W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2010

Notes from WebApps' 1 November 2010 "Gathering"

From: Arthur Barstow <art.barstow@nokia.com>
Date: Wed, 03 Nov 2010 08:49:09 +0100
Message-ID: <4CD113F5.7090003@nokia.com>
To: public-webapps <public-webapps@w3.org>
WebApps had an informal un-conference style gathering in Lyon on 
November 1. The "notes" from that gathering are available at the 
following and copied below:


-Art Barstow


       [1] http://www.w3.org/

                                - DRAFT -

                           WebApps F2F meeting

01 Nov 2010

    See also: [2]IRC log

       [2] http://www.w3.org/2010/11/01-webapps-irc


           Adrian, Sam, Maciej, PLH, Bryan, DaveR, AnnB, AdamB,
           timeless, WonsukLee, Eliot, Bryan_Sullivan, chaals, Rishida,
           Aron, DanA, LarryM, Ashok, Aharon, Art_Barstow, Mike_Smith,
           Wonsuk_Lee, zhang_chengyan, wujing, junliao, Johnson_Wang,
           Adam_Boyet, Bo_Chen, Hiro_I, Yung_Yu_Chan, Doug_Schepers,
           Josh_Soref, Eric_Uhrane, Laszlo_Gombos, Yael_Aharon


           dsr, timeless_mbp, chaals


      * [3]Topics
          1. [4]WebIDL and TC39
          2. [5]Web Sockets
          3. [6]Introductions
          4. [7]Web Workers
          5. [8]Programmable Cache
          6. [9]Selectors API
          7. [10]XBL2
          8. [11]Clipboard
          9. [12]WebSQL
         10. [13]XHR + Widgets
         11. [14]Web Events
         12. [15]CORS and UMP
         13. [16]i18n
         14. [17]DOM 3 Events Input Locale
      * [18]Summary of Action Items

    <ArtB>  ScribeNick: ArtB

    Date: 1 November 2010

WebIDL and TC39

    Adrian: part of the next TC39 meeting (in ~2week) will include
    discussions with some people in WebApps
    ... there is a perception that the other group is not interested in
    working together
    ... for example TC39 people seem to think W3C people is not
    interested in working with them
    ... and within WebApps, there seems to some disinterest in working
    with TC39
    ... there are some tactical issues in the WebIDL spec that need to
    be resolved
    ... see f.ex. public-script-coord
    ... Need to talk about how to work together at a Strategic level
    ... We need to prioritize the work in both groups
    ... so there is better coordination
    ... For instance adding features need to be discussed
    ... The 2 groups have different timelines and there is a gap there
    that needs to be filled
    ... WebIDL is the key spec that has interest from both sides
    ... Microsoft people in TC39 have some issues with the structure of
    WebIDL spec
    ... Some parts of WebIDL may want to be deprecated
    ... f.ex. we don't want some old patterns continued
    ... Think we are talking passed each other a bit
    ... PLH has been involved in conversations with TC39 Chair

    PLH: when I asked 6 mos ago if any WG wants to meet with TC39, no
    one responded
    ... Cam will be at TC39 meeting in two weeks
    ... Are there any other specs TC39 cares about?

    Adrian: WebIDl is certainly the key spec
    ... but there are some other specs

    <anne>  wait what, there's a WebApps WG meeting after all?

    Adrian: The TC heard there were no other specs
    ... I don't think there is fault or blame here
    ... I just think there is a need for closer collaboration

    <anne>  mjs, k thanks

    Adrian: Think there should be a more formal relationship
    ... We all have the responsibility to raise the issues
    ... As ES5 progresses, and more and more APIs @ W3C are written, I
    think there will be more collaboration that will be needed
    ... We must make sure ES and W3C APIs work well together
    ... Don't want a bunch of ad hoc APIS
    ... as that may create some interop probs
    ... Not sure how we fix the perception that neither group is
    interested in working with the other

    Maciej: one thing we can do is to have some coord calls
    ... can also have someone participate in both groups
    ... and make sure they are talking to both groups
    ... There can be issues where two people from the same company may

    PLH: so far, WebIDL is the key spec
    ... Good news there is that Cam is back and he will be attending
    TC39 meeting at Apple in 2 weeks
    ... We do meet every couple of months with IETF with a specific
    ... But if there is a need to talk about a specific issue, then
    that's different

    Adrian: the joint meeting is in a couple of weeks

    PLH: do we need to send a W3C staff member to the TC39 meeting?

    Adrian: no, I don't think that is necessary
    ... but I think the meeting should include a discussion about
    liaisions and next steps

    PLH: I can attend remotely
    ... will their be a phone?

    Maciej: yes, I think that can be arranged

    AB: that sounds like a good first step
    ... Is Chaals attending
    ... has WebApps been invited to the meeting?

    Adrian: yes, I think WebApps was invited to the coordination part of
    the meeting

    PLH: I will send e-mail John re the Nov meeting

    Adrian: Maciej forwarded a related email to the list on Oct 11


      [19] http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/0073.html

    <dsr>  scribe: dsr

    Art leaves for meeting with Protocols and Formats WG

    We review the list of specs to see which ones people are interested
    in discussing.

    The topics with the most interest are: CORS (1), Programmable Cache
    (2), Selectors API (2), We Sockets (4), Web Storage (1), Web
    Workers(3), XBL (2).

Web Sockets

    Main question is to update the API spec in line with the progress of
    work on the protocol spec.

    [ we plan to discuss web sockets until the morning coffee break]

    There is now a method to support a clean shutdown of the connection
    and we could consider a way to indicate at the API level whether the
    connection closed cleanly or not.

    Another question is whether to support different data types other
    than UTF-8 strings

    The emerging standard for small amounts of data is array buffer.

    Hixie has added something related to connection shutdown.

    The protocol is being developed in the IETF. If you are interested
    in implementing web sockets, recommend that you get involved with
    the IETF group.

    Protocol issues fall into 2 categories: handshake and message

    Framing - support for fragmentation and different kinds of

    Handshake - key design issue is to ensure for security purposes that
    you can't attack/exploit HTTP servers.

    Lots of email traffic, but plenty still to be resolved.


    Microsoft demoed an implementation at last IETF meeting

    Hoping big protocol questions will be resolved in next few months.

     IETF HyBi WG: [20]http://trac.tools.ietf.org/bof/trac/wiki/HyBi ]

      [20] http://trac.tools.ietf.org/bof/trac/wiki/HyBi

    PLH asks about status of Selectors API

    Some questions relating to test suite

    <plh>  Anne: pb is with default for stringified for undefined and

    Question on support for binary data for web sockets.

    This is under consideration, possibly as array buffer or blob format

    Anne: there may be support for specific streaming formats.

    Any reason why people don't want to use RTSP?

    Certainly, RTSP is a reasonable option. Streaming over HTTP is also
    quite active.

    Firewalls can tilt the balance in favor of HTTP.

    What about SIP?

    No one has hooked SIP to the browser as yet. But one issue is the
    size of the specs for SIP.

    <timeless_mbp>  [STUN:

      [21] http://en.wikipedia.org/wiki/Session_Traversal_Utilities_for_NAT

    Any interest in using web sockets peer to peer? This would involve
    some API/protocol support for setting up the connection.

    Yes, hixie has specified some steps, but Anne notes that the
    protocol part is left blank.

    This could involve IETF standards e.g. STUN and TURN.

    The discovery process could involve a web server where users
    register for a session.

    <timeless_mbp>  [ WebSockets over UDP
    l ]

      [22] http://www.mail-archive.com/whatwg@lists.whatwg.org/msg21749.html

    UDP is of interest for gaming

    <timeless_mbp>  [ SCTP:
    l ]

      [23] http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol

    SCTP might be worth looking at.

    But runs into problems with firewalling

    <shepazu>  there is no WebApps WG meeting today, right?

    WonSuk: what is the relationship between websockets and CORS?

    Anne: they are unrelated, but you could say they are connected via
    the same origin check

    Any open source web sockets implementations as yet?

    Python, Java and a few others.

    <timeless_mbp>   some impls: [24]http://websox.org/ ]

      [24] http://websox.org/

    DSR thinking about live editing via websockets.

    Anne: definite advantage for anything realtime.

    <adam>  java impl - [25]http://www.eclipse.org/jetty/ Jetty provides
    an Web server and
    ary.html container, plus support for Web Sockets,

      [25] http://www.eclipse.org/jetty/
      [26] http://java.sun.com/javaee/5/docs/api/javax/servlet/package-summary.html

    Doug wanders in ...

    Doug: any interest in talking about touch and table related APIs?

    Yes, but let's wait for Art to come back after coffee

    we break for coffee

    <timeless_mbp>  Break For Coffee

    <ArtB>  ACTION: barstow P&C spec: make it clear in the Abtract or
    Intro that P&C widgets != UI controls [recorded in

    <trackbot>  Created ACTION-593 - P&C spec: make it clear in the
    Abtract or Intro that P&C widgets != UI controls [on Arthur Barstow
    - due 2010-11-08].

    <ArtB>  ACTION: caceres notify P&F WG when the P&C Conformance
    Checker is published [recorded in

    <trackbot>  Created ACTION-594 - Notify P&F WG when the P&C
    Conformance Checker is published [on Marcos Caceres - due


      [29] http://yz.mit.edu/wp/web-sockets-tutorial-with-simple-python-server/

    we resume after the coffee break

    <timeless_mbp>  Scribe: timeless_mbp


    Laslo G - Nokia

    Yael A - Nokia

    Olli P - Mozilla

    Ta - Sony

    Henri Sivonen - Mozilla

    Bryan Sullivan, AT&T

    Zhang Chengyan - China Unicom

    <zhang-chinaunicom>  zhang chengyan from chinaunicom

    <wuj>  wujing from chinaunicom

    <junliao>  I am here

    Jun Liao - China Unicom

    <Johnson>  johnson from Nokia

    Elena R - Institute Telecom Paris

    WonSuk Lee - ETRI Korea

    <adrianba>  Adrian Bateman from Microsoft

    <eliot>  Eliot Graff from Microsoft

    Josh Soref - Nokia

    <wonsuk>  s/Ronsong Lee/Wonsuk Lee/

    <anne>  Anne van Kesteren - Opera

    Mike Smith - W3C

    <adam>  Adam Boyet from Boeing

    <weinig>  Sam Weinig - Apple

    Doug S - W3C

    <dsr>  Dave Raggett, W3C

    <mjs>  Maciej Stachowiak - Apple

    <BoChen>  Bo Chen for ChinaUnicom

    SJ Lee - LG Electronics

    <anne>  (who is the third from Apple who just got in?)

    <weinig>  anne: Geoffrey Garen

    <anne>  aaah

    Han Chu Li - LG Electronics

    <anne>  never met

    Yung Yu Chan - LG Electronics (observer)

    Hiro I - Toshiba

    Tai S - Jig.jp

    <scribe>  Scribe: dsr

    <scribe>  ScribeNick: dsr

    <timeless_mbp>  Geoffrey Garen - Apple

Web Workers

    Art: Hixie's HTML5 workload is slowing down progress on the web
    workers spec

    Ian want's to move the spec to last call status

    Art: we need to process all the last call comments and if anyone
    wants to volunteer to help with that, feel free to come forward.

    Where can we find the bug list?

    <Barstow>  ACTION: barstow Web Workers: add link to bug database to
    the PubStatus page [recorded in

    <trackbot>  Created ACTION-595 - Web Workers: add link to bug
    database to the PubStatus page [on Arthur Barstow - due 2010-11-08].

    Anne: don't know of any outstanding issues

    if there have been multiple implementations and few comments, that's
    usually a good sign.

    We think Firefox and Opera have implementations.

    Anne: we are working on getting out a test suite

    Do we need an implementation report to get to Last Call.

    No that's needed to exit CR

    Art repeats his request for volunteers.

    Do we have any thoughts on good candidates for the work?

    Doug asks if any of the actual implementors are in the room? [No]

    companies yes

    <Barstow>  ACTION: barstow Web Workers: work with Team to find
    resource(s) to review LC comments and plan for Candidate [recorded
    in [31]http://www.w3.org/2010/11/01-webapps-minutes.html#action04]

    <trackbot>  Created ACTION-596 - Web Workers: work with Team to find
    resource(s) to review LC comments and plan for Candidate [on Arthur
    Barstow - due 2010-11-08].

    We agree on value of shared test suite, but once a spec reaches a
    certain level of stability, energy dries up

    <timeless_mbp>   and resources get reallocated

    Mike: are there any big applications of web workers out there?

    Doug: want to avoid diverging implementations due to lack of shared
    test suite.

    Implementors keen to see feedback from application developers

    <smaug_>  hmm, there is no https for www.w3.org/Bugs :/

    Maciej: I am interested to see progress on web messaging

    <timeless_mbp>  smaug_: file a bug ;-)

    Anne: I will follow up on the test suites work within Opera.


      [32] http://www.w3.org/2008/webapps/wiki/PubStatus

    for list of specs which are pending availability of time from editor

    <Barstow>  ACTION: barstow PubStatus update Plans for
    Workers/Storage/Event-source that HTML5 Editor workload is the block
    and ask for volunteers [recorded in

    <trackbot>  Created ACTION-597 - PubStatus update Plans for
    Workers/Storage/Event-source that HTML5 Editor workload is the block
    and ask for volunteers [on Arthur Barstow - due 2010-11-08].

    Art: do we definitely want web messaging split out of HTML5?

    Maciej: publishing web messaging as a first WD is the next step.

    <Barstow>  ACTION: barstow start a CfC to publish a FPWD of Web
    Messaging [recorded in

    <trackbot>  Created ACTION-598 - Start a CfC to publish a FPWD of Web
    Messaging [on Arthur Barstow - due 2010-11-08].

    Anne: could we make the first WD a Last Call?

    No, but preference is to first do regular WD for 4 weeks before
    moving to Last Call

    Adrian will find someone from Microsoft to help with this, and may
    be even to contribute some tests.

Programmable Cache

    see [35]http://dev.w3.org/2006/webapi/DataCache/

      [35] http://dev.w3.org/2006/webapi/DataCache/

    <timeless_mbp>  [ data cache:
    [36]http://www.w3.org/TR/2009/WD-DataCache-20091029/ ]

      [36] http://www.w3.org/TR/2009/WD-DataCache-20091029/

    <Barstow>  ACTION: barstow ask Nikunj to report the status and plans
    of Programmable Cache to public-webapps [recorded in

    <trackbot>  Created ACTION-599 - Ask Nikunj to report the status and
    plans of Programmable Cache to public-webapps [on Arthur Barstow -
    due 2010-11-08].

    What is the timeline for this work item?

    The current editor has changed companies, so we are looking for a
    new editor.

    <Barstow>  ACTION: barstow ask Oracle about their level of interest
    in Programmable Cache [recorded in

    <trackbot>  Created ACTION-600 - Ask Oracle about their level of
    interest in Programmable Cache [on Arthur Barstow - due 2010-11-08].

    Wonsuk: I am interested in helping with this.

    Adrian: looking for better alignment between the specs for
    programmable cache and html5 application cache.

    <MikeSmith>  thread from July 2009:


      [39] http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/thread.html#msg260

    Anne: spec last updated Jan 2010

    Doug: do we need to do a use case and requirements analysis, and to
    look at extending the application cache, is it sufficiently

    Art: at this point better to work on this in separate spec rather
    than merging them.

    Maciej: app cache comes from work in Google Gears, original use
    cases still exist.

    Adrian: moving this forward depends on people's interest in driving

    Perhaps we need to ask for feedback on limitations of the app cache?

    <MikeSmith>  Mark Nottingham message about problems with the
    programmable cache api -

      [40] http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/0278.html

    Doug: would be useful to have an organizational memory for all this

    Adrian: we would still need to find someone to work on use cases and
    requirements - could be a consumer not a vendor

    <Barstow>  ACTION: barstow ask public-webapps about creating Use
    Cases and requirements of Program App Caches versus HTML5 App Cache
    [recorded in

    <trackbot>  Created ACTION-601 - Ask public-webapps about creating
    Use Cases and requirements of Program App Caches versus HTML5 App
    Cache [on Arthur Barstow - due 2010-11-08].

    Facebook as a candidate?

    <timeless_mbp>  MikeSmith: julian reschke from IETF HTTP.next

    <timeless_mbp>  MikeSmith: Mark Nottingham

    <shepazu>  ACTION: Barstow to contact julian reschke and Mark
    Nottingham about Data Cache [recorded in

    <trackbot>  Created ACTION-602 - Contact julian reschke and Mark
    Nottingham about Data Cache [on Arthur Barstow - due 2010-11-08].

Selectors API

    Discussion on WebIDL default as key to progressing Selectors spec

    Maciej: some implementations may need to change

    Adrian: would that block PR?

    we want to straighten this out in short order.

    Maciej: keen to sort out Level 2 of the Selectors API

    Anne discusses some of the details of what may be dropped

    <mjs>  hi Lachy!

    <Lachy>  hi

    <anne>  Lachy, when are you making the edits you were planning on

    <mjs>  we were just talking about Selectors API a bit

    <mjs>  was wondering when Level 2 will settle down

    <Lachy>  I don't know when I'll be doing it, cause it depends on when
    I get allocated to a relevant task, but at this stage, I think I'm
    going to drop the queryScopedSelector methods, as they're a bit of a

    <Lachy>  the rest of it should be relatively stable.

    <Lachy>  so :scope will stay, matchesSelector will stay.

    Art: let's take the rest of the selector's discussion to the list.
    next topic XBL2


    Some discussion has occurred on possibility of mapping XBL2 from XML
    to JSON.

    Could be some syntactic sugar on top of DOM APIs to make some of the
    use cases simpler, but we are blocked on lack of implementations for

    Anne: manifest attribute in place of processing instructions

    <MikeSmith>  [43]related message from Tab in September

      [43] http://lists.w3.org/Archives/Public/public-webapps/2010JulSep/0912.html

    Lots of experience in using JavaScript for binding, and desire for
    common solution, but there are complications

    XBL2 is awaiting implementation feedback.

    Hixie did provide a revised spec, but there isn't agreement on the

    <inserted>  Aharon: Think it makes sense to have javascript allow us
    to determine natively

    <Barstow>  Olli: I don't agree with the recent changes Hixie made to

    <Barstow>  ... think it limits the scope too much

    We plan to resume at 1:30

    <IceGuest_77>  quit

    we drift back from lunch

    Art restarts the meeting

    <anne>  pointer to agenda for tomorrow?

    Art ran in to the TAG folks in the corridor and some of them are
    able to drop in if we need them.

    <anne>  [44]http://www.w3.org/2008/webapps/wiki/TPAC2010

      [44] http://www.w3.org/2008/webapps/wiki/TPAC2010

    Doug: some I18N people would like to talk to us about a few topics
    tomorrow, and I would like to discuss those topics briefly today.

    Anne: I want to talk about modularization of DOM3 events.

    Art: let's take that tomorrow.

    Use of XHR in widgets and specific meaning of origin.

    Art: we should defer CORS and web storage until the TAG folks are

    <Barstow>  here is DAP's Pub status page:

      [45] http://www.w3.org/2009/dap/


    Chaals worked in Clipboard initially, followed by Hixie.

    Anne: my colleague (Hallvord?) has been studying behavior across

    <anne>  "Hallvord R. M. Steen"<hallvord@opera.com>

    Anne: we can safely say that Chaals has stopped working on the
    Clipboard spec.

    Doug: I was an editor and stopped working on it when I saw Hixie
    picking it up in HTML5.

    Anne: we may have an editor for copy and paste. Hixie has said this
    won't be part of the HTML5 spec,

    <shepazu>  Hallvord Steen

    <Barstow>  AB: "Editor is not working on this spec. We may have an
    Editor for the copy-and-paste part."

    (for the pub status table)

    Doug: I volunteer to update the draft to point to relevant work
    elsewhere (this draft is obsolete, please refer to ...)

    <Barstow>  AB: Doug, et. al

      [46] http://www.w3.org/2008/webapps/wiki/PubStatus#API_Specifications

    Art projects the pub status page

      [47] http://www.w3.org/2008/webapps/wiki/PubStatus

    Art updates the pub status for Clipboard as above,

    <Barstow>  ACTION: Doug update Editor's Draft of Window spec to say
    the spec is no longer active [recorded in

    <trackbot>  Sorry, amibiguous username (more than one match) - Doug

    <trackbot>  Try using a different identifier, such as family name or
    username (eg. dstamper, schepers)

    <Barstow>  ACTION: schepers update Editor's Draft of Window and REX
    specs to say the specs are no longer active [recorded in

    <trackbot>  Created ACTION-603 - Update Editor's Draft of Window and
    REX specs to say the specs are no longer active [on Doug Schepers -
    due 2010-11-08].

    Anne: move element traversal into DOM4 ...

    Art: are there any process issues for that

    Some discussuion whether we will discuss UMP

    Art: if we do discuss UMP, we should ensure the TAG is represented
    ... server-sent events, anyone interested in discussing that?

    Currently blocked on HTML5 workload

    <anne>  [50]http://www.w3.org/2008/webapps/charter/#decisions

      [50] http://www.w3.org/2008/webapps/charter/#decisions

    <Barstow>  ACTION: barstow work with WebApps Team and Anne to find a
    way for W3C to host Opera's event-source tests [recorded in

    <trackbot>  Created ACTION-604 - Work with WebApps Team and Anne to
    find a way for W3C to host Opera's event-source tests [on Arthur
    Barstow - due 2010-11-08].

    Anne: I published a test suite, but to publish it on W3C site we
    need some decision on hosting PHP scripts

    <anne>  [52]http://tc.labs.opera.com/apis/XMLHttpRequest/ and

      [52] http://tc.labs.opera.com/apis/XMLHttpRequest/
      [53] http://tc.labs.opera.com/apis/EventSource/

    Dom: depending on the kind of PHP script there should be a way to
    host it on a W3C server.

    <anne>  [54]http://tc.labs.opera.com/svn

      [54] http://tc.labs.opera.com/svn

    Anne: all the code is available if you have subversion

    <Barstow>  ACTION: barstow add Opera's test suite for EventSource to
    the PubStatus page (see mins from 1-Nov-2010 for the link) [recorded
    in [55]http://www.w3.org/2010/11/01-webapps-minutes.html#action14]

    <trackbot>  Created ACTION-605 - Add Opera's test suite for
    EventSource to the PubStatus page (see mins from 1-Nov-2010 for the
    link) [on Arthur Barstow - due 2010-11-08].

    Chaals walks in and is introduced by Doug :)

    <anne>  dom, one is somewhat evil, writing and reading files

    <dom>  brrr

    <dom>  any chance you could document a bit more what they do and what
    they require?

    <anne>  there's no localStorage in PHP

    The TAG will join us at 4pm.

    <anne>  dom, basically access to everything from the request and
    being able to do pretty much anything in the response

    <anne>  dom, and some kind of state thing on the server


    <dom>  right; I was thinking of actually comments in the PHP code :)

    <anne>  dom, come on, it's only a couple of lines

    Same situation as a year or more,

    two implementations but no will to move it forward

    <dom>  they are, anne, but these things will have to be maintained
    for X years; I'm thinking to the poor soul that will have to port
    these things to PHP 12 (or Scala 5)

    Chaals: we can republish it as a NOTE

    Anne: we still think it's interesting and don't want to remove it.

    Doug: we can change to a Note and when interest renews, we can bring
    it back

    Art displays the current spec which notes in red that we only have
    implementations on top of SQLite and don't have a separate spec for
    the subset of SQL involved.

    DSR: is it a strict subset of SQL standard?

    No, it also includes some extensions

    Dom: the only drawback of switching to Note is that you would have
    to restart the IPR process to bring it back to Rec-track

    We agree to republish as a WG Note

    <Barstow>  ACTION: barstow start a CfC to publish Web SQL Database as
    a Working Group Note (and hence signal the spec is no longer on the
    REC track) [recorded in

    <trackbot>  Created ACTION-606 - Start a CfC to publish Web SQL
    Database as a Working Group Note (and hence signal the spec is no
    longer on the REC track) [on Arthur Barstow - due 2010-11-08].

XHR + Widgets


      [57] http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/0391.html

    Brian posted email on this ...

    Brian explains complications relating to cross domain security

    Brian widgets have no defined origin

    DSR asks why widgets don't have an origin

    Explanations relating to not wanting to leak information,

    installed apps need to satisfy a higher bar for security.

    Signed widgets could imply an origin, but how would this be used in
    a protocol like redirect

    <noah>  NM: As a tracking mechanism, I could typically track two
    actions: one long term for the complete result, linking to the
    detailed goals; the other short term for the next draft

    <noah>  LMM: My focus is more on the quality of the result than on
    the date

    <noah>  LMM: We should have output regularly

    <noah>  AM: Difficulty in getting reviewing

    Brian: if I issue a request vis XHR and it pings around several
    redirects, do I as an app author need to do anything to be involved
    in the redirects
    ... user agent is supposed to retain security token from redirect

    timeless: Similar story applies to plugins with events for each


      [58] https://mail.mozilla.org/pipermail/plugin-futures/2010-October/000168.html


      [59] https://wiki.mozilla.org/NPAPI:HTTPRedirectHandling

    Anne: are you saying redirects don't work with OAUTH today?

    Brian: you lose information and your app would have to be OAUTH


      [60] http://developer.linkedin.com/message/1032;jsessionid=704AF1CC292EA4F8582CB7C91B21F7C7.node0#1032

    Anne: aren't redirects supposed to be transparent

    <timeless_mbp>  1. Oct 26, 2009 12:28 PM in response to: caleb

    <timeless_mbp>  Re: OAuth Redirect not happening?

    <timeless_mbp>  Did you add your oauth_callback parameter to the
    requestToken request or the authorize request?

    <timeless_mbp>  If the latter then we default to an out-of-band

    <timeless_mbp>  You may need to insure that your oauth library is
    using 1.0a.

    Brian: twitter and others are including info in redirect responses.

    <timeless_mbp>  OAuth [61]http://tools.ietf.org/html/rfc5849]

      [61] http://tools.ietf.org/html/rfc5849

    Anne: it is kind of weird that widgets want to follow web model but
    not in full

    We should notn't conflate [i18n api in javascript core - as opposed
    to dom] use of redirects with widgets spec as it applies more

    Right now our security model is origin based.

    origin doesn't have to be an HTTP URI

    Anne: CORS does have a wildcard for URI
    ... widget could send an arbitrary token for origin

    <dom>  (so maybe there needs to be a work item on Widgets Origin?)

    Henri: broken browsers can fake orgin as can broken widgets, the
    attack you are trying to prevent is a rogue widget running on a
    trusted platform accessing private data
    ... user would be recognized by normal login process. The widget
    would be identified by a hash of the widget so that the server has
    reasonable belief that the widget hasn't been tampered with,
    assuming a trusted widget runtime.
    ... the hash is computed in widget package file.

    Server needs to remember the hash for the widgets they issued/trust

    The hash is a proxy for the identify of the widget

    Anne: widgets are siloed from the browser

    Brian: their is no guarantee that the browser couldn't execute the

    Anne: it would still be sandboxed

    Henri summarises the trust model whereby server uses checksum over
    widget's code as a check on its code as its identity.

Web Events

    Art: last week W3C Director approved new WG on events. Doug will
    review its scope to use us now.

    <Barstow>  Web Events home: [62]http://www.w3.org/2010/webevents/

      [62] http://www.w3.org/2010/webevents/

    <Barstow>  Web Events: Charter

    Two main aims: touch interfaces (including pen tablets, white boards
    etc) we call these low level or physical events

    <Barstow>  ... [63]http://www.w3.org/2010/webevents/charter/

      [63] http://www.w3.org/2010/webevents/charter/

    Other events are intentional e.g. "undo" and at a higher level than
    say "click".

    Doug calls these user level events.

    We won't be covering gestures which vary between devices.

    We will provide a non-normative document describing gestures for
    informative purposes.

    Doug invites interested people to join the new WG

    See [64]http://www.w3.org/2010/webevents/

      [64] http://www.w3.org/2010/webevents/

    Art: we want to develop a shared terminology and a set of use cases.

    The subsequent requirements analysis will help us to filter aspects
    that are in scope from those that are out of scope.

    Doug: hopes to come up with something that is universally

    Chaals: we are already signed up to the new WG and believe that
    higher level events are really important

    This will simplify web app development in the long run

    Doug: also good for implentors

    Sam: can't talk about touch, but there has been some work on higher
    level events (e.g. relating to ARIA)

    There are challenges to do with privacy, e.g. disclosing that you
    are using a screen reader.

    Doug: we are open to suggestions

    Olka: there is some commonality in higher level events across
    platforms (conceptually)

    Doug: if we can find a sweet spot for a useful set of gestures that
    are universal and vendors are agreeable we can move forward.
    ... we are not going to specify the specific user actions involved
    in gestures e.g. pinch.

    Brian: if there is a common set of events regardless of how they are
    triggered, then that is still in scope, right?

    Chaals summarises...

    cites "back" action as example

    <Barstow>  s/Olka:/Ilkka:/

    Allowing app developers to bind their code to these higher level UI
    events makes their code easier to develop and more robust.

    Soref: other examples include pan and zoom.

    Chaals: this topic has been around for a decade e.g. hover, click
    and activate

    we should leave this to the new Web Events WG!


    Is anyone going to implement UMP? Answer no.

    Art: who is going to push CORS into Last Call?

    Any major issues to resolve for that to happen?

    <dom>  [65]http://www.w3.org/2008/webapps/track/products/7 has one
    raised issue about confused deputy

      [65] http://www.w3.org/2008/webapps/track/products/7

    Doug: UMP has been actively edited, but just not implemented.

    Art: easiest way to kill UMP is to move CORS forward,

    Dom: dependencies don't effect moving spec to Last Call.

    Anne: some issues to resolve (e.g. 3 person handshake)

    <Barstow>  ACTION: barstow work with Anne on a plan to move CORS to
    LCWD [recorded in

    <trackbot>  Created ACTION-607 - Work with Anne on a plan to move
    CORS to LCWD [on Arthur Barstow - due 2010-11-08].

    we break for caffeine

    <anne>  s/3 person/3 party/

    we resume after the coffee break

    The data cache spec was defined to address a number of features such
    as providing access to email attachments when you are offline

    <dom>  [67]DataCache API Editors draft

      [67] http://dev.w3.org/2006/webapi/DataCache/

    (says Eric)

    The TAG members introduce themselves.

    The TAG expressed an interest in hearing about Web Storage, a spec
    edited by Hixie, who unfortunately isn't present today.

    <dom>  [68]Architecture of the World Wide Web, Volume One (15 Dec

      [68] http://www.w3.org/TR/webarch/

    Noah explains that TAG members are mainly hear to listen, and
    describes the context.

    Maciej: we do have people hear with some expertise in this topic who
    could offer their comments.

    Local storage mechanisms can boost performance of online web apps,
    and enable them to work when a connection drops out.

    This comes with privacy implications and many of you will have heard
    of evercookie which works very hard to preserve cookies against

    HTTP cookies are just one of many ways for sites to track users, and
    browsers doesn't have full control over all of them.

    Browsers are evolving to support users wishing to clear all
    information relating to a given site.

    This should help with privacy.

    There are certain ways to track users without any local storage,
    e.g. finger prints based upon the browser's configuration (e.g. what
    fonts are locally installed).

    <timeless>   [69]http://www.unc.edu/courses/jomc050/idog.jpg ]

      [69] http://www.unc.edu/courses/jomc050/idog.jpg

    Noah: when you use the web in general, what assurances can we offer?

    <dom>  (to me, this seems to point to the fact that browsers should
    behave separately when you're logged in and when you're not)

    Maciej: using the browser in a safe mode and accessing sites through
    torr (anonymising proxy) is about as good as is possible.

    however, this will provide a reduced user experience ...

    And even then there may be ways to perform linkability analyses.

    <timeless>  [Exploring the Use of Discrete Gestures for
    Authentication [70]http://eprints.comp.lancs.ac.uk/2204/]

      [70] http://eprints.comp.lancs.ac.uk/2204/

    <dom>  ["on the internet, nobody knows you're a dog"  but nowadays,
    on the internet, everybody knows your dog's name]

    Dan: do local URIs offer any help?

    <timeless>  [ And here's a "Reality" Check
    [71]http://www.unc.edu/courses/jomc050/sum97/dog2.gif  from
    [72]http://www.unc.edu/depts/jomc/academics/dri/idog.html ]

      [71] http://www.unc.edu/courses/jomc050/sum97/dog2.gif
      [72] http://www.unc.edu/depts/jomc/academics/dri/idog.html

    [ we agree to discuss storage not privacy to avoid going off into
    the weeds ]

    Maciej: HTML5 has some new APIs e.g. for back function that can be

    <dom>  [73]HTML5 pushState() method to help manage URI-based views

      [73] http://dev.w3.org/html5/spec/history.html#dom-history-pushstate

    Chaals: we may want to ask what's different about URIs in the
    context of web widgets.

    Right now widgets don't have a URI of their own, so that they don't
    have a URI to hang their data off.

    We may want a way to distinguish between a local copy and the
    version on the server, but that is a lesser issue.

    Ashok: widgets don't have URIs, right, so how are they identified?

    Chaals: the current widget spec doesn't provide for exposing a URI.

    Larry: URI is not just a resource identifier, it is also a means for
    communicating, e.g. sharing a bookmark with someone

    You don't want to encapsulate all of the application state in the
    URI, but rather to provide a means for reconstituring the important
    state, e.g. the same route on a map, even in the map is in a
    different language.

    <timeless>  (of note, the sharable bits that Google Maps exposes via
    "share" encode the Language, which generally annoys me)

    Anne: as Maciej mentioned HTML5 introduces a means for an
    application to push the current state and to encapsulate this in a
    URL for sharing with others, e.g. via copy and paste

    This avoids the need for the fragment identifier for the state

    The application may store state locally or in the server.

    Larry: it would be nice if the way you name things is independent of
    whether they are in local storage or on the server

    If apps have too much state then you should try to put it into a

    Chaals and Larry agree on the need for providing advice to
    developers on good practices.

    Doug: we can't know everything that people want to do, and can only
    do our best

    Anne: trying to write guidelines for developers is tough

    Noah: generally agree with what has been said

    I am not ready to say you need a URI for every item in a SQL store,
    but it is worth asking the question to understand the issues.

    The TAG's role is to point out that there is an issue somewhere in
    here when it comes to storage.

    <dom>  (I'm not sure client-side storage is significantly different
    from server-side storage; many server-side applications don't use
    well URIs to expose state either)

    If people end up putting a lot of data in local storage that isn't
    addressable then this is a problem.

    <Kai>  (except availability might be an issue)

    i.e. pulling things out of web space...

    Chaals draws analogy with pulling alligators out of the swap before
    the architects build the city...

    Ashok: why don't you guys let the browser address things in

    We do have SQlite. Ashok responds, I mean a real database@! :)

    Ashok: define a way to provide a SQL interface to requesting data,
    and returning it in whatever format makes sense

    Dan asks about the various forms of local storage under

    Chaals: for various reasons it is unlikely that the SQL interface
    will make it to REC

    All of the major browser vendors have indicated there support for

    <chaals>  a/All of the //

    Sam: file storage API is yet another mechanism under consideration.
    This is sandboxed from the devices full file system.

    <anne>  [74]http://dev.w3.org/2009/dap/file-system/

      [74] http://dev.w3.org/2009/dap/file-system/

    <anne>  [75]http://dev.w3.org/2009/dap/file-system/file-dir-sys.html
    is it specifically

      [75] http://dev.w3.org/2009/dap/file-system/file-dir-sys.html

    <anne>  (for some confusing reason in the DAP directory)

    <anne>  (well, historical)

    <dom>  (because DAP rocks)

    Larry: I have an update of the file: scheme for URIs and would love
    to see that involved.

    This hides OS dependent path syntax issues.

    Art: any more questions on both sides?

    Dan: sounds to me that the TAG could work on some kind of developer
    guidelines document if that is out of scope for Web Apps WG

    Chaals: that is out of scope for us, so yes that would be something
    for you to think about

    Larry: to clarify I am not editing the file: URI scheme spec and
    would appreciate someone else taking it on.

    [ the TAG representatives leave the room ]

    <chaals>  scribe: chaals


    <Barstow>  ScribeNick: ArtB

DOM 3 Events Input Locale

    <chaals>  ScribeNick: chaals

    Aron: (I work for Google.)

    <timeless>  s/Aron/Aharon/

    Aron: when working on online editor we realised it would be good to
    know the keyboard locale being used, in th context of smart quotes
    (langauge specific, and common in word-processors)

    <timeless>  s/th context/the context/

    i/Aharon/Richard: I work for W3C on i18n/

    <timeless>  s/langauge/language/

    <anne>  I think it reads Aharon



      [76] http://lists.w3.org/Archives/Public/www-dom/2010OctDec/0044.html

    scribe: Other usecase is inline directional styling. If you are
    typing RTL you often need to quote an LTR language (usually english)

    <timeless>  s/english/English/

    scribe: Problem is if the insert starts with punctuation or numbers,
    etc., you get problems unless the indicators are explicit.

    s/indicators/directional indicators/

    scribe: Editors provide a user control to indicate paragraph
    direction, but not for indicating a span within a larger paragraph.
    ... Word is clever and detects the keyboard being used. If I am
    typing in hebrew and switch to english keyboard, it switches the

    <timeless>  s/hebrew/Hebrew/

    <timeless>  s/english/English/

    scribe: Generalising this, using an IME, voice recognition, etc, you
    still want to know what language it is set up for.

    <timeless>  s/direction/direction for the block of text entered in
    that language/

    scribe: Many of these devices are langauge specific.

    <timeless>  s/langauge/language/

    scribe: The basic idea is to provide a keyboard-locale property as
    BCP47 language code for key and text events.
    ... Doesn't mean that what was typed is in that locale, but it gives
    a good-enough heuristic to give a significant improvement.
    ... Besides that, having a global object that has an input-locale
    property would be useful.
    ... And an event that would indicate that locale has changed.

    <timeless>  s/locale/the locale/

    scribe: (For other use cases than those identified).
    ... Complication: You could use multiple input devices each
    configured to a different language.
    ... Didn't deal with that, but worth thinking about.

    DougS: We talked about a number of mechanisms in DOM 3. Suggested
    that having it in the event might become heavy.
    ... You can point to a static variable...
    ... Another proposal was having the global property, and we rejected
    it for 2 reasons: Complication identified, and it is yet another way
    to profile/sniff users, and we want to avoid this
    ... I would feel happy typing stuff into a page - I have already
    given that some trust, so I am OK with it doing some more detection.
    ... I don't want a spam popup to get my language information

    ??: What if you synthesise an event through the DOM?

    Josh: Have to be doing input...

    DougS: Keyboard inputs and text

    Sam: Usually you have to fill in the properties yourself, or they
    don't show up.

    <Barstow>  s/??:/Geoffrey/

    Sam: If a popup captures key inputs (clickjacking...) then you still
    have an issue

    Anne: Valid concern. If you modify it you cannot modify init

    Maciej: Init Methods --

    <anne>  nuke it

    Josh: Next events thing could deal with that.

    Geoffrey: If we don't change the init, then you don't have a privacy

    Anne: Sounds complicated - you eed to have a locale dictionary.
    Would it be possible to get the right behaviour in the User Agent

    Aharon: I don't know all the use cases - I've given you the ones
    that came up immediately on a project.

    DougS: We got basically the same feedback from MS Live.

    Aharon: It's not direction specific, it is also relevant switching
    from russian to english keyboard. French speakers would use french
    quotes, but if they type english they want english quotes but they
    are likely to keep using a french keyboard.

    <timeless>  s/russian/Russian/

    <timeless>  s/english/English/

    <timeless>  s/english/English/

    DougS: Would fail there, but it is still sufficiently useful

    Aharon: Yes. Talking about heuristics, yes they are complex. But the
    people who want to support this are willing to deal with the
    complexity, but they don't have the underlying information to
    support doing so.
    ... having the APIs available in javascript would be very useful.
    But I don't think this is the right forum for that (there are
    Javascript APIs being proposed for i18n purposes).
    ... The capability is included in javascript packages out there
    (e.g. in Google closure you can get a good guess about whether a
    language code implies RTL or LTR)

    <timeless>  [ Google Closure
    [77]http://code.google.com/closure/library/ ]

      [77] http://code.google.com/closure/library/

    Anne: This or HTML-WG could be the right forum for talking about

    DougS: But not this spec.

    Aharon: Think there is an effort to include native i18n
    functionality in javascript.

    <timeless>  s/javascript/ecmascript/

    Anne: Don't think it makes sense for that to cover this.

    Olli: I think we agree already.

    Anne: Still have concern about fingerprinting

    Geoffrey: Only works if people are typing

    [Yes, but people type all the time]

    CMN: A highly efficient web timing interface is likely to be more
    useful for improved fingerprinting.

    DS: Think the concerns are valid, but this is useful enough to
    override them. Should be a note in the spec explaining the issue

    Anne: Users are not going to read the spec, and this is relevant to
    users. But I am not opposed.

    MJS: Useful to note so people who want to make anti-fingerprinting
    see it.

    Olli: Web apps still need to handle the case where input-locale is
    not avialable.

    <timeless>  s/avialable/available/

    Aharon: Yes. The spec already notes what to do when this happens.

    DougS: Pasting means there is no input locale.

    Aharon: And think it will stay like that. This is specifically about
    things being input.

    Anne: Why put it on keyboard? Why not just on text - that seems
    sufficient and I don't see the value for keyup/down etc.

    EricU: Having it for keyup/down could be useful to write a really
    powerful editor. E.g. if you want to deal with ctrl-D you have to
    get to the level of key events.

    CMN: Think Anne is right...


      [78] http://lists.w3.org/Archives/Public/www-dom/2010JulSep/0024.html

    CMN: don't need to handle text and key input if you can just handle
    key input.

    s/ if you can just handle key input/, text is enough because command
    keys are not locale-dependent in effect/

    Josh: But if you write a rich editor you just trap key events,
    rather than having to deal with text input at all.

    DougS: The plan is to add the proposal, and do it...

    Doug claims Adrian thought this was great and has been agitating for
    it for ages.

    <timeless>  this was

      [79] http://www.w3.org/2008/webapps/track/issues/119

    [Adjourned for the day]

Summary of Action Items

    [NEW] ACTION: barstow add Opera's test suite for EventSource to the
    PubStatus page (see mins from 1-Nov-2010 for the link) [recorded in
    [NEW] ACTION: barstow ask Nikunj to report the status and plans of
    Programmable Cache to public-webapps [recorded in
    [NEW] ACTION: barstow ask Oracle about their level of interest in
    Programmable Cache [recorded in
    [NEW] ACTION: barstow ask public-webapps about creating Use Cases
    and requirements of Program App Caches versus HTML5 App Cache
    [recorded in
    [NEW] ACTION: barstow P&C spec: make it clear in the Abtract or
    Intro that P&C widgets != UI controls [recorded in
    [NEW] ACTION: barstow PubStatus update Plans for
    Workers/Storage/Event-source that HTML5 Editor workload is the block
    and ask for volunteers [recorded in
    [NEW] ACTION: barstow start a CfC to publish a FPWD of Web Messaging
    [recorded in
    [NEW] ACTION: barstow start a CfC to publish Web SQL Database as a
    Working Group Note (and hence signal the spec is no longer on the
    REC track) [recorded in
    [NEW] ACTION: Barstow to contact julian reschke and Mark Nottingham
    about Data Cache [recorded in
    [NEW] ACTION: barstow Web Workers: add link to bug database to the
    PubStatus page [recorded in
    [NEW] ACTION: barstow Web Workers: work with Team to find
    resource(s) to review LC comments and plan for Candidate [recorded
    in [90]http://www.w3.org/2010/11/01-webapps-minutes.html#action04]
    [NEW] ACTION: barstow work with Anne on a plan to move CORS to LCWD
    [recorded in
    [NEW] ACTION: barstow work with WebApps Team and Anne to find a way
    for W3C to host Opera's event-source tests [recorded in
    [NEW] ACTION: caceres notify P&F WG when the P&C Conformance Checker
    is published [recorded in
    [NEW] ACTION: Doug update Editor's Draft of Window spec to say the
    spec is no longer active [recorded in
    [NEW] ACTION: schepers update Editor's Draft of Window and REX specs
    to say the specs are no longer active [recorded in

    [End of minutes]
Received on Wednesday, 3 November 2010 07:49:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:13 UTC