- From: Nikos Andronikos <Nikos.Andronikos@cisra.canon.com.au>
- Date: Fri, 12 Aug 2016 00:14:57 +0000
- To: www-svg <www-svg@w3.org>
https://www.w3.org/2016/08/11-svg-minutes.html
[1]W3C
[1] http://www.w3.org/
- DRAFT -
SVG Working Group Teleconference
11 Aug 2016
[2]Agenda
[2] https://lists.w3.org/Archives/Public/www-svg/2016Aug/0014.html
See also: [3]IRC log
[3] http://www.w3.org/2016/08/11-svg-irc
Attendees
Present
nikos, Tav, shepazu, stakagi, AmeliaBR
Regrets
Chair
Nikos
Scribe
Nikos
Contents
* [4]Topics
1. [5]SVG 2 CR publication update
2. [6]Bringing bits in from Integration to the
Conformance chapter
3. [7]SVG 2 publication
4. [8]Security and privacy questionnaire review
5. [9]Next F2F
* [10]Summary of Action Items
* [11]Summary of Resolutions
__________________________________________________________
<scribe> Agenda:
[12]https://lists.w3.org/Archives/Public/www-svg/2016Aug/0014.h
tml
[12] https://lists.w3.org/Archives/Public/www-svg/2016Aug/0014.html
<scribe> Scribe: Nikos
<scribe> scribenick: nikos
SVG 2 CR publication update
nikos: Disposition of comments:
[13]https://nikosandronikos.github.io/svg2-cr-doc/
... I've put together the DoC
... it's currently being compiled from Github
... but I'll make it a static page to send off
... The one thing I haven't done is include the things in the
'clean up' milestone as deferred
[13] https://nikosandronikos.github.io/svg2-cr-doc/
AmeliaBR: think there's a few we should add - including some
'future wish list' stuff
nikos: I also sent out request for review to i18n and a11y
<AmeliaBR>
[14]https://lists.w3.org/Archives/Public/www-svg/2016Aug/0016.h
tml
[14] https://lists.w3.org/Archives/Public/www-svg/2016Aug/0016.html
AmeliaBR: we got a response on a11y this morning, I've replied
... I'm not expecting a lot of questions because we have people
working on the SVG TF
shepazu: Good answer regarding SVG fonts
Tav: I've been playing with SVG fonts a lot. We support
creation of fonts
shepazu: Is there any way to export to SVG in OT ?
Tav: not yet
nikos: So we're really just waiting now for review comments
[15]https://svgwg.org/svg2-draft/conform.html
[15] https://svgwg.org/svg2-draft/conform.html
Bringing bits in from Integration to the Conformance chapter
shepazu: There's a few open issues
... I have come around to the view point that conformance
should be part of the spec
nikos: For the issue 'Should animations run in the resource
document?', I think that's defined elsewhere
AmeliaBR: Yes, I'll review the chapter
shepazu: How do we change something from appendix to chapter?
AmeliaBR: Somewhere in the build script this is all controlled
nikos: I can take a look at that next week
AmeliaBR: The other thing we need to do is add stub files for
the moved and removed chapters
nikos: I was going to do that as a manual step during
publication
AmeliaBR: For animation, it would be nice to have a short
appendix pointing out the three ways you can animate SVG
<scribe> ACTION: Nikos to make conformance appendix a chapter
[recorded in
[16]http://www.w3.org/2016/08/11-svg-minutes.html#action01]
[16] http://www.w3.org/2016/08/11-svg-minutes.html#action01]
<trackbot> Created ACTION-3855 - Make conformance appendix a
chapter [on Nikos Andronikos - due 2016-08-18].
<scribe> ACTION: Nikos to add stub chapters [recorded in
[17]http://www.w3.org/2016/08/11-svg-minutes.html#action02]
[17] http://www.w3.org/2016/08/11-svg-minutes.html#action02]
<trackbot> Created ACTION-3856 - Add stub chapters [on Nikos
Andronikos - due 2016-08-18].
SVG 2 publication
shepazu: Regarding deferred issues. It's not a problem to list
them - there's many issues so it's right to defer them to SVG
next
nikos: So next week we finish these little spec tidy ups while
waiting for review comments, and I'll finish off those extra
things for DoC
shepazu: We have a few issues in the spec still. Do we want to
make them Github issues?
AmeliaBR: anything in the spec should should already be in
Github or be an 'at risk' comment
shepazu: Ok, I just introduced a few new ones by bringing the
integration spec text in
... The thing about fetch is probably the most substantive
AmeliaBR: I've fixed a lot of issues about Fetch so we can
reference that
<AmeliaBR>
[18]https://svgwg.org/svg2-draft/linking.html#processingURL-fet
ch
[18] https://svgwg.org/svg2-draft/linking.html#processingURL-fetch
AmeliaBR: Doug, you do a review, and then I'll do one as well
afterwards
Security and privacy questionnaire review
<AmeliaBR>
[19]https://github.com/w3c/svgwg/wiki/SVG-2-Security-&-Privacy-
Review
[19] https://github.com/w3c/svgwg/wiki/SVG-2-Security-&-Privacy-Review
nikos: Does this specification deal with
personally-identifiable information
... I couldn't think of anything
AmeliaBR: No more than what exists for web pages in general
nikos: Does this specification deal with high-value data?
... No
... Does this specification introduce new state for an origin
that persists across browsing sessions?
shepazu: No
nikos: Does this specification expose persistent, cross-origin
state to the web?
... So I thought that language preference could expose some
state, but it's low risk
... I suppose if you have a lot of binary tests you might be
able to build up a fairly detailed picture
shepazu: A few years ago there was a big push to avoid
fingerprinting, but at this point fingerprinting is too far
advanced
... Is there anything about the fact you can reference an
external SVG via use that might fall into this category?
... Also language preference isn't stored in the SVG per se
nikos: Does this specification expose any other data to an
origin that it doesn’t currently have access to?
... I don't think we're doing anything unique
AmeliaBR: We might at that point say we allow CORS
... but only in a matter consistent with HTML
nikos: Doesn't hurt to point that out
... Does this specification enable new script execution/loading
mechanisms?
... Again, we're the same as HTML
... Does this specification allow an origin access to a user’s
location?
... Definitely a no
... Does this specification allow an origin access to sensors
on a user’s device?
... no
... Does this specification allow an origin access to aspects
of a user’s local computing environment?
... Again here, I said yes via language preference
AmeliaBR: Could also say something about other required
features switches and video/audio codec support
nikos: Does this specification allow an origin access to other
devices?
... No
... Does this specification allow an origin some measure of
control over a user agent’s native UI?
... no
... Does this specification expose temporary identifiers to the
web?
... no
... Does this specification distinguish between behavior in
first-party and third-party contexts?
AmeliaBR: wasn't sure about this one. We do talk about
different behaviours in a reference document compared to an
original document
... some of that is linked to CORS, but not sure if that's what
they mean
shepazu: Think we should say that we allow more restricted uses
of the thing and link to the chapter
nikos: I don't think this is what that's about but we should
say it
AmeliaBR: we do discuss anonymous vs credentials mode for CORS
... think that's a little relevant
... as Doug said, mention that there's a distinction and let
them come back with questions if there's concerns
nikos: How should this specification work in the context of a
user agent’s "incognito" mode?
... I said no
shepazu: is that true even in the context of referencing modes?
AmeliaBR: only difference is the browser wouldn't supply
cookies to the server. But rendering of SVg would be the same
nikos: Does this specification persist data to a user’s local
device?
... no
... Does this specification have a "Security Considerations"
and "Privacy Considerations" section?
... It does
[20]https://svgwg.org/svg2-draft/single-page.html#mimereg-mime-
registration
[20] https://svgwg.org/svg2-draft/single-page.html#mimereg-mime-registration
scribe: it was just copied from SVG TIny 1.2
... may need updating
... Does this specification allow downgrading default security
characteristics?
... I wasn't sure about this one
AmeliaBR: talking about CORS, domain matching, etc
... You can mention that we do use CORS features similarly to
HTML
... or based on the HTML spec
... and therefore it can be affected by sand boxing
... which may what they're talking about
nikos: I'll update it. Don't really want to put it in a spec,
but will link to it from the Security considerations section
Next F2F
Tav: Are we meeting at Graphical Web?
nikos: It's very unclear whether i'll be able to go to
graphical web
shepazu: Next opportunity is TPAC
nikos: I'll be at TPAC
AmeliaBR: I'm hoping you and Doug can get feedback and work out
with other members what will happen next
... especially looking at the test suite creation
... other thing to talk about at TPAC - the HTML / web platform
group is still hoping we take responsibility for Canvas 2d
context
... that would be something to discuss wrt to SVG WG charter
which is due in Fall
nikos: In terms of meeting at the graphical web, I think we
should cancel that one because the date isn't that far off and
it's too hard to confirm whether I'll be able to go
Summary of Action Items
[NEW] ACTION: Nikos to add stub chapters [recorded in
[21]http://www.w3.org/2016/08/11-svg-minutes.html#action02]
[NEW] ACTION: Nikos to make conformance appendix a chapter
[recorded in
[22]http://www.w3.org/2016/08/11-svg-minutes.html#action01]
[21] http://www.w3.org/2016/08/11-svg-minutes.html#action02
[22] http://www.w3.org/2016/08/11-svg-minutes.html#action01
Summary of Resolutions
[End of minutes]
The information contained in this email message and any attachments may be confidential and may also be the subject to legal professional privilege. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. If you have received this email in error, please immediately advise the sender by return email and delete the information from your system.
Received on Friday, 12 August 2016 00:15:32 UTC