- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Wed, 03 Nov 2010 08:49:09 +0100
- To: public-webapps <public-webapps@w3.org>
WebApps had an informal un-conference style gathering in Lyon on
November 1. The "notes" from that gathering are available at the
following and copied below:
http://www.w3.org/2010/11/01-webapps-minutes.html
-Art Barstow
[1]W3C
[1] http://www.w3.org/
- DRAFT -
WebApps F2F meeting
01 Nov 2010
See also: [2]IRC log
[2] http://www.w3.org/2010/11/01-webapps-irc
Attendees
Present
Adrian, Sam, Maciej, PLH, Bryan, DaveR, AnnB, AdamB,
timeless, WonsukLee, Eliot, Bryan_Sullivan, chaals, Rishida,
Aron, DanA, LarryM, Ashok, Aharon, Art_Barstow, Mike_Smith,
Wonsuk_Lee, zhang_chengyan, wujing, junliao, Johnson_Wang,
Adam_Boyet, Bo_Chen, Hiro_I, Yung_Yu_Chan, Doug_Schepers,
Josh_Soref, Eric_Uhrane, Laszlo_Gombos, Yael_Aharon
Regrets
Chair
ArtB
Scribe
dsr, timeless_mbp, chaals
Contents
* [3]Topics
1. [4]WebIDL and TC39
2. [5]Web Sockets
3. [6]Introductions
4. [7]Web Workers
5. [8]Programmable Cache
6. [9]Selectors API
7. [10]XBL2
8. [11]Clipboard
9. [12]WebSQL
10. [13]XHR + Widgets
11. [14]Web Events
12. [15]CORS and UMP
13. [16]i18n
14. [17]DOM 3 Events Input Locale
* [18]Summary of Action Items
_________________________________________________________
<ArtB> ScribeNick: ArtB
Date: 1 November 2010
WebIDL and TC39
Adrian: part of the next TC39 meeting (in ~2week) will include
discussions with some people in WebApps
... there is a perception that the other group is not interested in
working together
... for example TC39 people seem to think W3C people is not
interested in working with them
... and within WebApps, there seems to some disinterest in working
with TC39
... there are some tactical issues in the WebIDL spec that need to
be resolved
... see f.ex. public-script-coord
... Need to talk about how to work together at a Strategic level
... We need to prioritize the work in both groups
... so there is better coordination
... For instance adding features need to be discussed
... The 2 groups have different timelines and there is a gap there
that needs to be filled
... WebIDL is the key spec that has interest from both sides
... Microsoft people in TC39 have some issues with the structure of
WebIDL spec
... Some parts of WebIDL may want to be deprecated
... f.ex. we don't want some old patterns continued
... Think we are talking passed each other a bit
... PLH has been involved in conversations with TC39 Chair
PLH: when I asked 6 mos ago if any WG wants to meet with TC39, no
one responded
... Cam will be at TC39 meeting in two weeks
... Are there any other specs TC39 cares about?
Adrian: WebIDl is certainly the key spec
... but there are some other specs
<anne> wait what, there's a WebApps WG meeting after all?
Adrian: The TC heard there were no other specs
... I don't think there is fault or blame here
... I just think there is a need for closer collaboration
<anne> mjs, k thanks
Adrian: Think there should be a more formal relationship
... We all have the responsibility to raise the issues
... As ES5 progresses, and more and more APIs @ W3C are written, I
think there will be more collaboration that will be needed
... We must make sure ES and W3C APIs work well together
... Don't want a bunch of ad hoc APIS
... as that may create some interop probs
... Not sure how we fix the perception that neither group is
interested in working with the other
Maciej: one thing we can do is to have some coord calls
... can also have someone participate in both groups
... and make sure they are talking to both groups
... There can be issues where two people from the same company may
disagree
PLH: so far, WebIDL is the key spec
... Good news there is that Cam is back and he will be attending
TC39 meeting at Apple in 2 weeks
... We do meet every couple of months with IETF with a specific
agenda
... But if there is a need to talk about a specific issue, then
that's different
Adrian: the joint meeting is in a couple of weeks
PLH: do we need to send a W3C staff member to the TC39 meeting?
Adrian: no, I don't think that is necessary
... but I think the meeting should include a discussion about
liaisions and next steps
PLH: I can attend remotely
... will their be a phone?
Maciej: yes, I think that can be arranged
AB: that sounds like a good first step
... Is Chaals attending
... has WebApps been invited to the meeting?
Adrian: yes, I think WebApps was invited to the coordination part of
the meeting
PLH: I will send e-mail John re the Nov meeting
Adrian: Maciej forwarded a related email to the list on Oct 11
<adrianba>
[19]http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/00
73.html
[19] http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/0073.html
<dsr> scribe: dsr
Art leaves for meeting with Protocols and Formats WG
We review the list of specs to see which ones people are interested
in discussing.
The topics with the most interest are: CORS (1), Programmable Cache
(2), Selectors API (2), We Sockets (4), Web Storage (1), Web
Workers(3), XBL (2).
Web Sockets
Main question is to update the API spec in line with the progress of
work on the protocol spec.
[ we plan to discuss web sockets until the morning coffee break]
There is now a method to support a clean shutdown of the connection
and we could consider a way to indicate at the API level whether the
connection closed cleanly or not.
Another question is whether to support different data types other
than UTF-8 strings
The emerging standard for small amounts of data is array buffer.
Hixie has added something related to connection shutdown.
The protocol is being developed in the IETF. If you are interested
in implementing web sockets, recommend that you get involved with
the IETF group.
Protocol issues fall into 2 categories: handshake and message
framing.
Framing - support for fragmentation and different kinds of
encodings.
Handshake - key design issue is to ensure for security purposes that
you can't attack/exploit HTTP servers.
Lots of email traffic, but plenty still to be resolved.
Implementations?
Microsoft demoed an implementation at last IETF meeting
Hoping big protocol questions will be resolved in next few months.
IETF HyBi WG: [20]http://trac.tools.ietf.org/bof/trac/wiki/HyBi ]
[20] http://trac.tools.ietf.org/bof/trac/wiki/HyBi
PLH asks about status of Selectors API
Some questions relating to test suite
<plh> Anne: pb is with default for stringified for undefined and
null
Question on support for binary data for web sockets.
This is under consideration, possibly as array buffer or blob format
Anne: there may be support for specific streaming formats.
Any reason why people don't want to use RTSP?
Certainly, RTSP is a reasonable option. Streaming over HTTP is also
quite active.
Firewalls can tilt the balance in favor of HTTP.
What about SIP?
No one has hooked SIP to the browser as yet. But one issue is the
size of the specs for SIP.
<timeless_mbp> [STUN:
[21]http://en.wikipedia.org/wiki/Session_Traversal_Utilities_for_NAT
]
[21] http://en.wikipedia.org/wiki/Session_Traversal_Utilities_for_NAT
Any interest in using web sockets peer to peer? This would involve
some API/protocol support for setting up the connection.
Yes, hixie has specified some steps, but Anne notes that the
protocol part is left blank.
This could involve IETF standards e.g. STUN and TURN.
The discovery process could involve a web server where users
register for a session.
<timeless_mbp> [ WebSockets over UDP
[22]http://www.mail-archive.com/whatwg@lists.whatwg.org/msg21749.htm
l ]
[22] http://www.mail-archive.com/whatwg@lists.whatwg.org/msg21749.html
UDP is of interest for gaming
<timeless_mbp> [ SCTP:
[23]http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protoco
l ]
[23] http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol
SCTP might be worth looking at.
But runs into problems with firewalling
<shepazu> there is no WebApps WG meeting today, right?
WonSuk: what is the relationship between websockets and CORS?
Anne: they are unrelated, but you could say they are connected via
the same origin check
Any open source web sockets implementations as yet?
Python, Java and a few others.
<timeless_mbp> some impls: [24]http://websox.org/ ]
[24] http://websox.org/
DSR thinking about live editing via websockets.
Anne: definite advantage for anything realtime.
<adam> java impl - [25]http://www.eclipse.org/jetty/ Jetty provides
an Web server and
[26]http://java.sun.com/javaee/5/docs/api/javax/servlet/package-summ
ary.html container, plus support for Web Sockets,
[25] http://www.eclipse.org/jetty/
[26] http://java.sun.com/javaee/5/docs/api/javax/servlet/package-summary.html
Doug wanders in ...
Doug: any interest in talking about touch and table related APIs?
Yes, but let's wait for Art to come back after coffee
we break for coffee
<timeless_mbp> Break For Coffee
<ArtB> ACTION: barstow P&C spec: make it clear in the Abtract or
Intro that P&C widgets != UI controls [recorded in
[27]http://www.w3.org/2010/11/01-webapps-minutes.html#action01]
<trackbot> Created ACTION-593 - P&C spec: make it clear in the
Abtract or Intro that P&C widgets != UI controls [on Arthur Barstow
- due 2010-11-08].
<ArtB> ACTION: caceres notify P&F WG when the P&C Conformance
Checker is published [recorded in
[28]http://www.w3.org/2010/11/01-webapps-minutes.html#action02]
<trackbot> Created ACTION-594 - Notify P&F WG when the P&C
Conformance Checker is published [on Marcos Caceres - due
2010-11-08].
n.b.
[29]http://yz.mit.edu/wp/web-sockets-tutorial-with-simple-python-ser
ver/
[29] http://yz.mit.edu/wp/web-sockets-tutorial-with-simple-python-server/
we resume after the coffee break
<timeless_mbp> Scribe: timeless_mbp
Introductions
Laslo G - Nokia
Yael A - Nokia
Olli P - Mozilla
Ta - Sony
Henri Sivonen - Mozilla
Bryan Sullivan, AT&T
Zhang Chengyan - China Unicom
<zhang-chinaunicom> zhang chengyan from chinaunicom
<wuj> wujing from chinaunicom
<junliao> I am here
Jun Liao - China Unicom
<Johnson> johnson from Nokia
Elena R - Institute Telecom Paris
WonSuk Lee - ETRI Korea
<adrianba> Adrian Bateman from Microsoft
<eliot> Eliot Graff from Microsoft
Josh Soref - Nokia
<wonsuk> s/Ronsong Lee/Wonsuk Lee/
<anne> Anne van Kesteren - Opera
Mike Smith - W3C
<adam> Adam Boyet from Boeing
<weinig> Sam Weinig - Apple
Doug S - W3C
<dsr> Dave Raggett, W3C
<mjs> Maciej Stachowiak - Apple
<BoChen> Bo Chen for ChinaUnicom
SJ Lee - LG Electronics
<anne> (who is the third from Apple who just got in?)
<weinig> anne: Geoffrey Garen
<anne> aaah
Han Chu Li - LG Electronics
<anne> never met
Yung Yu Chan - LG Electronics (observer)
Hiro I - Toshiba
Tai S - Jig.jp
<scribe> Scribe: dsr
<scribe> ScribeNick: dsr
<timeless_mbp> Geoffrey Garen - Apple
Web Workers
Art: Hixie's HTML5 workload is slowing down progress on the web
workers spec
Ian want's to move the spec to last call status
Art: we need to process all the last call comments and if anyone
wants to volunteer to help with that, feel free to come forward.
Where can we find the bug list?
<Barstow> ACTION: barstow Web Workers: add link to bug database to
the PubStatus page [recorded in
[30]http://www.w3.org/2010/11/01-webapps-minutes.html#action03]
<trackbot> Created ACTION-595 - Web Workers: add link to bug
database to the PubStatus page [on Arthur Barstow - due 2010-11-08].
Anne: don't know of any outstanding issues
if there have been multiple implementations and few comments, that's
usually a good sign.
We think Firefox and Opera have implementations.
Anne: we are working on getting out a test suite
Do we need an implementation report to get to Last Call.
No that's needed to exit CR
Art repeats his request for volunteers.
Do we have any thoughts on good candidates for the work?
Doug asks if any of the actual implementors are in the room? [No]
companies yes
<Barstow> ACTION: barstow Web Workers: work with Team to find
resource(s) to review LC comments and plan for Candidate [recorded
in [31]http://www.w3.org/2010/11/01-webapps-minutes.html#action04]
<trackbot> Created ACTION-596 - Web Workers: work with Team to find
resource(s) to review LC comments and plan for Candidate [on Arthur
Barstow - due 2010-11-08].
We agree on value of shared test suite, but once a spec reaches a
certain level of stability, energy dries up
<timeless_mbp> … and resources get reallocated
Mike: are there any big applications of web workers out there?
Doug: want to avoid diverging implementations due to lack of shared
test suite.
Implementors keen to see feedback from application developers
<smaug_> hmm, there is no https for www.w3.org/Bugs :/
Maciej: I am interested to see progress on web messaging
<timeless_mbp> smaug_: file a bug ;-)
Anne: I will follow up on the test suites work within Opera.
[32]http://www.w3.org/2008/webapps/wiki/PubStatus
[32] http://www.w3.org/2008/webapps/wiki/PubStatus
for list of specs which are pending availability of time from editor
<Barstow> ACTION: barstow PubStatus update Plans for
Workers/Storage/Event-source that HTML5 Editor workload is the block
and ask for volunteers [recorded in
[33]http://www.w3.org/2010/11/01-webapps-minutes.html#action05]
<trackbot> Created ACTION-597 - PubStatus update Plans for
Workers/Storage/Event-source that HTML5 Editor workload is the block
and ask for volunteers [on Arthur Barstow - due 2010-11-08].
Art: do we definitely want web messaging split out of HTML5?
Maciej: publishing web messaging as a first WD is the next step.
<Barstow> ACTION: barstow start a CfC to publish a FPWD of Web
Messaging [recorded in
[34]http://www.w3.org/2010/11/01-webapps-minutes.html#action06]
<trackbot> Created ACTION-598 - Start a CfC to publish a FPWD of Web
Messaging [on Arthur Barstow - due 2010-11-08].
Anne: could we make the first WD a Last Call?
No, but preference is to first do regular WD for 4 weeks before
moving to Last Call
Adrian will find someone from Microsoft to help with this, and may
be even to contribute some tests.
Programmable Cache
see [35]http://dev.w3.org/2006/webapi/DataCache/
[35] http://dev.w3.org/2006/webapi/DataCache/
<timeless_mbp> [ data cache:
[36]http://www.w3.org/TR/2009/WD-DataCache-20091029/ ]
[36] http://www.w3.org/TR/2009/WD-DataCache-20091029/
<Barstow> ACTION: barstow ask Nikunj to report the status and plans
of Programmable Cache to public-webapps [recorded in
[37]http://www.w3.org/2010/11/01-webapps-minutes.html#action07]
<trackbot> Created ACTION-599 - Ask Nikunj to report the status and
plans of Programmable Cache to public-webapps [on Arthur Barstow -
due 2010-11-08].
What is the timeline for this work item?
The current editor has changed companies, so we are looking for a
new editor.
<Barstow> ACTION: barstow ask Oracle about their level of interest
in Programmable Cache [recorded in
[38]http://www.w3.org/2010/11/01-webapps-minutes.html#action08]
<trackbot> Created ACTION-600 - Ask Oracle about their level of
interest in Programmable Cache [on Arthur Barstow - due 2010-11-08].
Wonsuk: I am interested in helping with this.
Adrian: looking for better alignment between the specs for
programmable cache and html5 application cache.
<MikeSmith> thread from July 2009:
<MikeSmith>
[39]http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/th
read.html#msg260
[39] http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/thread.html#msg260
Anne: spec last updated Jan 2010
Doug: do we need to do a use case and requirements analysis, and to
look at extending the application cache, is it sufficiently
flexible?
Art: at this point better to work on this in separate spec rather
than merging them.
Maciej: app cache comes from work in Google Gears, original use
cases still exist.
Adrian: moving this forward depends on people's interest in driving
it
Perhaps we need to ask for feedback on limitations of the app cache?
<MikeSmith> Mark Nottingham message about problems with the
programmable cache api -
[40]http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/02
78.html
[40] http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/0278.html
Doug: would be useful to have an organizational memory for all this
Adrian: we would still need to find someone to work on use cases and
requirements - could be a consumer not a vendor
<Barstow> ACTION: barstow ask public-webapps about creating Use
Cases and requirements of Program App Caches versus HTML5 App Cache
[recorded in
[41]http://www.w3.org/2010/11/01-webapps-minutes.html#action09]
<trackbot> Created ACTION-601 - Ask public-webapps about creating
Use Cases and requirements of Program App Caches versus HTML5 App
Cache [on Arthur Barstow - due 2010-11-08].
Facebook as a candidate?
<timeless_mbp> MikeSmith: julian reschke from IETF HTTP.next
<timeless_mbp> MikeSmith: Mark Nottingham
<shepazu> ACTION: Barstow to contact julian reschke and Mark
Nottingham about Data Cache [recorded in
[42]http://www.w3.org/2010/11/01-webapps-minutes.html#action10]
<trackbot> Created ACTION-602 - Contact julian reschke and Mark
Nottingham about Data Cache [on Arthur Barstow - due 2010-11-08].
Selectors API
Discussion on WebIDL default as key to progressing Selectors spec
Maciej: some implementations may need to change
Adrian: would that block PR?
we want to straighten this out in short order.
Maciej: keen to sort out Level 2 of the Selectors API
Anne discusses some of the details of what may be dropped
<mjs> hi Lachy!
<Lachy> hi
<anne> Lachy, when are you making the edits you were planning on
making?
<mjs> we were just talking about Selectors API a bit
<mjs> was wondering when Level 2 will settle down
<Lachy> I don't know when I'll be doing it, cause it depends on when
I get allocated to a relevant task, but at this stage, I think I'm
going to drop the queryScopedSelector methods, as they're a bit of a
mess.
<Lachy> the rest of it should be relatively stable.
<Lachy> so :scope will stay, matchesSelector will stay.
Art: let's take the rest of the selector's discussion to the list.
next topic XBL2
XBL2
Some discussion has occurred on possibility of mapping XBL2 from XML
to JSON.
Could be some syntactic sugar on top of DOM APIs to make some of the
use cases simpler, but we are blocked on lack of implementations for
XBL2
Anne: manifest attribute in place of processing instructions
<MikeSmith> [43]related message from Tab in September
[43] http://lists.w3.org/Archives/Public/public-webapps/2010JulSep/0912.html
Lots of experience in using JavaScript for binding, and desire for
common solution, but there are complications
XBL2 is awaiting implementation feedback.
Hixie did provide a revised spec, but there isn't agreement on the
changes.
<inserted> Aharon: Think it makes sense to have javascript allow us
to determine natively
<Barstow> Olli: I don't agree with the recent changes Hixie made to
XBL
<Barstow> ... think it limits the scope too much
We plan to resume at 1:30
<IceGuest_77> quit
we drift back from lunch
Art restarts the meeting
<anne> pointer to agenda for tomorrow?
Art ran in to the TAG folks in the corridor and some of them are
able to drop in if we need them.
<anne> [44]http://www.w3.org/2008/webapps/wiki/TPAC2010
[44] http://www.w3.org/2008/webapps/wiki/TPAC2010
Doug: some I18N people would like to talk to us about a few topics
tomorrow, and I would like to discuss those topics briefly today.
Anne: I want to talk about modularization of DOM3 events.
Art: let's take that tomorrow.
Use of XHR in widgets and specific meaning of origin.
Art: we should defer CORS and web storage until the TAG folks are
ready.
<Barstow> here is DAP's Pub status page:
[45]http://www.w3.org/2009/dap/
[45] http://www.w3.org/2009/dap/
Clipboard
Chaals worked in Clipboard initially, followed by Hixie.
Anne: my colleague (Hallvord?) has been studying behavior across
browsers.
<anne> "Hallvord R. M. Steen"<hallvord@opera.com>
Anne: we can safely say that Chaals has stopped working on the
Clipboard spec.
Doug: I was an editor and stopped working on it when I saw Hixie
picking it up in HTML5.
Anne: we may have an editor for copy and paste. Hixie has said this
won't be part of the HTML5 spec,
<shepazu> Hallvord Steen
<Barstow> AB: "Editor is not working on this spec. We may have an
Editor for the copy-and-paste part."
(for the pub status table)
Doug: I volunteer to update the draft to point to relevant work
elsewhere (this draft is obsolete, please refer to ...)
<Barstow> AB: Doug, et. al
[46]http://www.w3.org/2008/webapps/wiki/PubStatus#API_Specifications
[46] http://www.w3.org/2008/webapps/wiki/PubStatus#API_Specifications
Art projects the pub status page
[47]http://www.w3.org/2008/webapps/wiki/PubStatus
[47] http://www.w3.org/2008/webapps/wiki/PubStatus
Art updates the pub status for Clipboard as above,
<Barstow> ACTION: Doug update Editor's Draft of Window spec to say
the spec is no longer active [recorded in
[48]http://www.w3.org/2010/11/01-webapps-minutes.html#action11]
<trackbot> Sorry, amibiguous username (more than one match) - Doug
<trackbot> Try using a different identifier, such as family name or
username (eg. dstamper, schepers)
<Barstow> ACTION: schepers update Editor's Draft of Window and REX
specs to say the specs are no longer active [recorded in
[49]http://www.w3.org/2010/11/01-webapps-minutes.html#action12]
<trackbot> Created ACTION-603 - Update Editor's Draft of Window and
REX specs to say the specs are no longer active [on Doug Schepers -
due 2010-11-08].
Anne: move element traversal into DOM4 ...
Art: are there any process issues for that
Some discussuion whether we will discuss UMP
Art: if we do discuss UMP, we should ensure the TAG is represented
... server-sent events, anyone interested in discussing that?
Currently blocked on HTML5 workload
<anne> [50]http://www.w3.org/2008/webapps/charter/#decisions
[50] http://www.w3.org/2008/webapps/charter/#decisions
<Barstow> ACTION: barstow work with WebApps Team and Anne to find a
way for W3C to host Opera's event-source tests [recorded in
[51]http://www.w3.org/2010/11/01-webapps-minutes.html#action13]
<trackbot> Created ACTION-604 - Work with WebApps Team and Anne to
find a way for W3C to host Opera's event-source tests [on Arthur
Barstow - due 2010-11-08].
Anne: I published a test suite, but to publish it on W3C site we
need some decision on hosting PHP scripts
<anne> [52]http://tc.labs.opera.com/apis/XMLHttpRequest/ and
[53]http://tc.labs.opera.com/apis/EventSource/
[52] http://tc.labs.opera.com/apis/XMLHttpRequest/
[53] http://tc.labs.opera.com/apis/EventSource/
Dom: depending on the kind of PHP script there should be a way to
host it on a W3C server.
<anne> [54]http://tc.labs.opera.com/svn
[54] http://tc.labs.opera.com/svn
Anne: all the code is available if you have subversion
<Barstow> ACTION: barstow add Opera's test suite for EventSource to
the PubStatus page (see mins from 1-Nov-2010 for the link) [recorded
in [55]http://www.w3.org/2010/11/01-webapps-minutes.html#action14]
<trackbot> Created ACTION-605 - Add Opera's test suite for
EventSource to the PubStatus page (see mins from 1-Nov-2010 for the
link) [on Arthur Barstow - due 2010-11-08].
Chaals walks in and is introduced by Doug :)
<anne> dom, one is somewhat evil, writing and reading files
<dom> brrr
<dom> any chance you could document a bit more what they do and what
they require?
<anne> there's no localStorage in PHP
The TAG will join us at 4pm.
<anne> dom, basically access to everything from the request and
being able to do pretty much anything in the response
<anne> dom, and some kind of state thing on the server
WebSQL
<dom> right; I was thinking of actually comments in the PHP code :)
<anne> dom, come on, it's only a couple of lines
Same situation as a year or more,
two implementations but no will to move it forward
<dom> they are, anne, but these things will have to be maintained
for X years; I'm thinking to the poor soul that will have to port
these things to PHP 12 (or Scala 5)
Chaals: we can republish it as a NOTE
Anne: we still think it's interesting and don't want to remove it.
Doug: we can change to a Note and when interest renews, we can bring
it back
Art displays the current spec which notes in red that we only have
implementations on top of SQLite and don't have a separate spec for
the subset of SQL involved.
DSR: is it a strict subset of SQL standard?
No, it also includes some extensions
Dom: the only drawback of switching to Note is that you would have
to restart the IPR process to bring it back to Rec-track
We agree to republish as a WG Note
<Barstow> ACTION: barstow start a CfC to publish Web SQL Database as
a Working Group Note (and hence signal the spec is no longer on the
REC track) [recorded in
[56]http://www.w3.org/2010/11/01-webapps-minutes.html#action15]
<trackbot> Created ACTION-606 - Start a CfC to publish Web SQL
Database as a Working Group Note (and hence signal the spec is no
longer on the REC track) [on Arthur Barstow - due 2010-11-08].
XHR + Widgets
<anne>
[57]http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/03
91.html
[57] http://lists.w3.org/Archives/Public/public-webapps/2010OctDec/0391.html
Brian posted email on this ...
Brian explains complications relating to cross domain security
model.
Brian widgets have no defined origin
DSR asks why widgets don't have an origin
Explanations relating to not wanting to leak information,
installed apps need to satisfy a higher bar for security.
Signed widgets could imply an origin, but how would this be used in
a protocol like redirect
<noah> NM: As a tracking mechanism, I could typically track two
actions: one long term for the complete result, linking to the
detailed goals; the other short term for the next draft
<noah> LMM: My focus is more on the quality of the result than on
the date
<noah> LMM: We should have output regularly
<noah> AM: Difficulty in getting reviewing
Brian: if I issue a request vis XHR and it pings around several
redirects, do I as an app author need to do anything to be involved
in the redirects
... user agent is supposed to retain security token from redirect
response.
timeless: Similar story applies to plugins with events for each
redirect
<timeless_mbp>
[58]https://mail.mozilla.org/pipermail/plugin-futures/2010-October/0
00168.html
[58] https://mail.mozilla.org/pipermail/plugin-futures/2010-October/000168.html
<timeless_mbp>
[59]https://wiki.mozilla.org/NPAPI:HTTPRedirectHandling
[59] https://wiki.mozilla.org/NPAPI:HTTPRedirectHandling
Anne: are you saying redirects don't work with OAUTH today?
Brian: you lose information and your app would have to be OAUTH
aware
<timeless_mbp>
[60]http://developer.linkedin.com/message/1032;jsessionid=704AF1CC29
2EA4F8582CB7C91B21F7C7.node0#1032
[60] http://developer.linkedin.com/message/1032;jsessionid=704AF1CC292EA4F8582CB7C91B21F7C7.node0#1032
Anne: aren't redirects supposed to be transparent
<timeless_mbp> 1. Oct 26, 2009 12:28 PM in response to: caleb
<timeless_mbp> Re: OAuth Redirect not happening?
<timeless_mbp> Did you add your oauth_callback parameter to the
requestToken request or the authorize request?
<timeless_mbp> If the latter then we default to an out-of-band
callback.
<timeless_mbp> You may need to insure that your oauth library is
using 1.0a.
Brian: twitter and others are including info in redirect responses.
<timeless_mbp> OAuth [61]http://tools.ietf.org/html/rfc5849]
[61] http://tools.ietf.org/html/rfc5849
Anne: it is kind of weird that widgets want to follow web model but
not in full
We should notn't conflate [i18n api in javascript core - as opposed
to dom] use of redirects with widgets spec as it applies more
generally
Right now our security model is origin based.
origin doesn't have to be an HTTP URI
Anne: CORS does have a wildcard for URI
... widget could send an arbitrary token for origin
<dom> (so maybe there needs to be a work item on Widgets Origin?)
Henri: broken browsers can fake orgin as can broken widgets, the
attack you are trying to prevent is a rogue widget running on a
trusted platform accessing private data
... user would be recognized by normal login process. The widget
would be identified by a hash of the widget so that the server has
reasonable belief that the widget hasn't been tampered with,
assuming a trusted widget runtime.
... the hash is computed in widget package file.
Server needs to remember the hash for the widgets they issued/trust
The hash is a proxy for the identify of the widget
Anne: widgets are siloed from the browser
Brian: their is no guarantee that the browser couldn't execute the
widget
Anne: it would still be sandboxed
Henri summarises the trust model whereby server uses checksum over
widget's code as a check on its code as its identity.
Web Events
Art: last week W3C Director approved new WG on events. Doug will
review its scope to use us now.
<Barstow> Web Events home: [62]http://www.w3.org/2010/webevents/
[62] http://www.w3.org/2010/webevents/
<Barstow> Web Events: Charter
Two main aims: touch interfaces (including pen tablets, white boards
etc) we call these low level or physical events
<Barstow> ... [63]http://www.w3.org/2010/webevents/charter/
[63] http://www.w3.org/2010/webevents/charter/
Other events are intentional e.g. "undo" and at a higher level than
say "click".
Doug calls these user level events.
We won't be covering gestures which vary between devices.
We will provide a non-normative document describing gestures for
informative purposes.
Doug invites interested people to join the new WG
See [64]http://www.w3.org/2010/webevents/
[64] http://www.w3.org/2010/webevents/
Art: we want to develop a shared terminology and a set of use cases.
The subsequent requirements analysis will help us to filter aspects
that are in scope from those that are out of scope.
Doug: hopes to come up with something that is universally
acceptable.
Chaals: we are already signed up to the new WG and believe that
higher level events are really important
This will simplify web app development in the long run
Doug: also good for implentors
Sam: can't talk about touch, but there has been some work on higher
level events (e.g. relating to ARIA)
There are challenges to do with privacy, e.g. disclosing that you
are using a screen reader.
Doug: we are open to suggestions
Olka: there is some commonality in higher level events across
platforms (conceptually)
Doug: if we can find a sweet spot for a useful set of gestures that
are universal and vendors are agreeable we can move forward.
... we are not going to specify the specific user actions involved
in gestures e.g. pinch.
Brian: if there is a common set of events regardless of how they are
triggered, then that is still in scope, right?
Chaals summarises...
cites "back" action as example
<Barstow> s/Olka:/Ilkka:/
Allowing app developers to bind their code to these higher level UI
events makes their code easier to develop and more robust.
Soref: other examples include pan and zoom.
Chaals: this topic has been around for a decade e.g. hover, click
and activate
we should leave this to the new Web Events WG!
CORS and UMP
Is anyone going to implement UMP? Answer no.
Art: who is going to push CORS into Last Call?
Any major issues to resolve for that to happen?
<dom> [65]http://www.w3.org/2008/webapps/track/products/7 has one
raised issue about confused deputy
[65] http://www.w3.org/2008/webapps/track/products/7
Doug: UMP has been actively edited, but just not implemented.
Art: easiest way to kill UMP is to move CORS forward,
Dom: dependencies don't effect moving spec to Last Call.
Anne: some issues to resolve (e.g. 3 person handshake)
<Barstow> ACTION: barstow work with Anne on a plan to move CORS to
LCWD [recorded in
[66]http://www.w3.org/2010/11/01-webapps-minutes.html#action16]
<trackbot> Created ACTION-607 - Work with Anne on a plan to move
CORS to LCWD [on Arthur Barstow - due 2010-11-08].
we break for caffeine
<anne> s/3 person/3 party/
we resume after the coffee break
The data cache spec was defined to address a number of features such
as providing access to email attachments when you are offline
<dom> [67]DataCache API Editors draft
[67] http://dev.w3.org/2006/webapi/DataCache/
(says Eric)
The TAG members introduce themselves.
The TAG expressed an interest in hearing about Web Storage, a spec
edited by Hixie, who unfortunately isn't present today.
<dom> [68]Architecture of the World Wide Web, Volume One (15 Dec
2004)
[68] http://www.w3.org/TR/webarch/
Noah explains that TAG members are mainly hear to listen, and
describes the context.
Maciej: we do have people hear with some expertise in this topic who
could offer their comments.
Local storage mechanisms can boost performance of online web apps,
and enable them to work when a connection drops out.
This comes with privacy implications and many of you will have heard
of evercookie which works very hard to preserve cookies against
deletion.
HTTP cookies are just one of many ways for sites to track users, and
browsers doesn't have full control over all of them.
Browsers are evolving to support users wishing to clear all
information relating to a given site.
This should help with privacy.
There are certain ways to track users without any local storage,
e.g. finger prints based upon the browser's configuration (e.g. what
fonts are locally installed).
<timeless> [69]http://www.unc.edu/courses/jomc050/idog.jpg ]
[69] http://www.unc.edu/courses/jomc050/idog.jpg
Noah: when you use the web in general, what assurances can we offer?
<dom> (to me, this seems to point to the fact that browsers should
behave separately when you're logged in and when you're not)
Maciej: using the browser in a safe mode and accessing sites through
torr (anonymising proxy) is about as good as is possible.
however, this will provide a reduced user experience ...
And even then there may be ways to perform linkability analyses.
<timeless> [Exploring the Use of Discrete Gestures for
Authentication [70]http://eprints.comp.lancs.ac.uk/2204/]
[70] http://eprints.comp.lancs.ac.uk/2204/
<dom> ["on the internet, nobody knows you're a dog" — but nowadays,
on the internet, everybody knows your dog's name]
Dan: do local URIs offer any help?
<timeless> [ And here's a "Reality" Check
[71]http://www.unc.edu/courses/jomc050/sum97/dog2.gif — from
[72]http://www.unc.edu/depts/jomc/academics/dri/idog.html ]
[71] http://www.unc.edu/courses/jomc050/sum97/dog2.gif
[72] http://www.unc.edu/depts/jomc/academics/dri/idog.html
[ we agree to discuss storage not privacy to avoid going off into
the weeds ]
Maciej: HTML5 has some new APIs e.g. for back function that can be
helpful.
<dom> [73]HTML5 pushState() method to help manage URI-based views
[73] http://dev.w3.org/html5/spec/history.html#dom-history-pushstate
Chaals: we may want to ask what's different about URIs in the
context of web widgets.
Right now widgets don't have a URI of their own, so that they don't
have a URI to hang their data off.
We may want a way to distinguish between a local copy and the
version on the server, but that is a lesser issue.
Ashok: widgets don't have URIs, right, so how are they identified?
Chaals: the current widget spec doesn't provide for exposing a URI.
Larry: URI is not just a resource identifier, it is also a means for
communicating, e.g. sharing a bookmark with someone
You don't want to encapsulate all of the application state in the
URI, but rather to provide a means for reconstituring the important
state, e.g. the same route on a map, even in the map is in a
different language.
<timeless> (of note, the sharable bits that Google Maps exposes via
"share" encode the Language, which generally annoys me)
Anne: as Maciej mentioned HTML5 introduces a means for an
application to push the current state and to encapsulate this in a
URL for sharing with others, e.g. via copy and paste
This avoids the need for the fragment identifier for the state
The application may store state locally or in the server.
Larry: it would be nice if the way you name things is independent of
whether they are in local storage or on the server
If apps have too much state then you should try to put it into a
URI.
Chaals and Larry agree on the need for providing advice to
developers on good practices.
Doug: we can't know everything that people want to do, and can only
do our best
Anne: trying to write guidelines for developers is tough
Noah: generally agree with what has been said
I am not ready to say you need a URI for every item in a SQL store,
but it is worth asking the question to understand the issues.
The TAG's role is to point out that there is an issue somewhere in
here when it comes to storage.
<dom> (I'm not sure client-side storage is significantly different
from server-side storage; many server-side applications don't use
well URIs to expose state either)
If people end up putting a lot of data in local storage that isn't
addressable then this is a problem.
<Kai> (except availability might be an issue)
i.e. pulling things out of web space...
Chaals draws analogy with pulling alligators out of the swap before
the architects build the city...
Ashok: why don't you guys let the browser address things in
databases?
We do have SQlite. Ashok responds, I mean a real database@! :)
Ashok: define a way to provide a SQL interface to requesting data,
and returning it in whatever format makes sense
Dan asks about the various forms of local storage under
consideration.
Chaals: for various reasons it is unlikely that the SQL interface
will make it to REC
All of the major browser vendors have indicated there support for
IndexDB
<chaals> a/All of the //
Sam: file storage API is yet another mechanism under consideration.
This is sandboxed from the devices full file system.
<anne> [74]http://dev.w3.org/2009/dap/file-system/
[74] http://dev.w3.org/2009/dap/file-system/
<anne> [75]http://dev.w3.org/2009/dap/file-system/file-dir-sys.html
is it specifically
[75] http://dev.w3.org/2009/dap/file-system/file-dir-sys.html
<anne> (for some confusing reason in the DAP directory)
<anne> (well, historical)
<dom> (because DAP rocks)
Larry: I have an update of the file: scheme for URIs and would love
to see that involved.
This hides OS dependent path syntax issues.
Art: any more questions on both sides?
Dan: sounds to me that the TAG could work on some kind of developer
guidelines document if that is out of scope for Web Apps WG
Chaals: that is out of scope for us, so yes that would be something
for you to think about
Larry: to clarify I am not editing the file: URI scheme spec and
would appreciate someone else taking it on.
[ the TAG representatives leave the room ]
<chaals> scribe: chaals
i18n
<Barstow> ScribeNick: ArtB
DOM 3 Events Input Locale
<chaals> ScribeNick: chaals
Aron: (I work for Google.)
<timeless> s/Aron/Aharon/
Aron: when working on online editor we realised it would be good to
know the keyboard locale being used, in th context of smart quotes
(langauge specific, and common in word-processors)
<timeless> s/th context/the context/
i/Aharon/Richard: I work for W3C on i18n/
<timeless> s/langauge/language/
<anne> I think it reads Aharon
s/Aron/Aharon/
<anne>
[76]http://lists.w3.org/Archives/Public/www-dom/2010OctDec/0044.html
[76] http://lists.w3.org/Archives/Public/www-dom/2010OctDec/0044.html
scribe: Other usecase is inline directional styling. If you are
typing RTL you often need to quote an LTR language (usually english)
<timeless> s/english/English/
scribe: Problem is if the insert starts with punctuation or numbers,
etc., you get problems unless the indicators are explicit.
s/indicators/directional indicators/
scribe: Editors provide a user control to indicate paragraph
direction, but not for indicating a span within a larger paragraph.
... Word is clever and detects the keyboard being used. If I am
typing in hebrew and switch to english keyboard, it switches the
direction.
<timeless> s/hebrew/Hebrew/
<timeless> s/english/English/
scribe: Generalising this, using an IME, voice recognition, etc, you
still want to know what language it is set up for.
<timeless> s/direction/direction for the block of text entered in
that language/
scribe: Many of these devices are langauge specific.
<timeless> s/langauge/language/
scribe: The basic idea is to provide a keyboard-locale property as
BCP47 language code for key and text events.
... Doesn't mean that what was typed is in that locale, but it gives
a good-enough heuristic to give a significant improvement.
... Besides that, having a global object that has an input-locale
property would be useful.
... And an event that would indicate that locale has changed.
<timeless> s/locale/the locale/
scribe: (For other use cases than those identified).
... Complication: You could use multiple input devices each
configured to a different language.
... Didn't deal with that, but worth thinking about.
DougS: We talked about a number of mechanisms in DOM 3. Suggested
that having it in the event might become heavy.
... You can point to a static variable...
... Another proposal was having the global property, and we rejected
it for 2 reasons: Complication identified, and it is yet another way
to profile/sniff users, and we want to avoid this
... I would feel happy typing stuff into a page - I have already
given that some trust, so I am OK with it doing some more detection.
... I don't want a spam popup to get my language information
though...
??: What if you synthesise an event through the DOM?
Josh: Have to be doing input...
DougS: Keyboard inputs and text
Sam: Usually you have to fill in the properties yourself, or they
don't show up.
<Barstow> s/??:/Geoffrey/
Sam: If a popup captures key inputs (clickjacking...) then you still
have an issue
Anne: Valid concern. If you modify it you cannot modify init
methods.
Maciej: Init Methods --
<anne> nuke it
Josh: Next events thing could deal with that.
Geoffrey: If we don't change the init, then you don't have a privacy
problem.
Anne: Sounds complicated - you eed to have a locale dictionary.
Would it be possible to get the right behaviour in the User Agent
instead?
Aharon: I don't know all the use cases - I've given you the ones
that came up immediately on a project.
DougS: We got basically the same feedback from MS Live.
Aharon: It's not direction specific, it is also relevant switching
from russian to english keyboard. French speakers would use french
quotes, but if they type english they want english quotes but they
are likely to keep using a french keyboard.
<timeless> s/russian/Russian/
<timeless> s/english/English/
<timeless> s/english/English/
DougS: Would fail there, but it is still sufficiently useful
Aharon: Yes. Talking about heuristics, yes they are complex. But the
people who want to support this are willing to deal with the
complexity, but they don't have the underlying information to
support doing so.
... having the APIs available in javascript would be very useful.
But I don't think this is the right forum for that (there are
Javascript APIs being proposed for i18n purposes).
... The capability is included in javascript packages out there
(e.g. in Google closure you can get a good guess about whether a
language code implies RTL or LTR)
<timeless> [ Google Closure
[77]http://code.google.com/closure/library/ ]
[77] http://code.google.com/closure/library/
Anne: This or HTML-WG could be the right forum for talking about
APIs...
DougS: But not this spec.
Aharon: Think there is an effort to include native i18n
functionality in javascript.
<timeless> s/javascript/ecmascript/
Anne: Don't think it makes sense for that to cover this.
Olli: I think we agree already.
Anne: Still have concern about fingerprinting
Geoffrey: Only works if people are typing
[Yes, but people type all the time]
CMN: A highly efficient web timing interface is likely to be more
useful for improved fingerprinting.
DS: Think the concerns are valid, but this is useful enough to
override them. Should be a note in the spec explaining the issue
Anne: Users are not going to read the spec, and this is relevant to
users. But I am not opposed.
MJS: Useful to note so people who want to make anti-fingerprinting
see it.
Olli: Web apps still need to handle the case where input-locale is
not avialable.
<timeless> s/avialable/available/
Aharon: Yes. The spec already notes what to do when this happens.
DougS: Pasting means there is no input locale.
Aharon: And think it will stay like that. This is specifically about
things being input.
Anne: Why put it on keyboard? Why not just on text - that seems
sufficient and I don't see the value for keyup/down etc.
EricU: Having it for keyup/down could be useful to write a really
powerful editor. E.g. if you want to deal with ctrl-D you have to
get to the level of key events.
CMN: Think Anne is right...
<smaug_>
[78]http://lists.w3.org/Archives/Public/www-dom/2010JulSep/0024.html
[78] http://lists.w3.org/Archives/Public/www-dom/2010JulSep/0024.html
CMN: don't need to handle text and key input if you can just handle
key input.
s/ if you can just handle key input/, text is enough because command
keys are not locale-dependent in effect/
Josh: But if you write a rich editor you just trap key events,
rather than having to deal with text input at all.
DougS: The plan is to add the proposal, and do it...
Doug claims Adrian thought this was great and has been agitating for
it for ages.
<timeless> this was
[79]http://www.w3.org/2008/webapps/track/issues/119
[79] http://www.w3.org/2008/webapps/track/issues/119
[Adjourned for the day]
Summary of Action Items
[NEW] ACTION: barstow add Opera's test suite for EventSource to the
PubStatus page (see mins from 1-Nov-2010 for the link) [recorded in
[80]http://www.w3.org/2010/11/01-webapps-minutes.html#action14]
[NEW] ACTION: barstow ask Nikunj to report the status and plans of
Programmable Cache to public-webapps [recorded in
[81]http://www.w3.org/2010/11/01-webapps-minutes.html#action07]
[NEW] ACTION: barstow ask Oracle about their level of interest in
Programmable Cache [recorded in
[82]http://www.w3.org/2010/11/01-webapps-minutes.html#action08]
[NEW] ACTION: barstow ask public-webapps about creating Use Cases
and requirements of Program App Caches versus HTML5 App Cache
[recorded in
[83]http://www.w3.org/2010/11/01-webapps-minutes.html#action09]
[NEW] ACTION: barstow P&C spec: make it clear in the Abtract or
Intro that P&C widgets != UI controls [recorded in
[84]http://www.w3.org/2010/11/01-webapps-minutes.html#action01]
[NEW] ACTION: barstow PubStatus update Plans for
Workers/Storage/Event-source that HTML5 Editor workload is the block
and ask for volunteers [recorded in
[85]http://www.w3.org/2010/11/01-webapps-minutes.html#action05]
[NEW] ACTION: barstow start a CfC to publish a FPWD of Web Messaging
[recorded in
[86]http://www.w3.org/2010/11/01-webapps-minutes.html#action06]
[NEW] ACTION: barstow start a CfC to publish Web SQL Database as a
Working Group Note (and hence signal the spec is no longer on the
REC track) [recorded in
[87]http://www.w3.org/2010/11/01-webapps-minutes.html#action15]
[NEW] ACTION: Barstow to contact julian reschke and Mark Nottingham
about Data Cache [recorded in
[88]http://www.w3.org/2010/11/01-webapps-minutes.html#action10]
[NEW] ACTION: barstow Web Workers: add link to bug database to the
PubStatus page [recorded in
[89]http://www.w3.org/2010/11/01-webapps-minutes.html#action03]
[NEW] ACTION: barstow Web Workers: work with Team to find
resource(s) to review LC comments and plan for Candidate [recorded
in [90]http://www.w3.org/2010/11/01-webapps-minutes.html#action04]
[NEW] ACTION: barstow work with Anne on a plan to move CORS to LCWD
[recorded in
[91]http://www.w3.org/2010/11/01-webapps-minutes.html#action16]
[NEW] ACTION: barstow work with WebApps Team and Anne to find a way
for W3C to host Opera's event-source tests [recorded in
[92]http://www.w3.org/2010/11/01-webapps-minutes.html#action13]
[NEW] ACTION: caceres notify P&F WG when the P&C Conformance Checker
is published [recorded in
[93]http://www.w3.org/2010/11/01-webapps-minutes.html#action02]
[NEW] ACTION: Doug update Editor's Draft of Window spec to say the
spec is no longer active [recorded in
[94]http://www.w3.org/2010/11/01-webapps-minutes.html#action11]
[NEW] ACTION: schepers update Editor's Draft of Window and REX specs
to say the specs are no longer active [recorded in
[95]http://www.w3.org/2010/11/01-webapps-minutes.html#action12]
[End of minutes]
Received on Wednesday, 3 November 2010 07:49:56 UTC