W3C home > Mailing lists > Public > www-tag@w3.org > January 2007

TAG weekly minutes 23 Jan for review (passwordsInTheClear-52, URNsAndRegistries-50, schemeProtocols-49, IRIEverywhere-27)

From: Dan Connolly <connolly@w3.org>
Date: Tue, 23 Jan 2007 13:44:34 -0600
To: www-tag@w3.org
Message-Id: <1169581474.5380.130.camel@dirk>

Hypertext: http://www.w3.org/2001/tag/2007/01/23-tagmem-minutes

plain text...


                              TAG Weekly

23 Jan 2007

   [2]Agenda

      [2] http://www.w3.org/2001/tag/2007/01/23-agenda.html

Attendees

   Present
          Ht, Vincent, DanC, noah, Norm, Ed_Rice, TimBL (in part)

   Regrets
          TimBL, DaveO

   Chair
          VQ

   Scribe
          DanC

Contents

     * [3]Topics
         1. [4]Convene, admin
         2. [5]New telcon scheduling
         3. [6]Issue passwordsInTheClear-52
         4. [7]Issue URNsAndRegistries-50
         5. [8]Issue schemeProtocols-49
         6. [9]Issue IRIEverywhere-27
     * [10]Summary of Action Items
     _________________________________________________________

Convene, admin

   VQ: late regrets from Tim and DaveO

   TimBL: partial regrets due to RDFa discussion at SWD meeting at MIT

   <DanC_> [11]minutes 9 Jan

     [11] http://www.w3.org/2007/01/09-tagmem-minutes.html

   VQ: minutes 9 Jan ok by me. any reason not to approve?

   Ed: remove DRAFT?

   RESOLUTION: to approve 9 Jan minutes, (whether DRAFT removed or not)

   VQ: agenda updates?

   DanC: I have a question about IRIEverywhere

New telcon scheduling

   PROPOSED: to meet 12:00 ET (17:00 UTC, 09:00 PT) Thursdays starting
   1 Feb

   VQ: there seems to be a critical mass around this proposal; I have
   seen some reservations...

   <timbl> I can manage either of the two proposed time, the first with
   some rearrangemengt of medium pain

   proposal doesn't carry due to a little new info and unknown input
   from others

   DanC: ok, backing off from a long-term decision to next week...

   HT: how about half an hour earlier next week so SKW can join?
   [that's 12:30 Boston time, yes, HT?]

   <ht> yes DanC

   NM: regrets 30 Jan due to travel

   <Zakim> Norm, you wanted to say that I have to give regrets for
   Tuesday and Thursday of next week; I'll send a list of all my open
   slots and promise not to object to anything selected in

   RESOLUTION: to meet Tue, 30 Jan 12:30pET

   NDW: regrets 30 Jan

Issue passwordsInTheClear-52

   <DanC_> [12]Subject: RE: TAG - Password in clear text. Tue, 9 Jan
   2007 13:20:10 -0600

     [12] http://lists.w3.org/Archives/Public/www-tag/2007Jan/0017.html

   ^msg from Ed

   VQ: Ed, any news from MEZ since that 9 Jan msg?

   DanC: perhaps I should follow up with tlr on whether MEZ got the
   message or whatever

   <scribe> ACTION: DanC to follow up on request for wording re "TAG -
   Password in clear text."

   Ed: maybe there's not enough consensus to finish this after all?

   DanC: indeed, John Cowan's msg emphasized a gap in positions, to me.

   <noah> Me too, as I recall.

   <noah> Haven't reread lately.

   <ht> I have done my action, see
   [13]http://lists.w3.org/Archives/Public/www-tag/2007Jan/0021.html

     [13] http://lists.w3.org/Archives/Public/www-tag/2007Jan/0021.html

   HT: I did raise the question about how user agent's can't know
   whether the password is in the clear due to javascript...

   <noah> Yes, that's the concern I raised on the last call, that we
   are telling the browser to warn, but the Javascript may encrypt in a
   way the browser can't detect.

   HT: and I got a response that confirms this is going on

   Ed: it's not clear that these javascript techniques are secure

   DanC: they look like traditional challenge/response authentication

   Noah: some folks use passwords as "speed bumps" into their sites...
   ... their requirements are met by passwords in the clear
   ... how about "HTTP basic is not secure against the following..."?

   DanC: that doesn't address my major concern, which is that web site
   operators are giving the impression that passwords are protected but
   not actually protecting the password across the net

   Noah: [a pretty good story that the scribe got too far behind to
   record]

   <noah> BTW: someone raised the question last week of what Yahoo!
   Mail is doing. From what I can tell going to their site, they are
   using HTTPS and also marking the input field as type="password"

   Ed: it's not clear that we've got consensus on what's right and
   what's wrong

   VQ: OK, so we've got DanC's new action an HT's action done...

Issue URNsAndRegistries-50

   HT: no progress. :-/

   DanC: does the URNs-and-registries finding touch on commercial
   motivation for DNS alternatives?

   HT: no; do you have something solid to point to?

   DanC: I think so.

   <scribe> ACTION: DanC to look for an example of commercial
   motivation for alternatives to DNS

   HT: please continue my action
   ... I still plan to work on this draft

   <scribe> ACTION: HT to Update draft finding URNs, Namespaces and
   Registries. [CONTINUES]

Issue schemeProtocols-49

   reviewing ACTION NM, accepted on 5 Dec 2005: Produce a new version
   of URI Schemes and Web Protocols.

   NM: I had little confidence when I tried it at first; I have a
   little more confidence now, though it's not obvious what to write.
   Also, I did a bunch of TAG writing lately and used up some of that
   sort of energy; could use a break.
   ... so yeah, let's keep the issue open but withdraw the action.

   DanC: yeah, until somebody is inspired...

   <scribe> ACTION: NM to Produce a new version of URI Schemes and Web
   Protocols. [WITHDRAWN]

Issue IRIEverywhere-27

   DanC: Congrats, Norm, on the XQuery REC. The F&O stuff reminds me of
   the IRIEverywhere issue, and some questions/axioms/formulas TimBL
   wrote up...

   <DanC_> [14]Mappings and identity in URIs and IRIs

     [14] http://www.w3.org/2003/04/iri.html

   issues list has 2 actions re
   [15]http://www.w3.org/2001/tag/issues.html#IRIEverywhere-27

     [15] http://www.w3.org/2001/tag/issues.html#IRIEverywhere-27

   one on TBL and one on HT...

   DanC: do we care about the XML Core action? withdraw?
   ... that was about XML Namespaces 1.1, which is done.

   <scribe> ACTION: HT to with Norm report the Namespaces/URI/IRI
   discussion to XML Core. [DONE]

   <scribe> ACTION: DanC to ask TimBL whether XQuery and XML Namespaces
   1.1 address IRIEverywhere to his satisfaction, noting
   [16]http://www.w3.org/2003/04/iri.html

     [16] http://www.w3.org/2003/04/iri.html

   ADJOURN.

Summary of Action Items

   [NEW] ACTION: DanC to ask TimBL whether XQuery and XML Namespaces
   1.1 address IRIEverywhere to his satisfaction, noting
   [17]http://www.w3.org/2003/04/iri.html
   [NEW] ACTION: DanC to follow up on request for wording re "TAG -
   Password in clear text."
   [NEW] ACTION: DanC to look for an example of commercial motivation
   for alternatives to DNS

     [17] http://www.w3.org/2003/04/iri.html

   [PENDING] ACTION: HT to Update draft finding URNs, Namespaces and
   Registries.

   [DONE] ACTION: HT to with Norm report the Namespaces/URI/IRI
   discussion to XML Core.

   [DROPPED] ACTION: NM to Produce a new version of URI Schemes and Web
   Protocols.

   [End of minutes]
     _________________________________________________________


    Minutes formatted by David Booth's [18]scribe.perl version 1.127
    ([19]CVS log)
    $Date: 2007/01/23 19:40:40 $

     [18] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [19] http://dev.w3.org/cvsweb/2002/scribe/


-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
Received on Tuesday, 23 January 2007 19:44:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:14 UTC