Minutes of 2 January 2007 TAG teleconference from Norman Walsh on 2007-01-02 (www-tag@w3.org from January 2007)

From: Norman Walsh <Norman.Walsh@Sun.COM>
Date: Tue, 02 Jan 2007 14:29:50 -0500
To: www-tag@w3.org
Message-ID: <87ac11qlap.fsf@nwalsh.com>
See http://www.w3.org/2001/tag/2007/01/02-minutes.html

W3C[1]

                                   - DRAFT -

                                      TAG

2 Jan 2007

   Agenda[2]

   See also: IRC log[3]

Attendees

   Present
           Ed, Noah, Norm, Vincent, TimBL

   Regrets
           TV, Dan, Henry, Dave

   Chair
           Vincent

   Scribe
           Norm

Contents

     * Topics
         1. Administrative
         2. Update on recent actions
         3. Deprecate UTF-7?
         4. Any other business?
     * Summary of Action Items

     ----------------------------------------------------------------------

  Administrative

   Approve minutes of last telcon?

   Approved.

   Next telcon? 9 Jan 2007

   Norm gives regrets for 9 Jan and 16 Jan

   TimBL gives probable regrets for 9 Jan

   Henry proposed to scribe.

   Ed volunteers to back him up.

   Vincent proposes to invite Stuart to the 30 Jan telcon

   Noah: I think it's appropriate to invite Stuart to begin participating as
   soon as he's ready.

   Vincent: Let's invite him to the 23 Jan call then.

   <scribe> ACTION: Vincent to invite Stuart to join us in January [recorded
   in http://www.w3.org/2007/01/02-tagmem-minutes.html#action01[4]]

   Accept this agenda?

   Vincent: Noah wanted to discuss the upcoming Web Services workshop, let's
   do that at the end.

   Accepted.

  Update on recent actions

   Vincent: Ed, you were supposed to get in touch with the Web Security
   Context WG

   Ed: I sent a message this morning.
   ... No reply yet, nor has it come back from the tag@ list, so perhaps it's
   delayed.

   Vincent reports that he has seen it now.

   Vincent: Noah, you were going to update the status in metadataInURI

   Noah: I sent a note on 20 Dec

   -> http://lists.w3.org/Archives/Member/tag/2006Dec/0088.html

   Noah: One reply, but not in the critical path.
   ... I think it's ready to go
   ... Two things that could be reviewed: preparation for publication could
   use review
   ... I updated the link to one RFC

   <noah> Question, is http://www.w3.org/Protocols/rfc2616/rfc2616.html[6]
   the right link?

   Norm proposes: http://www.ietf.org/rfc/rfc2616[7]

   Norm: I suggest using tidy -asxml to clean it up for publication.

   <scribe> ACTION: Noah to run it through tidy and republish for Vincent to
   announce. [recorded in
   http://www.w3.org/2007/01/02-tagmem-minutes.html#action02[8]]

   Vincent: Noah can you give us an update on WS for Enterprise Workshop?

   Noah: It needs to be submitted by 10 Jan, so we'll have one more call
   before submission but there won't be much time for radical surgery.
   ... I'm going to get a draft out as quickly as possible, so please review
   as soon as you can.

   Vincent: Sounds reasonable.
   ... Is there any particular topic you'd like to draw our attention to?

   Noah: I can if you want to spend the time on it...

   Noah: Tim had a concern that we make it clear that we're there to listen
   as much as to say what the right answers are

   <noah> The TAG very much appreciates the opportunity to participate in
   this workshop. Although a few TAG members have direct experience building
   and supporting enterprise-grade networking systems, most of us have far
   deeper knowledge of the World Wide Web and of the technologies that have
   been used to build it. Accordingly, our primary interest in attending the
   workshop is to learn from the many participants who have greater
   experience in building and deploying enter

   <noah> We also hope it will be useful to contribute some of the insights
   we've gained in designing and guiding the Web itself, and to participate
   in a constructive dialog regarding the tradeoffs to be made in
   coordinating Web services technologies with core World Wide Web
   technologies such as URIs and HTTP.

   <noah> This white paper is intended to set out a few of the issues as we
   understand them, and to share some ideas about architectural tradeoffs. We
   do not attempt here to suggest what "the right answers" should be, but
   rather to offer some ideas that we hope will promote useful discussion. In
   keeping with the overall style of the workshop, we focus mainly on
   analyses motivated by use cases, but we start with a brief discussion of
   the background regarding integration

   Noah: Dan encouraged me to try to keep it short.
   ... What I have right now focuses on three related use cases.
   ... Is it interesting to have something that's on the web and available
   through web services.
   ... First use case is a printer accessed and controlled through a
   traditional HTTP...no SOAP or Web Services.
   ... Second case is a printer that has a pure SOAP WS interface.
   ... Third use case is a printer that supports both at the same URI
   ... Maybe some discussion of other TAG issues like EPR vs. URI.
   ... I'm inclined to leave those out of the paper, but present them if I'm
   invited to speak.

   Vincent: Thanks Noah. Any comments?

   Norm: I'll try to read it as soon as possible, but I don't have any
   comments in advance of the paper.

  Deprecate UTF-7?

   Vincent: Should we put this on the agenda and consider it as a new issue?

   Ed: Yes

   Dave: Yes

   <noah> I don't feel I have enough code-level experience on this one to
   have an informed opinion. So, I concur with whatever the rest of the TAG
   decides is appropriate.

   TimBL: It's not UTF-7 that's really the problem, it's the browser sniffing
   of it.

   Vincent: Roy suggests asking the browser vendors to stop supporting UTF-7

   <timbl_> http://lists.w3.org/Archives/Public/www-tag/2006Dec/0034.html[9]

   <noah> By he way, Mary Ellen Zurko just confirmed to me that she got the
   note from Ed http://lists.w3.org/Archives/Member/tag/2007Jan/0001.html[10]
   (Member only)

   <timbl_> ""Servers" that do not declare the character encoding of the
   content they

   <timbl_> serve, or that fail to ensure that the content matches the
   encoding they

   <timbl_> do declare, are inherently vulnerable to attacks. All these
   servers have

   Some discussion of the email thread

   <timbl_> to do to prevent these UTF-7 based attacks is to declare the
   encoding in

   <timbl_> the HTTP header or using some equivalent mechanism. The "servers"
   are

   <timbl_> broken if they don't, not the browsers. Besides, none of the
   mainstream

   <timbl_> browsers auto-detect UTF-7 in their latest versions, so there is
   hardly

   <timbl_> any issue here."

   <timbl_>
   http://lists.w3.org/Archives/Public/www-tag/2006Dec/thread.html#msg34[11]

   <noah> Paul Cotton also sent email at:
   http://lists.w3.org/Archives/Public/www-tag/2006Dec/0061.html[12]

   <noah> Linking to an explanation of the issue at:
   http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0296.html[13]

   Ed notes that the rating service uses UTF-7

   -> http://www.w3.org/TR/REC-PICS-services-961031

   Ed: It may still not be a bad thing to deprecate utf-7, but we need to
   make sure the community gets enough lead time.

   TimBL: The problem isn't really with utf-7 anyway.
   ... It's just another example of the issues associated with incorrect
   metadata: bad content type, bad encoding, etc.

   TimBL: Let's open the issue.

   Norm: I'm happy to open it.

   Noah: I concur.

   Vincent: Ok, then we'll open it, but we need to take care with the name
   and summary.

   TimBL: We should have a link to Roy's message.

   -> http://lists.w3.org/Archives/Public/www-tag/2006Dec/thread.html#msg34

   Scribe elides the usual name wrangling.

   Vincent: Proposed: open utf7Encoding-55: Security concerns with browsers
   sniffing unlabelled UTF7 encoding raised in <link to Roy's message>

   Approved.

   <scribe> ACTION: Vincent to create issue in list and announce it.
   [recorded in
   http://www.w3.org/2007/01/02-tagmem-minutes.html#action03[16]]

   Technical discussion postponed until we have a larger attendence.

   Vincent: We might also want to discuss [IFLA-L] CERL and ECPA publish
   report that explains persistent identifier schemes

   -> http://lists.w3.org/Archives/Public/www-tag/2006Dec/0060.html

   Noah: Is there a political agenda behind this, do we know?

   Ed: To sell copies of the report?

   Norm: I think it's this:

   -> http://www.knaw.nl/ecpa/publ/pdf/2732.pdf

   Vincent: It's more than 50 pages so perhaps it's not something we can
   discuss now.

   Norm: It seems like something we need to reply to, but personally I have
   less and less energy for the names-vs-address fight with each passing
   year.

   TimBL: Perhaps we can resolve to send a short note pointing out at least
   that they're violating web arch?

   Noah: This report takes as a starting point something that we disagree
   with.

   Vincent: There is a section 9.6 which says that the authors don't
   recommend any specific scheme.
   ... There are many documents that say things that aren't completely right
   regarding web architecture. It would be a huge task to refute them all.

   Ed: I'm not sure I want to give it any more credibility by responding to
   it.

   Dave: I'm not a big fan of that argument with respect to web architecture.
   Communication is one of our mandates.
   ... A simple message that says we disagree with them from the very
   beginning might be the right thing to do.

   Noah: I think it's also important to acknowledge that http: as commonly
   deployed does exhibit this problem.
   ... The question is, do you fix the issue by saying that http is
   inappropriate or by looking more subtly at the problem.

   Ed: I don't think we should respond unless someone is willing to sit down
   and read the whole thing.

   Vincent: I don't know how important this report is.

   Norm: Maybe we should leave it for a week and see if there's someone else
   with a burning desire to persue it.

   Vincent: Ok by me.

  Any other business?

   Adjourned.

Summary of Action Items

   [NEW] ACTION: Noah to run it through tidy and republish for Vincent to
   announce. [recorded in
   http://www.w3.org/2007/01/02-tagmem-minutes.html#action02[19]]
   [NEW] ACTION: Vincent to create issue in list and announce it. [recorded
   in http://www.w3.org/2007/01/02-tagmem-minutes.html#action03[20]]
   [NEW] ACTION: Vincent to invite Stuart to join us in January [recorded in
   http://www.w3.org/2007/01/02-tagmem-minutes.html#action01[21]]
   **
   [End of minutes]

     ----------------------------------------------------------------------

   [1] http://www.w3.org/
   [2] http://lists.w3.org/Archives/Public/www-tag/2007Jan/0000.html
   [3] http://www.w3.org/2007/01/02-tagmem-irc
   [4] http://www.w3.org/2007/01/02-tagmem-minutes.html#action01
   [6] http://www.w3.org/Protocols/rfc2616/rfc2616.html
   [7] http://www.ietf.org/rfc/rfc2616
   [8] http://www.w3.org/2007/01/02-tagmem-minutes.html#action02
   [9] http://lists.w3.org/Archives/Public/www-tag/2006Dec/0034.html
   [10] http://lists.w3.org/Archives/Member/tag/2007Jan/0001.html
   [11] http://lists.w3.org/Archives/Public/www-tag/2006Dec/thread.html#msg34
   [12] http://lists.w3.org/Archives/Public/www-tag/2006Dec/0061.html
   [13]
   http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0296.html
   [16] http://www.w3.org/2007/01/02-tagmem-minutes.html#action03
   [19] http://www.w3.org/2007/01/02-tagmem-minutes.html#action02
   [20] http://www.w3.org/2007/01/02-tagmem-minutes.html#action03
   [21] http://www.w3.org/2007/01/02-tagmem-minutes.html#action01
   [22] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
   [23] http://dev.w3.org/cvsweb/2002/scribe/

    Minutes formatted by David Booth's scribe.perl[22] version 1.127 (CVS
    log[23])
    $Date: 2007/01/02 19:28:23 $
Received on Tuesday, 2 January 2007 19:30:08 UTC