- From: Dan Connolly <connolly@w3.org>
- Date: Wed, 15 Nov 2006 08:34:35 -0600
- To: www-tag@w3.org
http://www.w3.org/2001/tag/2006/11/14-tagmem-minutes
TAG Weekly
14 Nov 2006
[2]Agenda
[2] http://www.w3.org/2001/tag/2006/11/14-agenda.html
See also: [3]IRC log
[3] http://www.w3.org/2006/11/14-tagmem-irc
Attendees
Present
noah, Raman, Dave_Orchard, Vincent, DanC, Ht, Norm, Ed_Rice,
TimBL
Regrets
Chair
VQ
Scribe
DanC
Contents
* [4]Topics
1. [5]Convene, admin
2. [6]Issue metadataInURI-31
3. [7]Issue namespaceDocument-8
4. [8]Issue passwordsInTheClear-52
* [9]Summary of Action Items
_________________________________________________________
Convene, admin
<scribe> Scribe: DanC
PROPOSED: to met 21 Nov
NM: regrets 21 Nov
HT: regrets 21 Nov. backplane meeting
PROPOSED: to meet 21 Nov, Ed to scribe
... to accept [10]http://www.w3.org/2001/tag/2006/11/07-minutes.html
as a true record
... to accept [11]http://www.w3.org/2001/tag/2006/11/07-minutes.html
as a true record, after making the ammendment Noah requested
[10] http://www.w3.org/2001/tag/2006/11/07-minutes.html
[11] http://www.w3.org/2001/tag/2006/11/07-minutes.html
<timbl> ok by me
RESOLUTION: to accept
[12]http://www.w3.org/2001/tag/2006/11/07-minutes.html as a true
record, after making the ammendment Noah requested
[12] http://www.w3.org/2001/tag/2006/11/07-minutes.html
(minutes Nov 7 are dated 2006/11/14 18:09:46 )
RESOLUTION: to meet 21 Nov, Ed to scribe
"Face-to-face meeting, 11-13 Dec. 2006, Cambridge, MA, USA, hosted
by MIT" -- [13]http://www.w3.org/2001/tag/
[13] http://www.w3.org/2001/tag/
TV: I'm at risk for the Dec ftf
<Norm> My current plan is to attend 12, 13 in person and on 11 by
phone, if possible
Issue metadataInURI-31
VQ: so we have a draft of 7 Nov, and action on DanC and Ed to review
NM: section 2.8 was rewritten
VQ: I note discussion of dates in W3C URIs
NM: I saw review comments from Ed...
... about strengthening the story from save-as to running it. [?]
[odd... I see 2 URIs. ./malicious.exe and ./moviestar.jpg ]
<DanC_> [14]The use of Metadata in URIs DRAFT TAG Finding 07
November 2006
[14] http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061107.html
DC: I see 2 URIs... ./malicious.exe and ./moviestar.jpg
NM: that's the 2nd example; look at the 1st
DC: what's the URI in the 1st example?
NM: there isn't a specific URI in the 1st example
DC: then it's too abstract already for somebody, like me, who isn't
reading all that carefully
<dorchard> this is section 2.8?
<timbl> ... <img src="./moviestar.exe"/>
<timbl> ... <img src="./moviestar.exe"/> served as image/jpeg
NM: so I see 2 ways to mitigate the risk:
... (1) what safari does, use the mime type to make a filename of
moviestar.exe.jpeg
... (2) warn that saving as .exe won't preserve the mime type
Ed: just recently I saw a link to an RSS feed that came up as text.
TimBL: what was the media type?
Ed: text
TimBL: then the browser was doing it right; if that's not what the
author meant, he should have used a different media type; see
webarch and/or "authoritative metadata" finding
<timbl> 1. The URI ends in .exe
<timbl> 2. The contrn typ eis image/jpeg
<timbl> 3. So the image works ina browser
<timbl> 4. the server saves it
TV: so I see (1) and (2); it's better to advise one over the other,
no?
<timbl> 4. The users saves it with "save image to desktop"
<timbl> 5. the user clicks on it in the desktop and the thing runs
as a file
NM: so is the GPN OK?
DC: it's too complicated; just say "when saving to filesystems that
use extensions to represent media types, user agents must choose an
extension that is constistent with the media type from the
representation"
Ed: is that a rfc2119:MUST ?
DanC: yes
TimBL: most operating systems let you rename it
... if you accept that your warrantee is void
DanC: well, that's separate
<scribe> ACTION: NM to rework metadataInURI 1st example to be more
explicit as per Tim's suggestion above, and update GPN per Dan's
suggestion recorded in [15]http://www.w3.org/2006/11/14-tagmem-irc]
[15] http://www.w3.org/2006/11/14-tagmem-irc
<DanC_> (did he say keep the 2nd example? I haven't looked at it.)
NM: I have gotten comments on other parts of the document...
... ok to change "create" to "assign"?
TBL: where is that comment?
NM: Stuart has advised against "authority" all over the document; I
think he's accepted that different editors would say it differently
<noah> Note from Ed Davies:
<noah>
[16]http://lists.w3.org/Archives/Public/www-tag/2006Nov/0048.html
[16] http://lists.w3.org/Archives/Public/www-tag/2006Nov/0048.html
NM: Ed Davies 8 Nov wrote about a UK court case
... which we have previously discussed
DanC: I think we treated this in the deep linking finding
HT: no, this is a different case
... we don't have very good sources about this case; we're still
awaiting the official record
<Zakim> DanC, you wanted to answer TV's question: (1) is better and
to ask if it wasn't the deep linking finding, what did happen to
this court case when we last discussed it?
<scribe> ACTION: HT to seek a copy of the official court record of
the UK case on ../../ etc. [recorded in
[17]http://www.w3.org/2006/11/14-tagmem-irc]
[17] http://www.w3.org/2006/11/14-tagmem-irc
HT: I intended to get a copy before, so yes, let's track it as an
action now
TimBL: I don't see this metadata in URI finding saying anything
terribly relevant to the UK case
<scribe> DONE: Review security section on risks of serving
executables as .jpeg to metadataInURI draft.
<scribe> ACTION: Ed to Review security section on risks of serving
executables as .jpeg to metadataInURI draft. [DONE] [recorded in
[18]http://www.w3.org/2006/11/14-tagmem-irc]
[18] http://www.w3.org/2006/11/14-tagmem-irc
NM: I don't see much opportunity to make progress until ftf prep;
ETA 4 Dec
<scribe> ACTION: DanC to Review security section on risks of serving
executables as .jpeg to metadataInURI draft. [CONTINUES] [recorded
in [19]http://www.w3.org/2006/11/14-tagmem-irc]
[19] http://www.w3.org/2006/11/14-tagmem-irc
<ht> [20]http://www.ltg.ed.ac.uk/~ht/malicious.html illustrates the
case Noah describes in
[21]http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061107.html
[20] http://www.ltg.ed.ac.uk/~ht/malicious.html
[21] http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061107.html
<ht> Firefox's treatment is actually sub-optimal
Issue namespaceDocument-8
<scribe> ACTION: NW, accepted on 12 Jul 2005: follow up on Noah's
message on ns name. Reconfirmed on 10 Jan 2006. [WITHDRAWN]
recorded in [22]http://www.w3.org/2006/11/14-tagmem-irc]
[22] http://www.w3.org/2006/11/14-tagmem-irc
<scribe> ACTION: NW to propose to Jonathan Borden that he changes to
using a file of Natures. [CONTINUES] [recorded in
[23]http://www.w3.org/2006/11/14-tagmem-irc]
[23] http://www.w3.org/2006/11/14-tagmem-irc
<Zakim> DanC, you wanted to ask a fairly meaty question about GRDDL
and namespaces and media types that I sent to www-tag
<DanC_> [24]follow your nose from XML documents to namespace
documents? xmlFunctions-34, nsMediaType-3, RDFinXHTML-35
[24] http://lists.w3.org/Archives/Public/www-tag/2006Nov/0086.html
<noah> ScribeNick: noah
DC: Shows a document containing RDF but served application/xml
... The RDF gives a privacy policy
... Has the author issued a privacy policy, or just said "look at
these tags"?
... I think I like the former, in part because there's a lot of
stuff already deployed that way.
<timbl> I vote (1)
DC: excerpt from XML Media Type spec:
An XML document labeled as text/xml or application/xml might contain
namespace declarations, stylesheet-linking processing instructions
(PIs), schema information, or other declarations that might be used
to suggest how the document is to be processed.
For example, a
document might have the XHTML namespace and a reference to a CSS
stylesheet. Such a document might be handled by applications that
would use this information to dispatch the document for appropriate
processing.
<Zakim> DanC, you wanted to bring up another case,
[25]http://www.w3.org/2001/sw/grddl-wg/td/testlist3#xslt_literal_res
ult
[25] http://www.w3.org/2001/sw/grddl-wg/td/testlist3#xslt_literal_result
<DanC> looking at
[26]http://www.w3.org/2001/sw/grddl-wg/td/litres.xml
[26] http://www.w3.org/2001/sw/grddl-wg/td/litres.xml
<DanC> Content-Type: application/xml; qs=0.9
<ht> Windows has the following information about this MIME type.
This page will help you find software needed to open your file.
<ht> MIME Type: application/rdf xml
<timbl> Content-Location: testlist3.rdf
<timbl> Vary: negotiate,accept
NW: What's your question?
DC: How many triples are here?
... RDF parser is unhappy with this.
TBL: If the parser supported XML functions would it be unhappy?
DC: What does that mean?
TBL: When you get to a subtree you don't recognize, you look up
namespace to get specs.
NW: Tim, you'd like it to work that way, but there's no spec for
that.
<timbl> <t:Test r:about="#loop">
<Norm> We're looking at this:
[27]http://www.w3.org/2001/sw/grddl-wg/td/litres.xml
[27] http://www.w3.org/2001/sw/grddl-wg/td/litres.xml
<timbl> [28]http://www.w3.org/2001/sw/grddl-wg/td/testlist3
[28] http://www.w3.org/2001/sw/grddl-wg/td/testlist3
TBL: I did a curl -i on it and it said it was RDF.
DC: OK
... There are two tests in there.
... this won't parse due to last dc:description.
... if you knew to run XSLT first, you'd "win", but there don't seem
to be enough keys to make that happen
NW: insteresting question which processing should happen first.
DC: It's a mixin?
HT: It is and it isn't.
<Norm> q_
HT: That use of XML breaks compositionality. It's in that sense
outside the rules, and the fact that it causes problems is not
surprising.
... In this case, the function of the whole is not the sum of the
meaning of the parts. Not context free in the usual way.
... To understand the meaning of the document by working bottom up.
TBL: Bottom up.
DC: If it's compositional, it works either way.
<DanC> (he said, glibly, before wondering if he was right)
<noah_> (Noah thinks that in general top down provides the context
for the inner parts, as in <dontTrust><x>...</x></dontTrust>
TBL: If it were anything other than RDF, I would propose that when
the RDF parser gets down to the dc:description,it would look up the
namespace, e.g. to embed an encrypted piece. Works "fine" for other
XML dialects.
<Norm> I was going to say that xsl:version wasn't designed as a
mixin; it was designed to tell the XSLT processor what to do, not to
imply that you could or should send it to an XSLT processor. But I'm
not sure that distinction is relevant on further consideration.
<DanC> (wow... tim is blowing my mind, taking the side of "XSLT is
working here; RDF is not doing the clean thing.")
TBL: Problem is that RDF claims to tell you the semantics of
anything you put in there. There's no extensibility in that sense.
HT: Here's an example where it's different.
... XSTL stylesheets themselves break compositionality, and we've
known that for years.
... You write things like <P> knowing that the contents are not the
contents of a paragraph. They are result elements. XSLT is a meta
lanuage that has implicit quoting all over the place.
<DanC> ("my functional xml paper" ... pointer, ht?)
<DanC> (I find
[29]http://www.idealliance.org/xmlusa/05/call/xmlpapers/243.198/.243
.html Functional XML: A preliminary sketch HT )
[29] http://www.idealliance.org/xmlusa/05/call/xmlpapers/243.198/.243.html
TBL: Nothing wrong with that, because you start from the top.
<noah_> (Noah notes that what Tim is saying is precisely why Noah
said above that top down is the only right way to look at it.)
TVR: In XSLT, everything but the XSLT namespace is implicitly
quoted.
HT: But there are lots of XSLT elements that can contain either
quoted or non-quoted things. Not clear it's entirely equivalent to
backquoting.
NW: There are <xsl:element>, <xsl:attribute> and you could use them
everywhere. Arguably that's what <p>
DC: So I'm hearing first case leaves things looking reasonably clean
as far as sniffing for RDF, but the 2nd case still seems to have
dragons lurking.
<ht> [FYI, both Protege 3.1 and SWOOP 2.3 throw exceptions when
given Dan's second URI. . .
DC: If I put a "parse type"(? scribe's not sure about this) we'd
incorrectly blow past the XSL.
<DanC> (well, we'd blow past; whether correct or not is the issue.)
<Norm> If we put "parseType='XMLLiteral'" is what Dan meant
Tim: [missed]
HT: Xinclude is another example.
<DanC> (no smiley required, Norm; in the GRDDL WG, we've got an open
action to make a test case of using an XML Pipeline in place of an
XSLT transformation.)
<DanC> (it's becoming reasonably clear that people do consider that
this xmlFunctions-34 does cover this discussion, so I don't need
nsMediaType-3 re-opened)
<DanC> ScribeNick: DanC
<scribe> ACTION: HT to track progress of #int bug 1974 in the XML
Schema namespace document in the XML Schema WG. [CONTINUES]
recorded in [30]http://www.w3.org/2006/11/14-tagmem-irc]
. TBL, accepted on 5 Oct 2006: with Norm, draft semantic web
architecture stories and such.
[30] http://www.w3.org/2006/11/14-tagmem-irc
<scribe> ACTION: NDW to draft semantic web architecture stories and
such recorded in [31]http://www.w3.org/2006/11/14-tagmem-irc]
[31] http://www.w3.org/2006/11/14-tagmem-irc
NDW: I hope to have something for the ftf, but it's risky
<scribe> (new version of which? I have fallen behind)
(which finding, NDW?)
Issue passwordsInTheClear-52
VQ: looks like we'll postpone passwordsInTheClear-52 to next time
<timbl> passwords in the clear ok where?
<DanC_> e.g. on local networks
<DanC_> it's hard to get the scope of passwordsInTheClear clear
while keeping it front-side-of-one-page
Summary of Action Items
[NEW] ACTION: HT to seek a copy of the official court record of the
UK case on ../../ etc. [recorded in
[32]http://www.w3.org/2006/11/14-tagmem-irc]
[NEW] ACTION: NDW to draft semantic web architecture stories and
such recorded in [33]http://www.w3.org/2006/11/14-tagmem-irc]
[NEW] ACTION: NM to rework metadataInURI 1st example to be more
explicit as per Tim's suggestion above, and update GPN per Dan's
suggestion recorded in [34]http://www.w3.org/2006/11/14-tagmem-irc]
[32] http://www.w3.org/2006/11/14-tagmem-irc
[33] http://www.w3.org/2006/11/14-tagmem-irc
[34] http://www.w3.org/2006/11/14-tagmem-irc
[PENDING] ACTION: DanC to Review security section on risks of
serving executables as .jpeg to metadataInURI draft. [recorded in
[35]http://www.w3.org/2006/11/14-tagmem-irc]
[PENDING] ACTION: HT to track progress of #int bug 1974 in the XML
Schema namespace document in the XML Schema WG. [recorded in
[36]http://www.w3.org/2006/11/14-tagmem-irc]
[PENDING] ACTION: NW to propose to Jonathan Borden that he changes
to using a file of Natures. [recorded in
[37]http://www.w3.org/2006/11/14-tagmem-irc]
[35] http://www.w3.org/2006/11/14-tagmem-irc
[36] http://www.w3.org/2006/11/14-tagmem-irc
[37] http://www.w3.org/2006/11/14-tagmem-irc
[DONE] ACTION: Ed to Review security section on risks of serving
executables as .jpeg to metadataInURI draft. [recorded in
[38]http://www.w3.org/2006/11/14-tagmem-irc]
[38] http://www.w3.org/2006/11/14-tagmem-irc
[DROPPED] ACTION: NW, accepted on 12 Jul 2005: follow up on Noah's
message on ns name. Reconfirmed on 10 Jan 2006. [recorded in
[39]http://www.w3.org/2006/11/14-tagmem-irc]
[39] http://www.w3.org/2006/11/14-tagmem-irc
[End of minutes]
_________________________________________________________
Minutes formatted by David Booth's [40]scribe.perl version 1.127
([41]CVS log)
$Date: 2006/11/15 14:30:52 $
[40] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[41] http://dev.w3.org/cvsweb/2002/scribe/
--
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E
Received on Wednesday, 15 November 2006 14:35:01 UTC