20] http://www.ltg.ed.ac.uk/~ht/malicious.html
     [21] http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061107.html

   <ht> Firefox's treatment is actually sub-optimal

Issue namespaceDocument-8

   <scribe> ACTION: NW, accepted on 12 Jul 2005: follow up on Noah's
   message on ns name. Reconfirmed on 10 Jan 2006. [WITHDRAWN]
   recorded in [22]http://www.w3.org/2006/11/14-tagmem-irc]

     [22] http://www.w3.org/2006/11/14-tagmem-irc

   <scribe> ACTION: NW to propose to Jonathan Borden that he changes to
   using a file of Natures. [CONTINUES] [recorded in
   [23]http://www.w3.org/2006/11/14-tagmem-irc]

     [23] http://www.w3.org/2006/11/14-tagmem-irc

   <Zakim> DanC, you wanted to ask a fairly meaty question about GRDDL
   and namespaces and media types that I sent to www-tag

   <DanC_> [24]follow your nose from XML documents to namespace
   documents? xmlFunctions-34, nsMediaType-3, RDFinXHTML-35

     [24] http://lists.w3.org/Archives/Public/www-tag/2006Nov/0086.html

   <noah> ScribeNick: noah

   DC: Shows a document containing RDF but served application/xml
   ... The RDF gives a privacy policy
   ... Has the author issued a privacy policy, or just said "look at
   these tags"?
   ... I think I like the former, in part because there's a lot of
   stuff already deployed that way.

   <timbl> I vote (1)

   DC: excerpt from XML Media Type spec:

   An XML document labeled as text/xml or application/xml might contain

   namespace declarations, stylesheet-linking processing instructions

   (PIs), schema information, or other declarations that might be used

   to suggest how the document is to be processed.

   For example, a

   document might have the XHTML namespace and a reference to a CSS

   stylesheet. Such a document might be handled by applications that

   would use this information to dispatch the document for appropriate

   processing.

   <Zakim> DanC, you wanted to bring up another case,
   [25]http://www.w3.org/2001/sw/grddl-wg/td/testlist3#xslt_literal_res
   ult

     [25] http://www.w3.org/2001/sw/grddl-wg/td/testlist3#xslt_literal_result

   <DanC> looking at
   [26]http://www.w3.org/2001/sw/grddl-wg/td/litres.xml

     [26] http://www.w3.org/2001/sw/grddl-wg/td/litres.xml

   <DanC> Content-Type: application/xml; qs=0.9

   <ht> Windows has the following information about this MIME type.
   This page will help you find software needed to open your file.

   <ht> MIME Type: application/rdf xml

   <timbl> Content-Location: testlist3.rdf

   <timbl> Vary: negotiate,accept

   NW: What's your question?

   DC: How many triples are here?
   ... RDF parser is unhappy with this.

   TBL: If the parser supported XML functions would it be unhappy?

   DC: What does that mean?

   TBL: When you get to a subtree you don't recognize, you look up
   namespace to get specs.

   NW: Tim, you'd like it to work that way, but there's no spec for
   that.

   <timbl> <t:Test r:about="#loop">

   <Norm> We're looking at this:
   [27]http://www.w3.org/2001/sw/grddl-wg/td/litres.xml

     [27] http://www.w3.org/2001/sw/grddl-wg/td/litres.xml

   <timbl> [28]http://www.w3.org/2001/sw/grddl-wg/td/testlist3

     [28] http://www.w3.org/2001/sw/grddl-wg/td/testlist3

   TBL: I did a curl -i on it and it said it was RDF.

   DC: OK
   ... There are two tests in there.
   ... this won't parse due to last dc:description.
   ... if you knew to run XSLT first, you'd "win", but there don't seem
   to be enough keys to make that happen

   NW: insteresting question which processing should happen first.

   DC: It's a mixin?

   HT: It is and it isn't.

   <Norm> q_

   HT: That use of XML breaks compositionality. It's in that sense
   outside the rules, and the fact that it causes problems is not
   surprising.
   ... In this case, the function of the whole is not the sum of the
   meaning of the parts. Not context free in the usual way.
   ... To understand the meaning of the document by working bottom up.

   TBL: Bottom up.

   DC: If it's compositional, it works either way.

   <DanC> (he said, glibly, before wondering if he was right)

   <noah_> (Noah thinks that in general top down provides the context
   for the inner parts, as in <dontTrust><x>...</x></dontTrust>

   TBL: If it were anything other than RDF, I would propose that when
   the RDF parser gets down to the dc:description,it would look up the
   namespace, e.g. to embed an encrypted piece. Works "fine" for other
   XML dialects.

   <Norm> I was going to say that xsl:version wasn't designed as a
   mixin; it was designed to tell the XSLT processor what to do, not to
   imply that you could or should send it to an XSLT processor. But I'm
   not sure that distinction is relevant on further consideration.

   <DanC> (wow... tim is blowing my mind, taking the side of "XSLT is
   working here; RDF is not doing the clean thing.")

   TBL: Problem is that RDF claims to tell you the semantics of
   anything you put in there. There's no extensibility in that sense.

   HT: Here's an example where it's different.
   ... XSTL stylesheets themselves break compositionality, and we've
   known that for years.
   ... You write things like <P> knowing that the contents are not the
   contents of a paragraph. They are result elements. XSLT is a meta
   lanuage that has implicit quoting all over the place.

   <DanC> ("my functional xml paper" ... pointer, ht?)

   <DanC> (I find
   [29]http://www.idealliance.org/xmlusa/05/call/xmlpapers/243.198/.243
   .html Functional XML: A preliminary sketch HT )

     [29] http://www.idealliance.org/xmlusa/05/call/xmlpapers/243.198/.243.html

   TBL: Nothing wrong with that, because you start from the top.

   <noah_> (Noah notes that what Tim is saying is precisely why Noah
   said above that top down is the only right way to look at it.)

   TVR: In XSLT, everything but the XSLT namespace is implicitly
   quoted.

   HT: But there are lots of XSLT elements that can contain either
   quoted or non-quoted things. Not clear it's entirely equivalent to
   backquoting.

   NW: There are <xsl:element>, <xsl:attribute> and you could use them
   everywhere. Arguably that's what <p>

   DC: So I'm hearing first case leaves things looking reasonably clean
   as far as sniffing for RDF, but the 2nd case still seems to have
   dragons lurking.

   <ht> [FYI, both Protege 3.1 and SWOOP 2.3 throw exceptions when
   given Dan's second URI. . .

   DC: If I put a "parse type"(? scribe's not sure about this) we'd
   incorrectly blow past the XSL.

   <DanC> (well, we'd blow past; whether correct or not is the issue.)

   <Norm> If we put "parseType='XMLLiteral'" is what Dan meant

   Tim: [missed]

   HT: Xinclude is another example.

   <DanC> (no smiley required, Norm; in the GRDDL WG, we've got an open
   action to make a test case of using an XML Pipeline in place of an
   XSLT transformation.)

   <DanC> (it's becoming reasonably clear that people do consider that
   this xmlFunctions-34 does cover this discussion, so I don't need
   nsMediaType-3 re-opened)

   <DanC> ScribeNick: DanC

   <scribe> ACTION: HT to track progress of #int bug 1974 in the XML
   Schema namespace document in the XML Schema WG. [CONTINUES]
   recorded in [30]http://www.w3.org/2006/11/14-tagmem-irc]
   . TBL, accepted on 5 Oct 2006: with Norm, draft semantic web
   architecture stories and such.

     [30] http://www.w3.org/2006/11/14-tagmem-irc

   <scribe> ACTION: NDW to draft semantic web architecture stories and
   such recorded in [31]http://www.w3.org/2006/11/14-tagmem-irc]

     [31] http://www.w3.org/2006/11/14-tagmem-irc

   NDW: I hope to have something for the ftf, but it's risky

   <scribe> (new version of which? I have fallen behind)

   (which finding, NDW?)

Issue passwordsInTheClear-52

   VQ: looks like we'll postpone passwordsInTheClear-52 to next time

   <timbl> passwords in the clear ok where?

   <DanC_> e.g. on local networks

   <DanC_> it's hard to get the scope of passwordsInTheClear clear
   while keeping it front-side-of-one-page

Summary of Action Items

   [NEW] ACTION: HT to seek a copy of the official court record of the
   UK case on ../../ etc. [recorded in
   [32]http://www.w3.org/2006/11/14-tagmem-irc]
   [NEW] ACTION: NDW to draft semantic web architecture stories and
   such recorded in [33]http://www.w3.org/2006/11/14-tagmem-irc]
   [NEW] ACTION: NM to rework metadataInURI 1st example to be more
   explicit as per Tim's suggestion above, and update GPN per Dan's
   suggestion recorded in [34]http://www.w3.org/2006/11/14-tagmem-irc]

     [32] http://www.w3.org/2006/11/14-tagmem-irc
     [33] http://www.w3.org/2006/11/14-tagmem-irc
     [34] http://www.w3.org/2006/11/14-tagmem-irc

   [PENDING] ACTION: DanC to Review security section on risks of
   serving executables as .jpeg to metadataInURI draft. [recorded in
   [35]http://www.w3.org/2006/11/14-tagmem-irc]
   [PENDING] ACTION: HT to track progress of #int bug 1974 in the XML
   Schema namespace document in the XML Schema WG. [recorded in
   [36]http://www.w3.org/2006/11/14-tagmem-irc]
   [PENDING] ACTION: NW to propose to Jonathan Borden that he changes
   to using a file of Natures. [recorded in
   [37]http://www.w3.org/2006/11/14-tagmem-irc]

     [35] http://www.w3.org/2006/11/14-tagmem-irc
     [36] http://www.w3.org/2006/11/14-tagmem-irc
     [37] http://www.w3.org/2006/11/14-tagmem-irc

   [DONE] ACTION: Ed to Review security section on risks of serving
   executables as .jpeg to metadataInURI draft. [recorded in
   [38]http://www.w3.org/2006/11/14-tagmem-irc]

     [38] http://www.w3.org/2006/11/14-tagmem-irc

   [DROPPED] ACTION: NW, accepted on 12 Jul 2005: follow up on Noah's
   message on ns name. Reconfirmed on 10 Jan 2006. [recorded in
   [39]http://www.w3.org/2006/11/14-tagmem-irc]

     [39] http://www.w3.org/2006/11/14-tagmem-irc

   [End of minutes]
     _________________________________________________________


    Minutes formatted by David Booth's [40]scribe.perl version 1.127
    ([41]CVS log)
    $Date: 2006/11/15 14:30:52 $

     [40] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [41] http://dev.w3.org/cvsweb/2002/scribe/


-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
Received on Wednesday, 15 November 2006 14:35:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:43 GMT