[minutes] Tuesday 13 January 2009

Hi,

The minutes of today's (bad-audio) call are available at:
  http://www.w3.org/2009/01/13-bpwg-minutes.html

... and copied as text below.


Resolutions taken:
- on CT, We will not reconsider the question of extending the 
cache-control directive for CT usage
- on CT, We will not say anything about transforming included resources

Please answer the questionnaire re. next F2F:
http://www.w3.org/2002/09/wbs/37584/BPWG-Possible-F2F-March-2009/

On CT, the discussion on mandating heuristics and security issues linked 
to links rewriting were postponed to next week, so that the discussion 
may go on on the mailing-list. No final decision on registering the 
"X-Device-*" like as we're still unclear about deprecation rules for 
"X-" once the non-"X-" header becomes available.

Bruce is to take the lead on reviewing and possibly commenting the 
Widgets packaging document.

Francois.


13 Jan 2009

    [2]Agenda

       [2] http://lists.w3.org/Archives/Public/public-bpwg/2009Jan/0005.html

    See also: [3]IRC log

       [3] http://www.w3.org/2009/01/13-bpwg-irc

Attendees

    Present
           tomhume, Jeff, francois, jo, Dom, rob, Bryan_Sullivan, yeliz,
           EdC, miguel, achuter, bruce, martin_spain

    Regrets
           DKA, SeanP, DavidStorey, abel, nacho

    Chair
           jo

    Scribe
           tom

Contents

      * [4]Topics
          1. [5]F2F Poll
          2. [6]Update on Mobile Accessibility
          3. [7]Mandating respect of heuristics
          4. [8]HTTPS Link Rewriting
          5. [9]X-Device-* HTTP header fields
          6. [10]re-consider our position regarding the use of
             Cache-Control extension mechanisms
          7. [11]Included resources of a non transformed resource should
             not be transformed.
          8. [12]Request for last call comments [$1\47], from WebApps WG
             on Widgets 1.0: Packaging and Configuration
      * [13]Summary of Action Items
      _________________________________________________________

F2F Poll

    francois: this should run for 1 week.

    jo: Please answer ASAP. London is in the lead, by a short head.

    <francois> [14]questionnaire on next F2F's location

      [14] http://www.w3.org/2002/09/wbs/37584/BPWG-Possible-F2F-March-2009/

    jo: Dan has an action to find hosts for Boston etc.

Update on Mobile Accessibility

    alan: Sent a message to the list, but it didn't arrive.

    <jo> /

    alan: It was updated in October, I haven't done any work on it yet.
    WCAG became a W3C recommendation end December, but it's still
    pending some changes from Sean and Lisa in the Education & Outreach
    WG. Next week I'll do this, publish a new version which can be
    approved by the working group.
    ... No more work required by the group at the moment.
    ... Before next weeks call (before Monday next week) I should be
    able to update it, so we can review Tuesday and the following Friday
    the EOWG can review and pass onto the WCAG.

    jo: We should give this group a week to review, so if you could get
    out by Monday that'd be great.

Mandating respect of heuristics

    francois: the main topic that remains re CTG are those in the
    agenda, plus a few details
    ... Mandating respect of explicit mobile heuristics, mandating
    meaning the CT proxy SHOULD NOT transcode responses where these
    heuristics are found
    ... There's discussion on the CT mailing list for the time being
    around this. I've not had time to go through Eduardo's last
    response. I suggest we postpone the discussion til next week, in
    Sean's absence

    jo: Plus we've not aired this discussion on the list.

    <EdC> +1 for postponing.

    <jo> ACTION: Francois to stimulate discussion on the SHOULD NOT
    question ref mobile heuristics [recorded in
    [15]http://www.w3.org/2009/01/13-bpwg-minutes.html#action01]

    <trackbot> Created ACTION-896 - Stimulate discussion on the SHOULD
    NOT question ref mobile heuristics [on François Daoust - due
    2009-01-20].

HTTPS Link Rewriting

    tomhume: we're also awaiting some feedback re safe means to
    transcode HTTPS content from the transcoder folks

    jo: This was an action on Sean, I think?

    <francois> ISSUE-285?

    <trackbot> ISSUE-285 -- Does BPWG feel it can write Best Practices
    on links rewriting in the CT guidelines? Or that it cannot be a best
    practice? -- OPEN

    <trackbot>
    [16]http://www.w3.org/2005/MWI/BPWG/Group/track/issues/285

      [16] http://www.w3.org/2005/MWI/BPWG/Group/track/issues/285

    francois: there are two things - issue-285 to get advice from the
    main body of the working group on best practices around security
    guidelines.
    ... and an action from Rob to start ???ing different guidelines
    being composed.

    jo: for the benefit of the WG here, we reached a stalemate in
    discussion and Rob took an action to write some guidelines on "is
    there anything we can say is best practice around the idea of
    intercepting links that people have deliberately designated as
    secure". The task-force was evenly divided between those that
    thought not and those that think saying something is essential

    <EdC> I was suddenly diverted to another call, and now cannot join
    the number at +33 (busy tone).

    jo: for HTTPS, we're waiting for a discussion on-list

X-Device-* HTTP header fields

    francois: in the guidelines we emphasise that whenever a CT proxy
    changes one of the HTTP Header fields it must add an X-Device- and
    the name of the original field, so that the origin server can
    reconstruct the original HTTP request from these headers. The
    problem is with the registration of these fields: X- means
    experimental, by definition we cannot register this and new header
    fields must be registered with the IETF.

    <jo> PROPOSED RESOLUTION: We will document this as X-TBD-* headers
    and explain that registration is being sought and that
    implementations should expect to see both with and without the X-

    <jeffs> this seems no longer "experimental", so move to Provisional
    Header reg at IETF instead of X-Device-* makes sense to me, so it
    would have my +1

    <jo> [francois notes that we may have objections to going to rec
    with X- and also that the Device- prefix is overloaded]

    <EdC> Comment: some other standards have kept x-* fields (e.g.
    Uaprof), without registration. Registering different fields will
    require supporting both for the foreseeable future both in
    CT-proxies and application servers. Is there a KO criterion to go
    the way of registration?

    <jo> PROPOSED RESOLUTION: We will document this as X-TBD-* headers
    and explain that registration is being sought and that
    implementations should expect to see both with and without the X-

    <francois> [I don't think the "Device-" header is overloaded. The
    "Original-" header is, which was one of the possibilities to improve
    the header name in the first place.]

    jo: edC, I understand the point re keeping X- fields
    ... my feeling is that we can get away with it by noting this as
    what we're seeing.

    <Bryan> sorry, have to drop off for another call

    <francois> [My point is if we are to change the name of the X-
    headers, then we should as well register proper names *without* the
    X- prefix!]

    jo: I don't think the point is whether we register an X- header,
    it's that we can't do this
    ... the proposed resolution is we document as X- headers and proceed
    in parallel with registration. Any objections?

    francois: I think the proposed resolution should be to document this
    as X-Device-
    ... if you change the name there's no reason to keep the X-, we can
    register proper headers if we invent a new header.

    <jo> PROPOSED RESOLUTION: We will document this as X-Device-*
    headers and explain that registration is being sought and that
    implementations should expect to see both with and without the X-

    <jo> +1

    <EdC> What is the ultimate relation between X-Device-* and the TBD-*
    ? Migration?

    jo: the TBD is no longer on the table

    <rob> +1

    <francois> +1

    <EdC> MUST implementations support both?

    <EdC> SHOULD or MUST?

    jo: they SHOULD

    <EdC> To be practical: what must the CT-proxies support?

    edC: if there are two header fields, then app servers must support
    both. What will the CT proxies have to do? MUST they support the
    registered header field once the registration passes? Can they just
    continue with the older experimental header fields?

    jo: we'll have a problem if there's a MUST surrounding a future
    event, this is probably a W3C conformance question

    edC: there is a question of the migration path. Also, can it be that
    a proxy supports both at the same time?
    ... Should it put the header into both? There's nothing to prevent
    it, but this is linked to the previous question.

    jo: it'd be good if we just had one. How long will it take to
    register these headers?

    francois: it's easily done, we need to define the headers in the
    guidelines (which we're doing anyway) then send an email to the
    IETF.

    jo: so there'll be no dependency from the IETF delaying us?

    francois: there's a small risk of their not liking the name (but I
    don't think we need to worry about that). The registration doesn't
    take long and isn't hard to do.

    edC: There was a question that it'd be good if we just had 1 field.
    On the migration path: if after some time the TBD header fields come
    into force, CT proxies will need to send both to keep app servers
    working with old and new headers working... and you don't want to
    exclude one or the other.

    <jo> PROPOSED RESOLUTION: We will go ahead and register the DEVICE-*
    headers and review progress. We will document that Proxies MUST use
    these headers and note taht they SHOULD use the X-Device headers at
    least initially for backwards compatibility reasons

    tomhume: will this mean that on publication of the CTG, every proxy
    is in conflict with them?

    jo: possibly true

    rob: I can't comment, I'm not sure how our proxy works.

    <EdC> Record the resolution proposal and postpone it to when all
    other CT-proxy-representatives are present to comment?

    rob: being able to duplicate the header and having 2 is harder than
    just changing the header

    jo: This problem is partly introduced by the convention of X-

    rob: our preference is to change the header... but some applications
    may be looking for one value, others for another.
    ... Eduardo's problem still exists.

    jo: we can't standardise on current practices; we will face this
    problem.

    <jo> PROPOSED RESOLUTION: We will go ahead and register the DEVICE-*
    headers and review progress. We will document that Proxies MUST use
    these headers and note that they SHOULD use the X-Device headers at
    least initially for backwards compatibility reasons

    <francois> +1

    <rob> +1

    +1

    <jo> straw poll, -1 if you think we do not have enough info to
    proceed +1 to take the resolution

    <jo> +1

    +1 straw poll

    <brucel> abstention

    rob: resolution avoids issue of using both

    <brucel> abstention from resolution

    jo: effectively it says they SHOULD use both

    rob: this may last for years.

    jo: it will. I see no objections, are there any?

    <jo> PROPOSED RESOLUTION: We will go ahead and register the DEVICE-*
    headers and review progress. We will document that Proxies MUST use
    these headers and note that they SHOULD use the X-Device headers at
    least initially for backwards compatibility reasons

    <jo> objections?

    <EdC> -0.5

    jo: that counts. How would you like to fix this up?

    <EdC> Is there a criterion to phase out the X-device fields?

    <EdC> Are there W3C deprecation criteria or rules?

    jo: not that I know of. Anyone know enough about the use of X-
    convention, to determine what IETF think about this?
    ... Eduardo, can you take an action to research what ??? X- ????

    <jo> ACTION: EdC to establish what best current practice is with
    regard the withrawal of use of X- once the non X- form is agreed
    [recorded in
    [17]http://www.w3.org/2009/01/13-bpwg-minutes.html#action02]

    <trackbot> Sorry, couldn't find user - EdC

    <EdC> ok.

    <jo> ACTION: casais to establish what best current practice is with
    regard the withrawal of use of X- once the non X- form is agreed
    [recorded in
    [18]http://www.w3.org/2009/01/13-bpwg-minutes.html#action03]

    <trackbot> Created ACTION-897 - Establish what best current practice
    is with regard the withrawal of use of X- once the non X- form is
    agreed [on Eduardo Casais - due 2009-01-20].

    jo: we'll come back to this later.

re-consider our position regarding the use of Cache-Control extension
mechanisms

    jo: we did look at this, there were some suggestions wrt extending
    Cache-control in the first drafts of the document. We decided
    unequivocally that any such changes would be a substantial change to
    HTTP, so these were dropped and moved to a discussion at the end of
    the document as "an area for further work". I feel relatively
    strongly that we should not reopen this point.

    tomhume: this was an area of HTTP specifically written with future
    extensibility in mind, as opposed to a new header. I wasn't privy to
    original discussions and not sure what HTTP profiling is.

    jo: we have had pushback from IETF... and we're not chartered to do
    this. Whilst we do skirt narrowly around the border of "new
    technology", though this feels firmly in that area.

    Francois: I remember having done some research on that and we had
    extensive discussions in the past. The extensions don't solve the
    entire problem, so aren't a satisfactory enough solution and doesn't
    add much to the no-transform directive (it does fix cases where it
    can't be used safely, but doesn't do much more). For this reason on
    top of the ones Jo mentioned, I don't think it's a good idea to go
    down this path.

    <jo> PROPOSED RESOLUTION:We will not reconsider the question of
    extending the cache-control directive for CT usage

    <jo> +1

    <francois> +1

    <rob> +1

    <EdC> It is more: we have reconsidered and decided against it?

    <EdC> +1

    +1

    <jo> [yes, EdC we will not reconsider the previous negative on this,
    it remains negative]

    RESOLUTION: We will not reconsider the question of extending the
    cache-control directive for CT usage

Included resources of a non transformed resource should not be
transformed.

    jo: there's no practical mechanism to put no-transform onto included
    resources, and it may be difficult to put this onto resources
    referenced from html

    edC: does everyone understand the proposal?
    ... this applies to stylesheets, images
    ... the first one is a subtle point: cache-control isn't attached to
    a document, but to an HTTP request or response, so we're subtly
    tweaking a part of the HTTP stack. In essence the sub-parts of the
    document will provoke further HTTP requests and responses. But here
    we're making an aggregation and shifting the association of the
    cache-control directive to a set of documents. It's a subtle thing
    but if people are complaining about profiling HTTP they might compla

    jo: I (regretfully) agree

    <francois> [I agree too]

    jo: we may be extending the meaning of http in a way they don't like

    edC: we're effectively closing the door to an (unimportant?) use
    case. You might have a document you want left alone, with images
    converted. If you extend no-transform to apply to everything below
    you close the door to this.
    ... I'm also afraid this kind of functionality will impose a very
    specific architecture for CT proxies. You have 2 choices: a proxy
    grabs the first HTTP request from the terminal, collects document,
    collects sub-parts, then decides to transform or not.
    ... or you just get the first HTTP request for markup, send it back
    (untransformed in this case) then the terminal sends another HTTP
    request at which point you have to be able to associate this with
    the earlier request. This means you have to implement sessioning, or
    change the way the proxy works and fall back on the first mechanism.

    <Zakim> tomhume, you wanted to wonder about resources not referenced
    from markup

    tomhume: images may not be referred from a page (e.g. wallpapers,
    screensavers); also requests might include sub-requests (HTML
    references SVG document references sub-document etc etc.)

    rob: a CT does have to have some concept of browsing sessions to
    work in the way they do. There may be simpler transformations which
    don't need sessions, but if you're going to adapt HTML (partic. with
    scripts) you do need a session concept.

    <jo> PROPOSED RESOLUTION: We will not say anything about
    transforming included resources [that was not your best ever idea
    Jo]

    francois; in the case of cache-control: no-transform, I agree with
    edC. In the case of explicit heuristics, here we have some semantics
    saying the main document is for mobile, therefore sub-documents can
    be assumed to be mobile too.

    scribe: if we mandate some heuristics we should caveat that it's not
    easy to link a request for an embedded resource to the request for
    the main document.

    jo: aren't we saying that for all the reasons listed here, it's not
    workable. To link it back in as a mandatory heuristic... would not
    be wise, surely

    francois: I think it can be worked out in some cases. We can't say
    you must not transform in ?????

    <jo> PROPOSED RESOLUTION: We will not say anything about
    transforming included resources [that was not your best ever idea
    Jo]

    jo: we're in danger of having heuristics upon heuristics. I'd prefer
    we not mention this. Any strong objection to moving ahead
    w/resolution?

    <francois> +1

    <EdC> +1

    <jo> +1

    <rob> +1

    +1

    RESOLUTION: We will not say anything about transforming included
    resources [that was not your best ever idea Jo]

Request for last call comments [$1\47], from WebApps WG on Widgets 1.0:
Packaging and Configuration

    jo: We've already sent them some comments

    francois: yep

    <jo> [19]Call for LC Comments from WebApps

      [19] http://lists.w3.org/Archives/Public/public-bpwg/2009Jan/0002.html

    jo: anyone else moved to take on preparing this response, or shall
    we note this and note folks should respond individually?

    francois: we haven't reviewed (???)

    bruce: this was written by friends so I might not be impartial

    jo: the BPWG should we aware this is related to what we do. If
    anyone has a view they should raise it with the WG

    bruce: I could contact some people I think have been involved and
    ask them for a heads up of where there might be items of contention
    or interest?

    jo: there could be things in here that don't work well from a mobile
    perspective, we should point this out.

    bruce: I imagine it's based on the opera widget spec which we put
    fwd a while back... so should be mobile-friendly

    jo: notes Nokia involvement

    <jo> ACTION: Bruce to take lead on pointing out anything in the
    WebApps doc that we should be aware of and/or comment on [recorded
    in [20]http://www.w3.org/2009/01/13-bpwg-minutes.html#action04]

    <trackbot> Created ACTION-898 - Take lead on pointing out anything
    in the WebApps doc that we should be aware of and/or comment on [on
    Bruce Lawson - due 2009-01-20].

    jo: AOB?

    <jsmanrique> bye

Summary of Action Items

    [NEW] ACTION: Bruce to take lead on pointing out anything in the
    WebApps doc that we should be aware of and/or comment on [recorded
    in [21]http://www.w3.org/2009/01/13-bpwg-minutes.html#action04]
    [NEW] ACTION: casais to establish what best current practice is with
    regard the withrawal of use of X- once the non X- form is agreed
    [recorded in
    [22]http://www.w3.org/2009/01/13-bpwg-minutes.html#action03]
    [NEW] ACTION: EdC to establish what best current practice is with
    regard the withrawal of use of X- once the non X- form is agreed
    [recorded in
    [23]http://www.w3.org/2009/01/13-bpwg-minutes.html#action02]
    [NEW] ACTION: Francois to stimulate discussion on the SHOULD NOT
    question ref mobile heuristics [recorded in
    [24]http://www.w3.org/2009/01/13-bpwg-minutes.html#action01]

    [End of minutes]

Received on Tuesday, 13 January 2009 16:13:44 UTC