- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Thu, 28 May 2009 11:59:46 -0400
- To: public-webapps <public-webapps@w3.org>
The draft minutes from the May 28 Widgets voice conference are
available at the following and copied below:
<http://www.w3.org/2009/05/28-wam-minutes.html>
WG Members - if you have any comments, corrections, etc., please send
them to the public-webapps mail list before 4 June 2009 (the next
Widgets voice conference); otherwise these minutes will be considered
Approved.
-Regards, Art Barstow
[1]W3C
[1] http://www.w3.org/
- DRAFT -
Widgets Voice Conference
28 May 2009
[2]Agenda
[2] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0622.html
See also: [3]IRC log
[3] http://www.w3.org/2009/05/28-wam-irc
Attendees
Present
Benoit, Thomas, Marcos, Arve, Robin, David, Art, Mike,
Marcin, Bryan
Regrets
Josh, Frederick, AndyS
Chair
Art
Scribe
Art
Contents
* [4]Topics
1. [5]Review and tweak agenda
2. [6]Announcements
3. [7]Access Requests (WAR) spec: Call for Use Cases and
Requirements
4. [8]WAR spec: Security Model
5. [9]A&E spec: Status of Red Block Issues
6. [10]Window Modes spec
7. [11]Widget URIs spec
8. [12]AOB
* [13]Summary of Action Items
_________________________________________________________
<scribe> ScribeNick: ArtB
<scribe> Scribe: Art
Date: 28 May 2009
Review and tweak agenda
AB: draft agenda posted May 27
([14]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0
622.html). Any change requests?
[14] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0622.html).
[ None ]
Announcements
AB: I have two short announcements: 1) f2f agenda has been updated
([15]http://www.w3.org/2008/webapps/wiki/WidgetsLondonJune2009#Agend
a_Items); 2) P&C LCWD#2 published today
([16]http://www.w3.org/TR/2009/WD-widgets-20090528/). Comment period
ends June 19. The comment period will not be extended. Comments will
be accepted after June 19 but will not be included in the LC's
Disposition of Comments document.
[15] http://www.w3.org/2008/webapps/wiki/
WidgetsLondonJune2009#Agenda_Items);
[16] http://www.w3.org/TR/2009/WD-widgets-20090528/).
<scribe> ACTION: barstow discuss London f2f meeting time for Widgets
DigSig [recorded in
[17]http://www.w3.org/2009/05/28-wam-minutes.html#action01]
<trackbot> Created ACTION-346 - Discuss London f2f meeting time for
Widgets DigSig [on Arthur Barstow - due 2009-06-04].
AB: any other annoucements?
DR: today OMTP will release Approve v1.0 BONDI
Access Requests (WAR) spec: Call for Use Cases and Requirements
AB: on May 21 I issued a Call for Inputs
([18]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0
571.html) regarding UCs and Reqs for the WAR spec
([19]http://dev.w3.org/2006/waf/widgets-access/). So far the only
response was from Scott Wilson
([20]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0
581.html).
... I think it is important to clearly articulate the primary Use
Case (or Use Cases) and the main requirements. Without such
information we subject ourselves to lots of questions about what
motivates the prescribed model. The WAR spec explicitly identifies
two relevant requirements in the Reqs Doc
([21]http://www.w3.org/TR/widgets-reqs/#default-security-policy).
... let's start with Scott's input
([22]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0
581.html). Comments?
[18] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0571.html)
[19] http://dev.w3.org/2006/waf/widgets-access/).
[20] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0581.html).
[21] http://www.w3.org/TR/widgets-reqs/#default-security-policy).
[22] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0581.html).
<drogersuk> @tlr - oh dear ;-)
AB: Marcos, have you looked at Scott's comments?
MC: no, not yet
Arve: I think Scott's input is in line with what we have in mind
... so I'm OK with what he wrote but some may not be directly in
scope for the WAR spec
... e.g. some may be addressed by the Widget UA itself
... but the requiement itself is OK
RB: yes, agree it is a good req
... but may need some work
TR: the rationale has a lot of solutions so may want to remove some
of the mechanism
... think Adam asked some good questions
... we need to address those issues
... by having some reqs
... don't want reqs to have detailed mechanisms
... need to articulate widgets versus the broader web model
AB: sounds like we don't have all of the requirements defined
BS: I can submit some requirements before the f2f meeting
TR: my suggestion is that Robin begin a draft of reqs and send it to
me and Arve
... and then once we have agreement we can send to the list
BS: is the call for UCs complete?
Arve: no, I think we've just started
BS: I can provide some UCs if people want them
<scribe> ACTION: berjon submit requirements for WAR spec to
public-webapps [recorded in
[23]http://www.w3.org/2009/05/28-wam-minutes.html#action02]
<trackbot> Created ACTION-347 - Submit requirements for WAR spec to
public-webapps [on Robin Berjon - due 2009-06-04].
AB: are you saying you already submitted some UC info to
public-webapps?
BS: I did send some feedback re the access element and proposed some
attributes
<scribe> ACTION: sullivan submit Use Case input before the London
f2f meeting [recorded in
[24]http://www.w3.org/2009/05/28-wam-minutes.html#action03]
<trackbot> Created ACTION-348 - Submit Use Case input before the
London f2f meeting [on Bryan Sullivan - due 2009-06-04].
TR: need UC for net access from widget
... need to differentiate widget versus web page
BS: I think both have issues with unrestricted access to the web
... can describe the diff between the two via use cases
Arve: widgets are applications that simply use web technologies
... but they are no different than desktop apps
... at least that is how I think about it
AB: Arve, Marcos - are there some explicit or implicit requirements
from Opera's Widgets Security Model document
([25]http://lists.w3.org/Archives/Public/public-appformats/2008Apr/a
tt-0096/w3c-security.html) we should use?
[25] http://lists.w3.org/Archives/Public/public-appformats/
2008Apr/att-0096/w3c-security.html)
WAR spec: Security Model
AB: the WAR spec's Security Model is a bit thin and includes a
Warning about their not being consensus on the model. There was also
a renewal of an older thread by Josh
([26]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0
600.html) that lead to a discussion about origin
([27]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0
608.html) and other things e.g. unique identifiers.
... not sure if we should dig into the threads or talk more about
how to make progress.
... what do the Editors need from the rest of us?
[26] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0600.html)
[27] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0608.html)
Arve: don't think we can make progress until we have an agreed
definition of "ORIGIN"
AB: agree with that
RB: yes; plus we need to get agreed reqs
AB: agree with that too
RB: I think we need to nail dow the reqs first
AB: OK, then let's stop the discussion on WAR today until the
actions are completed
... any last comments about the WAR spec?
TR: can we change the name to PEACE?
A&E spec: Status of Red Block Issues
AB: the A&E spec still has some Red Block issues
([28]http://dev.w3.org/2006/waf/widgets-api/). During the 14 May
call we briefly discussed these issues
([29]http://www.w3.org/2009/05/14-wam-minutes.html#item07). What is
the status of this spec?
[28] http://dev.w3.org/2006/waf/widgets-api/).
[29] http://www.w3.org/2009/05/14-wam-minutes.html#item07).
<tlr> only if we get Tolstoy to edit it
MC: I started editing this today; not much new to report
... hope to spend more time on it soon
... can't give a specific date when LC will be ready
... Storage needs some work
Arve: yes, Storage needs some thought
... Adam Barth mentioned that yesterday
... need to get Storage and origin sorted out
AB: you two are on it?
MC: yes
Arve: we must first get an agreed defintion of Origin
<tlr> I wonder what happened to this thread:
[30]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/03
01.html
[30] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0301.html
Arve: if we don't use HTML5 Origin, what do we do?
... don't think we want to write our own
RB: writing our own doesn't sound good
Arve: Thomas was suggesting HTML5's definition of Origin may not be
good enough
... via a discussion with Anne in IRC
<tlr> tr: discussion yesterday was about an issue with postMessage
<tlr>
[31]http://lists.w3.org/Archives/Public/public-html/2009May/0478.htm
l
[31] http://lists.w3.org/Archives/Public/public-html/2009May/
0478.html
<tlr> tr: solutions: (A) fix postMessage (B) don't use synthetic
origins in widget (C) both
AB: not sure how we can move the origin discussion toward closure
<tlr> tr: what's the new piece vs the thread in April?
<tlr> ab: want to understand what Adam's concern is
Window Modes spec
<tlr> tr: ah, ok. I think it's the same as in April
AB: we still don't have a ED of the Window Modes spec although we
have an ED of the Media Query Extensions spec
([32]http://dev.w3.org/2006/waf/widgets-wm/Overview.src.html).
What's the priority for the WM spec and the short-term plan?
[32] http://dev.w3.org/2006/waf/widgets-wm/Overview.src.html).
<tlr> ab: want to check
Arve: it has some impact on the A+E spec
... if we can't finish WM spec soon, it will affect A+E spec
... we could remove window mode stuff from the A+E spec
AB: do we have an Editor for the WM spec?
RB: I can take it if no one else will
AB: is anyone willing to step up and help Robin?
MC: yes, I can help Robin
AB: is one task moving stuff from MQE spec to the WM spec?
MC: yes
<arve> specifically: viewMode
<arve> 5.13 The onmodechange Callback
Arve: could remove viewMode from A+E
<arve> 5.10 The width Attribute
<arve> 5.11 The height Attribute
AB: so are the opts: 1) increase prio of WM or 2) remove wm stuff
from A+E?
Arve: well, one question is if the group is willing to ref
incomplete docs
BS: wm-related reqs are very important
... if those parts are moved out of A+E, the target spec must also
move forward
AB: any other discussion points for A+E today?
... one question I have is what is BONDI going to do about A+E?
... given its lack of maturity
DR: we will follow what WebApps does
... we offered help some time ago
... but it was put on the shelf
... understand P+C was the main target of activity
[ can't hear BS ...]
DR: we currently don't ref any version of A+E in BONDI
... but eventually we will align with it as it matures
BS: in the next phase of BONDI, we will work on events
... and window modes is a key part of that
... must get alignment of A+E and WM specs
AB: Bryan, if you can help with WM spec, that would be good
BS: yes, I can create some input
AB: anything else on WM spec?
[ No ]
Widget URIs spec
AB: several weeks ago Robin created an ED for the Widget URIs spec
([33]http://dev.w3.org/cvsweb/2006/waf/widgets-uri/). This week,
Jean-Claude Dufourd raised the frequently asked question "do we
really need this scheme?"
([34]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0
610.html) and that naturally resulted in a lively discussion.
... Additionally, Adam Barth started a new thread
([35]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0
624.html) regarding using a public key rather than UUID as the
authority; that suggestion was "seconded" by Aaron Broodman
...
([36]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0
636.html) of the Chrome team) and it also touched on the "origin"
issue
([37]http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0
629.html).
... Lastly, the latest ED contains a list of Issues.
... are there any specific issues we want to discuss today or should
we continue discussions on the mail list?
[33] http://dev.w3.org/cvsweb/2006/waf/widgets-uri/).
[34] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0610.html)
[35] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0624.html)
[36] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0636.html)
[37] http://lists.w3.org/Archives/Public/public-webapps/
2009AprJun/0629.html).
Arve: not sure what we can achieve
... we just don't have consensus
... we will continue to fight the TAG on this
RB: we need to get consensus first within the group
Arve: perhaps our requirements and UCs are not strong enough
RB: are you agreeing to gather UCs and Reqs?
Arve: want to know if other memebers of the group think our ucs and
reqs are strong enough
RB: perhpas we need to simplify things for v1 and then defer some
things for v2
Arve: if have an origin it will be exposed outside of widget
somewhere
TR: need two strong reqs
... 1. do as little as possible and KISS
... 2. absolutize rel uris
... 3. need something on the RHS
... need to also think about adding authority section that
identifies signer
... as suggested by Adam
... Not sure if that needs to be done for v1 vs. making sure that
can be done for v2
... no relation for origin; solved by DAP WG
... Think we can define a simple model now and defer parts for v2
RB: agreed
Arve: if we use a simple model will we create interop problems for
the implementors
... don't want something that is incompatible with the web
TR: the model I proposed is fundamentally a sand-boxed iframe as far
as the DOM is concerned
... behavior is reasonable well-defined in the HTML5 spec
... agree it could have some bugs
... we cannot reuse the web's origin model for remote access
requests
Arve: how do we enable the UC to embedd video within a widget?
TR: use same model as XHR or any inline element
Arve: video and audio will be subject to CORS
... will have required pre-flight requests
TR: preflight not required for a same origin request
... must distinguish between decisions made in the UA and decisions
made on the wire
... the UA will seek authorization via preflight
Arve: we cannot make a decsion on the model until we have researched
the consequences
AB: so where does this leave us TR and Arve?
TR: I hear Arve says there is a prob; not convinced we must solve it
in v1
Arve: if we want to work with the real web we can't defer this to v2
TR: what is your proposal for solving the hard problem?
Arve: I don't have a proposal now
TR: when will you have a proposal?
Arve: I can't commit
RB: the table is open for proposal
Arve: I have worries but no proposal
RB: do you have specific examples of things that can go wrong?
Arve: video with synthetic origin it could be impossible for content
owner is being served to a widget
... also content owners may want to know where the content is used
or embedded
... this discussion slops over with the WAR discussion
TR: there is a set of proposals on the table
... I'm looking for a strawman
... I'm hearing there may be requirements
Arve: I'm saying there may be issues
... and consequences
TR: please put them on the table
AB: Arve, can you take an action to document your concerns?
Arve: I've raised the concerns here
... I don't have the answers
... I think the minutes reflect the concerns I have
TR: given Opera has been working on CORS, perhaps you can
investigate this
Arve: I will ask Anne
AB: I don't want to be in the same place next week
<tlr> +1 to Robin
TR: I think in the absence of any new proposals, we should specify
the simplest proposal possible
<darobin> +1 to TR :)
RB: yes, I agree with TR and can edit the ED that way
AB: any other comments on Widget URIs spec?
[ No ]
AOB
<drogersuk> As mentioned earlier on the call, the Approved Release
of BONDI 1.0 can be downloaded from [38]http://bondi.omtp.org/.
Please let me know if you have any comments or questions.
[38] http://bondi.omtp.org/.
DR: I will post a link to BONDI release in IRC
AB: my recommendation is to send this information to the
public-webapps mail list
DR: yes, I will do that
MC: does this reflect changes from the RC comments?
DR: yes, it does
AB: what level of testing has been done?
DR: it is a spec; what part are you talking about?
AB: e.g. the security policy framework
... is there a test suite for that?
DR: we have compliance matrix and guidelines
... for v1.1 we will have a compliance suite
AB: so this is a set of specifications without a test suite to show
an implementation complies?
DR: there is a compliance document and that may help answer your
question
AB: any other comments for David?
[ No ]
MC: which version of DigSig and P+C is BONDI referencing
DR: for P+C we ref the 28-May-2009 version
... not sure about the DigSig spec
RB: I think it is the LC version
DR: yes, I think that's true
AB: Meeting Adjourned
[39]http://www.w3.org/2008/webapps/wiki/WidgetsLondonJune2009
[39] http://www.w3.org/2008/webapps/wiki/WidgetsLondonJune2009
Summary of Action Items
[NEW] ACTION: barstow discuss London f2f meeting time for Widgets
DigSig [recorded in
[40]http://www.w3.org/2009/05/28-wam-minutes.html#action01]
[NEW] ACTION: berjon submit requirements for WAR spec to
public-webapps [recorded in
[41]http://www.w3.org/2009/05/28-wam-minutes.html#action02]
[NEW] ACTION: sullivan submit Use Case input before the London f2f
meeting [recorded in
[42]http://www.w3.org/2009/05/28-wam-minutes.html#action03]
[End of minutes]
Received on Thursday, 28 May 2009 16:00:47 UTC