W3C home > Mailing lists > Public > www-tag@w3.org > September 2012

draft minutes of 20 September 2012 TAG telcon available

From: Jonathan A Rees <rees@mumble.net>
Date: Sun, 23 Sep 2012 11:52:59 -0400
Message-ID: <CAGnGFM+6ySJisZGysd1+xRqnCCcGw5031EfgPRx5D_RRA2U+Tg@mail.gmail.com>
To: www-tag@w3.org, "Henry S. Thompson" <ht@inf.ed.ac.uk>
Draft minutes of 20 September 2012 TAG telcon available here:
  http://www.w3.org/2001/tag/2012/09/20-minutes.html
and in plain text below.

I edited these minutes substantially in order to improve their
readability. Henry, I'd especially like for you to check what I did
with your IRC and audio comments made during the registerXXHandler
discussion.

I took the liberty of changing 'xxx' (adult content?) to 'xx' (beer?)
throughout, to help avoid spurious search engine hits.

Jonathan


   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

   This is version has not been approved as a true record of the
   TAG's meeting and there is some risk that individual TAG
   members have been misquoted. This transcript should typically
   not be quoted, except as necessary to arrange for correction
   and approval.

              Technical Architecture Group Teleconference

20 Sep 2012

   [2]Agenda

      [2] http://www.w3.org/2001/tag/2012/09/20-agenda.html

   See also: [3]IRC log

      [3] http://www.w3.org/2012/09/20-tagmem-irc

Attendees

   Present
          Yves_Lafon, Peter_Linss, Ashok_Malhotra, Larry_Masinter,
          Noah_Mendelsohn, Jonathan_Rees, Henry_S_Thompson

   Regrets

   Chair
          Larry Masinter

   Scribe
          Jonathan Rees

Contents

     * [4]Topics
         1. [5]Administrative
         2. [6]registerXXHandler features in HTML5
         3. [7]Objectives matrix
         4. [8]Governance framework
         5. [9]Testing web performance and URLs
         6. [10]IRI interoperability and scheme registration rules
         7. [11]Publishing and Linking on the Web review
            solicitation
         8. [12]F2F planning - issues list
     * [13]Summary of Action Items
     __________________________________________________________

   <scribe> scribenick: jar

   <scribe> scribe: Jonathan Rees

   Date: 20 Dep 2012

Administrative

   <Larry> are there any minutes to approve?

   <Yves>
   [14]http://lists.w3.org/Archives/Public/www-tag/2012Sep/0019.ht
   ml

     [14] http://lists.w3.org/Archives/Public/www-tag/2012Sep/0019.html

   Minutes of the 13th =
   [15]http://www.w3.org/2001/tag/2012/09/13-minutes.html

     [15] http://www.w3.org/2001/tag/2012/09/13-minutes.html

   ashok: draft minutes of the 13th look OK

   RESOLUTION: Draft minutes of the 13th approved as a record of
   that meething by acclaim

   <Larry> i will note that i personally blogged
   [16]http://blogs.adobe.com/standards/2012/09/19/governance-and-
   standards/

     [16] http://blogs.adobe.com/standards/2012/09/19/governance-and-standards/

   yves: Publishing & linking WD has been published and announced.

   ashok: No comments yet, right?

   <Larry> F2F meeting all set?

   <Larry> logistical?

   discussion of hotel

   <Larry> everyone set on logistics for London F2F

   <Larry> i have a couple of topics to talk about today

   Review of agenda items added by chair

   <Larry> new agenda items: web+ and registerXXHandler

   <Larry> new agenda item: governanceFramework, and timely news

   <Larry> new agenda item: testing the web and performance and
   urls

   <Larry> new agenda item: IRIs and URL

registerXXHandler features in HTML5

   [In editing the minutes the scribe has reordered contributions
   in an attempt to make the proceedings easier to reconstruct.
   Much of the conversation was in IRC instead of voice due to
   audio and scribing difficulties.]

   <Larry> registerProtocolHandler

   lm: gmail wants to say, when you see a mailto: URL, go to
   gmail, passing the parameters
   ... this is supposed to change the [operating] system so that
   from now on mailto: URLs are handled by gmail
   ... There was an issue in the HTML WG - they were concerned
   about security.
   ... Some schemes would be bad to redefine. So, whitelist or
   blacklist?
   ... A: We don't know... so we're going to have a whitelist...
   ... and in order to make the whitelist open-ended, include all
   scheme names beginning web+
   ... There's a browser dialog [as a protection measure]
   ... There was a procedural question, how to have new URI
   schemes, without registering with IETF?

   <Larry>
   [17]http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep
   /

     [17] http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep/

   <Larry> looking at thread on "web+ and registerProtocolHandler"
   subject thread

   (looking up thread)

   lm: This looks like the nail in the coffin of the [IANA]
   registries [relating to the web]. The IANA URI scheme registry
   would be killed by this move.

   <Zakim> ht, you wanted to ask all? really?

   lm: It's supposed to change the entire OS.

   ht: The issue was in whatwg, are you sure it's an html5
   feature/issue?

   <Larry>
   [18]http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep
   /

     [18] http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep/

   <Larry>
   [19]http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep
   /0000.html

     [19] http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep/0000.html

   <Larry>
   [20]http://lists.w3.org/Archives/Public/public-html/2012Aug/011
   5.html

     [20] http://lists.w3.org/Archives/Public/public-html/2012Aug/0115.html

   ht: I can't find it in the HTML5 bug tracker.

   <Larry> [21]http://www.w3.org/html/wg/tracker/issues/189

     [21] http://www.w3.org/html/wg/tracker/issues/189

   ht: OK

   <noah> Should I be worried that [issue 189 is] closed?

   <Larry> [See]
   [22]http://dev.w3.org/html5/spec/system-state-and-capabilities.
   html#custom-handlers

     [22] http://dev.w3.org/html5/spec/system-state-and-capabilities.html#custom-handlers

   lm: My conclusion is that web+ was a red herring... the real
   issue is not 189, but section 6.5.1.2, see the link.
   ... register-content-handler has a blacklist only ...
   ... with an install security dialog

   noah: I see this as attempting, in the API, a way to express an
   intention.
   ... This seems to be in that spirit, where the application is
   packaged as a web app
   ... just as photoshop might say, I think I'm a good handler for
   media type M.
   ... so it's ok for the spec to not say much about this.

   lm: Any application can install media type handlers.
   ... It's not appropriate; it's poorly defined and has the wrong
   security model
   ... and reduces the motivation [to nil] for ever registering a
   URI scheme.

   <noah> Ah, OK, so you're not pushing hard against what they're
   >trying< to do, just suggesting that it's either
   under-specified and/or has an insufficient security story

   am: Why [does it reduces the motivation for registering a URI
   scheme]?

   lm: There's lots of unregistered schemes and types anyway, but
   [before this] there was hope [that they might eventually be
   registered].
   ... But now the web site has the authority to modify the OS.

   <noah> The browser routinely does this stuff for file types
   that the browser handles directly, including at least HTML, but
   also XML, or even JPG.

   <noah> The difference here is that the browser will not handle
   things with its own (somewhat trusted) code.

   am: Are you nervous that someone could screw with my browser?
   ... [What are the] attacks?

   lm: This changes security model: it used to be you could scan
   for viruses, but with the new feature, you're trusting the site
   dynamically into the future.
   ... In this workflow, the registry adds no value.

   <Larry> My conclusion is this is the nail in the coffin for
   IANA registries for URI schemes & media types.

   <ht_home> I think there's nothing here [in the draft] about
   scope -- temporal, or web/scope.

   <ht_home> I.e. for how long? For which pages?

   <noah> I infer it's sort of scoped to my desktop or phone or
   tablet.

   <noah> Is that what you mean?

   <ht_home> Yes.

   <ht_home> And what about conflict?

   <ht_home> [What if] several sites all try to register a
   handler?

   <noah> I assume that's up to the OS (it can do what it wants),
   but typically [it would last] until explicitly changed.

   <noah> That's how setting handlers for JPG or e-mail typically
   works.

   <Larry> [In]
   [23]http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep
   /0033.html , Robin says: "this is intended to be system-wide"

     [23] http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep/0033.html

   <ht_home> That's what it [?] does!

   <ht_home> No, no no [scribe: HT was muted here due to audio
   difficulties; not clear to what this was in reference]

   am: Who is registering what?

   <noah> I assume, the canonical use case is something like:
   "GMail is my mail handler, Google Voice does my phone dialing,
   etc."

   <ht_home> Yes NM, but at least [in the pre-HTML5 status quo]
   they installed the App.

   lm: This is a call on the OS to register a scheme or media type
   with the OS for the indefinite future.

   <Larry> This belongs with an "install" security model and not a
   "web" security model.

   <Larry> Web sandboxing is inappropriate.

   noah: The browser is supposed to act on the user's behalf...
   except that maybe some users won't understand. But desktop apps
   have the same problem.

   lm: I'm not saying it's a horrible thing and it should go away;
   it does need a better security, but that it will happen. I'm
   just saying that this is the end of the registries.

   <Larry> See
   [24]http://www.w3.org/2012/05/sysapps-wg-charter.html .

     [24] http://www.w3.org/2012/05/sysapps-wg-charter.html

   <Larry> Sysapps have a different security model:

   <Larry> "The Working Group will focus on those operating system
   interactions that cannot be exposed safely to Web applications
   executing in the traditional browser security model."

   <noah> I'm not convinced that the registries in >this< space,
   I.e. which desktop app showed show my photos, were ever a
   realistic model.

   lm: Let's look at the sysapps [draft] charter...

   <noah> Hmm. I thought this [registerXXHandler] is for apps that
   >are< in the traditional browser security model, and sysapps
   are for ones that aren't.

   lm: the wording in the charter applies

   <ht_home> NONONO

   <ht_home> Not a web app [scribe: in the sense of sysapps]!

   <ht_home> All that happens is a [different] URI is fetched.
   [due to substitution]

   <noah> Right, but typically I register something with a lot of
   Javascript that is a web app

   ht: No web app, no installation, no javascript, just [URI]
   substitution.
   ... Any javascript is going to be subject to [the usual]
   cross-site constraints.
   ... I see no evidence in the spec that it's a request to the OS
   to change what it does.

   lm: The spec doesn't say, but as implemented this is how it
   works.

   <Larry> image/jpg is blacklisted, but image/jpeg2000 isn't

   noah: Once the OS is modified, it's possible that when I click,
   [the OS] might launch some web app, but that's subject to
   sandboxing.
   ... so [there is no change in the security model.]

   <noah> I'm not seeing why registering such an app changes the
   security model. Does it say that registered apps have access to
   eg. local files that regular web apps don't?

   lm: Clicking will go to some site.

   jar: Let's not dive [too deep] into security, LM wanted to talk
   about what will happen to the registries.

   <Larry> so why bother with IETF APPS area any more?

   <noah> I can see why we would want this coordinated with the
   SysApps stuff, I'm less clear why anyone thinks a registry
   could work in this space, whether for webapps, native or both?

   lm: [Because] if you want to do a new SIP, there's no point in
   bothering with IETF any more, you just build an app and
   register a protocol handler.

   <noah> What would such a registry have, that GIMP is the
   world's handler for JPEG and Photoshop isn't? :-)

   <Larry> I was starting to understand Hannes's "death of
   protocols" point.

   <ht_home> I do want to get clarification on how they think the
   HTML5 spec. can change the OS.

   <ht_home> I think we do need to discuss this at the F2F.

   lm: I wanted the TAG to reflect on the role of registries in a
   world where registerXXHandler is common.

   <noah> So what should we do about this, if anything?

   lm: It's worth [at least] 1/2 hour at F2F [not to speculate how
   much time it is likely to take].

   <ht_home> web+ and registerXXHandler

   <Larry> gather some URLs from the discussion to queue this up
   as an issue

   <noah> ACTION: Noah to schedule F2F discussion of XX handler
   registration see discussion on 20 Sept. [recorded in
   [25]http://www.w3.org/2012/09/20-tagmem-irc]

     [25] http://www.w3.org/2012/09/20-tagmem-irc

   <trackbot> Created ACTION-739 - Schedule F2F discussion of XX
   handler registration see discussion on 20 Sept. [on Noah
   Mendelsohn - due 2012-09-27].

Objectives matrix

   <noah> ACTION-738?

   <trackbot> ACTION-738 -- Noah Mendelsohn to schedule another
   discussion of World Wide Web Objectives Matrix per ACTION-726
   -- due 2012-09-20 -- OPEN

   <trackbot>
   [26]http://www.w3.org/2001/tag/group/track/actions/738

     [26] http://www.w3.org/2001/tag/group/track/actions/738

   <noah> [27]http://www.w3.org/2001/tag/2012/09/13-minutes

     [27] http://www.w3.org/2001/tag/2012/09/13-minutes

   <Larry> [28]http://www.w3.org/2001/tag/2012/09/action-726

     [28] http://www.w3.org/2001/tag/2012/09/action-726

   action-726 deferred pending receipt of input

   <noah> ACTION-738?

   <trackbot> ACTION-738 -- Noah Mendelsohn to only if there's
   e-mail news: schedule another discussion of World Wide Web
   Objectives Matrix per ACTION-726 -- due 2012-09-25 --
   PENDINGREVIEW

   <trackbot>
   [29]http://www.w3.org/2001/tag/group/track/actions/738

     [29] http://www.w3.org/2001/tag/group/track/actions/738

Governance framework

   <Larry> action-728?

   <trackbot> ACTION-728 -- Noah Mendelsohn to find editor for
   copyright and linking after group reviews Ashok's proposals on
   stronger messages -- due 2012-07-12 -- CLOSED

   <trackbot>
   [30]http://www.w3.org/2001/tag/group/track/actions/728

     [30] http://www.w3.org/2001/tag/group/track/actions/728

   lm: We published P&L, and I blogged about it.

   <Larry>
   [31]http://blogs.adobe.com/standards/2012/09/19/governance-and-
   standards/

     [31] http://blogs.adobe.com/standards/2012/09/19/governance-and-standards/

   lm: I tried to give various people the elevator pitch about the
   governance draft. The blog post is what I came up with up. This
   is just a heads-up.

   <Larry>
   [32]http://www.w3.org/2001/tag/doc/governanceFramework-2012-07-
   19.html

     [32] http://www.w3.org/2001/tag/doc/governanceFramework-2012-07-19.html

   <Larry> we talked about this one

   <Larry>
   [33]http://www.w3.org/2001/tag/doc/governanceFramework.html

     [33] http://www.w3.org/2001/tag/doc/governanceFramework.html

   lm: [clarifying] The feedback I got on the governance framework
   document was negative. So I tried to explain what I was trying
   to do. The outcome was the blog post. I plan to pull the new
   introduction (from the blog post) back into a new version of
   the framework document.

   <Larry> i'll take an action to update in time for F2F

   <noah> ACTION: Larry to update the governance frame for Oct F2F
   discussion [recorded in
   [34]http://www.w3.org/2012/09/20-tagmem-irc]

     [34] http://www.w3.org/2012/09/20-tagmem-irc

   <trackbot> Created ACTION-740 - Update the governance frame for
   Oct F2F discussion [on Larry Masinter - due 2012-09-27].

   <noah> ACTION-740?

   <trackbot> ACTION-740 -- Larry Masinter to update the
   governance frame for Oct F2F discussion -- due 2012-09-27 --
   OPEN

   <trackbot>
   [35]http://www.w3.org/2001/tag/group/track/actions/740

     [35] http://www.w3.org/2001/tag/group/track/actions/740

Testing web performance and URLs

   Skipping due to time constraints.

IRI interoperability and scheme registration rules

   <noah> What's the question on the table for this discussion?

   lm: There is progress on URLs in the W3C webapps working group.

   <Larry> [and that i'm inarticulate about it]

   lm: Hasn't been checked in, but people are doing testing now,
   to see what browsers actually do with IRIs.

   <noah> So, this is interoperability, not performance (in the
   speed sense)?

   lm: They're asking, do browsers reverse query parameters or
   not? etc.
   ... That's good. The procedural issue is how to coordinate IETF
   and W3C specs better.

   <noah> Seems like the topic title is misleading. Should be "IRI
   Browser Interoperability"?

   lm: The IETF WG has been really quiet. The browser implementors
   aren't there.
   ... Concerned that any work on the scheme registry might be
   moot. Will people really register vendor schemes?

   noah: Are scheme names to be allowed to be nonascii?

   lm: The aim of the registry work was to allow the part after
   the scheme name to be defined according to their unicode
   sequence rather than ASCII.
   ... ... this was about making scheme registration easier.

   <Larry> making scheme registration easier was a whole theme and
   subject of discussion

   noah: What were you concerned about in specific?

   lm: I wanted to figure out if this is a topic of interest.

   <Larry> maybe this is just a heads up if you're interested

   noah: (procedural options)

   lm: This is a heads-up. We've talked about it a lot, I want to
   note that there has been recent activity.

   noah: Does this change anything that would be seen on the wire,
   or does it only affect how what we see is documented?

   lm: the latter... so maybe not as big a deal [as
   registerXXHandler]

Publishing and Linking on the Web review solicitation

   lm: The google response to the recent video [takedown request]
   was a propos the p&l work.
   ... If we want feedback on p&l, pointing out its relevance to
   topical issues would be a way to raise interest in it

   noah: If we're going to do this, let's consider the timing -
   push it into public light now, or later when we're more sure of
   it?
   ... Your question is, should we solicit feedback, and if so,
   from who?

   scribe notes departure of HT and AM

   <Larry> informally ask at FPWD for feedback, esp from people
   who have given us feedback before

   yves: We can send issues any time, no formal response required
   until last call

   <Yves> [There's no need for] no formal accounting until LC

   lm: Now that we have a public document, we can start asking
   people to review it
   ... I'm asking TAG members: If you've asked someone to review
   it before, please ask them again now.

F2F planning - issues list

   <noah> Jonathan, I think I want to ask you about:

   <noah> ACTION-692?

   <trackbot> ACTION-692 -- Noah Mendelsohn to consider JAR's
   april request to discuss, for 10 mins, issues list at oct f2f
   -- due 2012-09-10 -- OPEN

   <trackbot>
   [36]http://www.w3.org/2001/tag/group/track/actions/692

     [36] http://www.w3.org/2001/tag/group/track/actions/692

   <Larry> action-692?

   <trackbot> ACTION-692 -- Noah Mendelsohn to consider JAR's
   april request to discuss, for 10 mins, issues list at oct f2f
   -- due 2012-09-10 -- OPEN

   <trackbot>
   [37]http://www.w3.org/2001/tag/group/track/actions/692

     [37] http://www.w3.org/2001/tag/group/track/actions/692

   <Larry> this sounds like it's subsumed by JAR's matrix

   <noah> Well, this is about our formal issues list.

   Adjourned.

Summary of Action Items

   [NEW] ACTION: Larry to update the governance frame for Oct F2F
   discussion [recorded in
   [38]http://www.w3.org/2012/09/20-tagmem-irc]
   [NEW] ACTION: Noah to schedule F2F discussion of XX handler
   registration see discussion on 20 Sept. [recorded in
   [39]http://www.w3.org/2012/09/20-tagmem-irc]

     [38] http://www.w3.org/2012/09/20-tagmem-irc
     [39] http://www.w3.org/2012/09/20-tagmem-irc

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [40]scribe.perl version
    1.1 ([41]CVS log)
    $Date: 2012/09/23 15:45:55 $

     [40] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [41] http://dev.w3.org/cvsweb/2002/scribe/
Received on Sunday, 23 September 2012 15:53:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 23 September 2012 15:53:28 GMT