- From: Norman Walsh <ndw@nwalsh.com>
- Date: Wed, 28 May 2008 11:57:30 -0400
- To: www-tag@w3.org
- Message-ID: <m2ej7mwhed.fsf@nwalsh.com>
See http://www.w3.org/2001/tag/2008/05/20-minutes W3C[1] - DRAFT - TAG face-to-face day 2, Bristol, GB 20 May 2008 Agenda[2] See also: IRC log[3] Attendees Present Tim, Jonathan, Dan, Norm, Henry, Stuart, Ashok, Dave, Noah Regrets Chair Stuart Scribe Dan, Norm Contents * Topics 1. passwordsInTheClear-52 2. namespaceDocument-8 3. UrnsAndRegistries-50 4. AWWSW and httpRedirections-57 5. Self Describing Web * Summary of Action Items ---------------------------------------------------------------------- <scribe> scribe: Dan passwordsInTheClear-52 -> http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20080501 Passwords in the Clear May 1 2008 discussion of skw's comments on "The Digest method is subject to dictionary attacks, and must not be used except in circumstances where passwords are known to be of sufficient length and complexity to thwart such attacks." SKW: I prefer to replace the imperative "must not" with factual phrasing DO: hmm... ok <noah> The sophistication and power of dictionary-based attacks continues to increase such that longer and complex passwords are increasingly vulnerable to attack. NM suggests replacement for "The sophistication and power of dictionary-based attacks continues to increase such that longer and complex passwords are vulnerable to attacks, not just short passwords using common terms." <noah> Short passwords or those using common words should not be used with digest authentication. Indeed, The sophistication and power of dictionary-based attacks continues to increase such that longer and more complex passwords are increasingly vulnerable to attack. DO commits a 20 May revision... DO: so on 2.1.1... are we done? TBL: clarify "dictionary attack" as "offline dictionary attack"? DO: the fact that it's subject to dictionary attack has to do with the presence of nonces in the protocol. TBL: there are online dictionary attacks where each attempt involves communication with the server and offline attacks where attempts don't involve communication with the server SKW: just add "offline"? TBL: well... is that enough to explain it to our readership? <timbl> add ,because a single session can be recrded and attacked offline, <timbl> add ,because a single session can be recorded and attacked offline, <timbl> in place of ' <timbl> in place of the comma after "disctionary attack" <dorchard> The Digest method is subject to dictionary attacks because a single session can be recorded and attacked offline. It is particularly vulnerable in circumstances where passwords are known to be of insufficient length and complexity to thwart such attacks. <timbl> dictionary dictionary dictionary dictionary dictionary <timbl> +1 modulo "it", seems good to several <dorchard> particularly vulnerable in circumstances where passwords are known to be of insufficient length and complexity to thwart such attacks. <dorchard> particularly vulnerable in circumstances where passwords are known to be of insufficient length and complexity to thwart such attacks. <dorchard> The Digest method is subject to dictionary attacks because a single session can be recorded and attacked offline. The Digest method is particularly vulnerable in circumstances where passwords are known to be of insufficient length and complexity to thwart such attacks. poll shows that's ok DO: let's look at section 1 various editorial comments DO: on to section 2... boxed notes... ... hmm... "A server SHOULD NOT" vs "A client browser MUST NOT ..." SKW: how does W3C's site work? DC: basic auth. passwords in the clear. [we've tried many times to get rid of them, but we get stuck somewhere in deployment] TBL: have we explained how to do without passwords in the clear? DO: we talk about digest and SSL/TLS NM: so the security context WG is saying "never do basic without ssl"... are we going that far? DO: this finding is about "securely ..." ... as the security context WG has said, when sites like w3.org use passwords in the clear, not only is w3.org at risk, but users are trained to use passwords in the clear TBL: how about a distinctive UI when a browser prompts for passwords that are going to be transmitted in the clear? DO: I've seen user interfaces for password strength NM: does it help that much if one site goes to SSL? if I've used that password elsewhere, I'm still in trouble. SKW: naive users don't really understand these subtleties NDW: our audience is not end-users but site developers and perhaps browser/client developers. we can make a strong statement, and perhaps they'll improve things. how they improve things is beyond our scope DC: well... TBL: let's target the finding and give clear advice DO: see "Automatic Protection by User agent" which is clearly about what browsers/ajax apps... TBL: how many sites use basic auth anyway? don't most of them use forms+cookies? are we OK with cookies? DC: cookies are pretty much passwords to me. they're session keys DO: no, let's leave cookies aside; this finding is about passwords SKW: are cookies discussed in the current draft? ... "temporary storage in cookes" is in the intro DC: regarding w3.org... if the TAG resolves that cleartext passwords MUST NOT be used, as team contact, I'll be obliged to try deploy this on w3.org; we've tried a number of times in the past and failed due to lack of software support for digest etc. SKW: how about SSL? DC: I don't recall how far we tried SSL; that would probably be the thing to try this time AM: this finding advises users not to use sites that do passwords in the clear; how can users tell? DO: there are UI clues in browsers ... given forms and javascript and such, browsers can't exhaustively determine SKW: time draws near... DO: the one critical issue I see is the inconsistency between SHOULD NOT and MUST NOT ... let's make them both MUST NOT SKW: I'd prefer to just enumerate the risks and leave out the imperatives <dorchard> There are no scenarios where it is secure to transmit passwords in the clear. Every scenario that involves possibly transmitting passwords in the clear can be redesigned for the desired functionality without a cleartext password transmission. DO: feel obliged to represent the position of the Secrurity WG TBL: how about "... without risk" and MUST NOT PROPOSED: to approve the passwordsInTheClear finding, contingent on tbl's ok, and call for review by web security context wg, [http? wg], html WG, XHTML 2 WG ... OASIS WSX TC ... W3C security spec maintenance WG <Ashok> OASIS WS-SX so RESOLVED. <scribe> ACTION: David finish refs etc on passwords in the clear finding [recorded in http://www.w3.org/2008/05/20-tagmem-irc[5]] <trackbot-ng> Created ACTION-150 - Finish refs etc on passwords in the clear finding [on David Orchard - due 2008-05-27]. [break] <timbl> PWITC is OK by me <timbl> You can resolve the contingency on me TBL: I'm interested in review by browser makers too HT: perhaps via their AC reps? DO: not RoR devs? TBL: sure... this is a heads up, not a round-trip, is it? DO: this is a round-trip to many of these groups TBL: OK, let's just notify the browser makers namespaceDocument-8 SKW: we're resolved congingent on HT, NDW, and myself; the contingency has resolved. <scribe> ACTION: henry announce namespaceDocument-8 finding on tag-announce etc. [recorded in http://www.w3.org/2008/05/20-tagmem-irc[6]] <trackbot-ng> Created ACTION-151 - Announce namespaceDocument-8 finding on tag-announce etc. [on Henry S. Thompson - due 2008-05-27]. JAR: has anyone implemented it? HT: no, though any RDDL 1.0 document has the relevant info... did one of us produce a stylesheet for that? (hmm... who's going to to update the RDDL namespace doc?) UrnsAndRegistries-50 HT: work on this was preempted by work on ARIA etc. JAR: fwiw, Alan R. and I have been working on a document with overlapping scope <scribe> ACTION: Jonathan review overlap between the HCLSI URI note and HT's w.r.t. contribution to TAG finding on UrnsAndRegistries [recorded in http://www.w3.org/2008/05/20-tagmem-irc[7]] <trackbot-ng> Created ACTION-152 - Review overlap between the HCLSI URI note and HT's w.r.t. contribution to TAG finding on UrnsAndRegistries [on Jonathan Rees - due 2008-05-27]. SKW: there was an OASIS last call on XRIs... closes 30 May AM: remind me what our earlier comments are? HT: [summarizes] www-tag/2008Feb/0009.html is projected NM: what's the status of XRIs? how does that relate to OpenID? HT: OpenID has a forward reference to a moving target XRI spec. [?] TBL: that's a bug [re the use of conneg in HTTP as discussed in 2008Feb/0104 ] -> http://lists.w3.org/Archives/Public/www-tag/2008Feb/0104 XRI TC response to W3C TAG Comments on XRI Resolution 2.0 <dorchard> I see in OpenID the following: <Service xmlns="xri://$xrd*($v*2.0)">. I don't think this is legal is it? <CGI691> from http://openid.net/specs/openid-authentication-2_0.html[9] [[[ Scribe: Is CGI691 Ashok? ]]] <timbl> maybe http://docs.oasis-open.org/xri/2.0/specs/cd02/xri-resolution-V2.0-cd-02.pdf[10] <timbl> Extensible Resource Identifier (XRI) <timbl> Resolution Version 2.0 <timbl> Committee Draft 02 <timbl> 25 November 2007 <CGI691> I do see in OpenID Supports the use of XRIs as Identifiers. XRIs may be used as Identifiers for both end users and OPs, and provide automatic mapping from one or more reassignable i-names to a synonymous persistent Canonical ID that will never be reassigned SKW: I've been asked what's the TAG's position on XRIs <ht> DanC, see http://openid.net/specs/openid-authentication-2_0.html#anchor34[11] TBL: why didn't we ship that finding? <Stuart> see http://docs.oasis-open.org/xri/2.0/specs/cd02/xri-resolution-V2.0-cd-02.pdf[12] table 5 line 351. HT: because we thought it only worked for people who already agreed with us DO: but in retrospect, that was a mistake: even that would have helped http: advocates in OpenID work ... I'm inclined to come back to this after doing some drafting over a break NM: hmm... take a position on XRI-in-OpenID while we're at it? ... perhaps there's a risk that OpenID will be the vehicle that brings XRI into widespread use DO: quite. I'm concerned about that. (re xris vs email, I found something nearby... http://openid.net/pipermail/general/2006-November/000586.html[13] ) SKW: we have some concerns, but what conclusions? ... testing the waters... poll: all the cases addressed by XRIs can be addressed using HTTP URIs? many in support. HT: well... there's a trade-off... if somebody gives up ubuquity, they can get more control NM: there are certain clear drawbacks to a new scheme... list those... we haven't seen any motivation to overcome those disadvantages ... how about something like that? <Service xmlns="xri://$xrd*($v*2.0)"> ^ from openid2 <CGI691> I observe that XRI has now published a naming dispute resolution mechanism at http://www.xdi.org/docref/legal/egs-dispute-resolution-rules.html[14] <timbl> ACTION notes "It is not uncommon, in the context of academic debates over computer science and Web standards topics, to see the publication of one or more "considered harmful" essays. These essays have existed in some form for more than three decades now, and it has become obvious that their time has passed. Because "considered harmful" essays are, by their nature, so incendiary, they are counter-productive both in terms of encouraging open and intelligent deb quite [lunch] <Norm> scribenick: norm <scribe> scribe: Norm Meeting resumes ht: or wrw war aggw a rrgggww General laughter at a joke that won't work in the minutes <scribe> Chair: timbl SW expresses some concerns about the tone of the message. Proposed: We send the text drafted at this meeting to the internal tag list, with an action for Henry to fill in the blanks. To be mailed publicily by Tim and Stuart, co-chairs of the TAG. <DanC_lap> no, not the internal tag list; www-tag <DanC_lap> oh. I see. Resolved. <scribe> Chair: Stuart AWWSW and httpRedirections-57 <DanC_lap> action-116? <trackbot-ng> ACTION-116 -- Tim Berners-Lee to align the tabulator internal vocabulary with the vocabulary in the rules http://esw.w3.org/topic/AwwswDboothsRules[15], getting changes to either as needed. -- due 2008-03-06 -- OPEN <trackbot-ng> http://www.w3.org/2001/tag/group/track/actions/116[16] JR: We've been meeting by phone. Some sort of ontology for HTTP seems to be in the works. ... Some goals: use in the tabulator, use in next webarch, integration with bigger ontologies for interoperability, ... provenance (citations on the web), alignment of goals across several of these projects, ... more baking for the resource/information resource distinction, ... There's a question of how to manage the mailing list members. HT: I think we should give JR control of the list. General agreement. JR: Some statements we'd like to be able to answer: <timbl> http://www.w3.org/2008/05/21-jar-tbl.html[17],access JR: questions about pure mechanics, "the string that was in the response..." ... What can you say about RFC 2616 about the entity? ... What do the status codes mean (specifically, 200 and 3xx) ... What does a 200 response say about the resource? ... What are the sources of descriptive information (link header, link element from HTML, 303 content location...) ... Question of coherence between representations. ... (Do English and French versions "say" the same thing?) ... Assessing the correctness of a mirror. ... I've got some links that I'll provide. NM: I think there's been some scope creep. I thought it was going to be very narrowly focused, but there seems to be some much broader goals in some minds. <DanC_lap> (fwiw, re caching, I presented at a WWW9 workshop in 2000, based on the 1994 caching paper by Luotonen and Altis. http://www.w3.org/2000/Talks/www9-larch/all.htm[18] ) JR: I think it would be nice to deliver something, and the mechanics are interesting for some applications, but on the other hand, if I don't have a little more guidance of when 200 responses are acceptable, I won't have gotten much out of it. TimBL: What scope creep? NM: I actually said ambiguity. I thought it was going to be about mechanics, but there are bigger issues and they're all connected. <DanC_lap> (more work, nov 2003 http://www.w3.org/2001/tag/fdesc54/slides[19] ) HT: RFC 2616 puts you very close to httpRange-14. JR: Semantic web kicks you even further. I think "what is an information resource" is a red herring, the question is, when can I give a 200 response. <DanC_lap> (and I saw FRBR came up in awwsw email... "I suggest adopting w:InformationResource rdfs:subClassOf frbr:Work as a practical constraint." -- my IRW 2006 paper http://www.w3.org/2006/04/irw65/urisym[20] ) JR outlines the contributions from different individuals: scribe: David Booth's RDF capturing httpRange-14 ... A use case presenting ambiguity between XML document IDs and an RDF person. ... Jonathan's category diagram <DanC_lap> example: foo#xyz where foo has an XML representation with id="xyz", hence foo#xyz identifies part of an XML document; meanwhile, foo#xyz is claimed to identify a person. scribe: Question of how FRBR ontologies line up with the other discussions in the group. ... (exploring the neighborhoods of 200's) <DanC_lap> timbl, a frbr citation: http://www.w3.org/2006/04/irw65/urisym#frbr[21] JR: The information resource question comes to me because I want to know if someone gets a 200 for a journal article, can I use that for provenance, or do I have to setup a separate URI which 303's. <DanC_lap> crud; http://vocab.org/frbr/core[22] doesn't cite the main FRBR work <DanC_lap> aha... http://www.w3.org/2006/04/irw65/urisym#iflafrbr[23] <DanC_lap> [IFLA] <DanC_lap> K.G. Saur IFLA Study Group on the Functional Requirements for Bibliographic Records. Functional Requirements for Bibliographic Records: Final Report. UBCIM Publications-New Series. Vol. 19, Munchen: , 1998. JR: The question of "time" comes up periodically, but we're trying to keep that out of scope. <DanC_lap> http://www.w3.org/2008/05/21-jar-tbl.html[24] Some discussions and general agreement that it's sometimes necessary to model time but is very hard. DanC: Is there light at the end of the tunnel? JR: No. NM: I think the elephant in the room is "what is an information resource"? DanC: Is there a critical need? JR: I want to know if I can return a 200 for a journal article. DanC: "Yes" JR: I'd like to be able to answer questions like that without questioning you and TimBL. NM: We may all be happy with that answer, but there are others who aren't. Some discussion of "what is an information resource" <DanC_lap> HT raises a point of order whether that's what we're discussing; SKW suggests no, come to the AWWSW meetings to do that, which meeting participatns are satisfied with JR: Maybe in six months we'll have a draft. <DanC_lap> tbl, please put some stuff in http://www.w3.org/2008/05/21-jar-tbl.html[25] a la "presented at a TAG meeting May 2008" HT: I am often a fan of putting rat hole inducing topics to one side in the hopes it'll go away. I fear that the information resource question is not such a topic. ... The AWWSW group has to give some sort of concrete answer to the question of what does a 200 mean. ... If not in the actual ontology then good, english language prose to that effect. <DanC_lap> (and I saw FRBR came up in awwsw email... "I suggest adopting w:InformationResource rdfs:subClassOf frbr:Work as a practical constraint." -- my IRW 2006 paper http://www.w3.org/2006/04/irw65/urisym[26] ) More discussion ensues. <ht> 'my' as in DanC ? <DanC_lap> yes <ht> 'I' also DanC? <ht> (in "I suggest") <DanC_lap> DanC: I suggest finding several examples to bound InformationResource above and below; e.g. frbr:Work <DanC_lap> (yes) TimBL: Another practical question: what can you deduce from relationships like when you get a 302 or conneg. ... Should you perceive that all these things are the same resource? <ht> Note that I'm happy with what I believe to be the current state of the AWWSW emerging consensus that there is no class in the ontology named Resource TimBL: So I added a new relationship, "same-work-as" so in the FRBR area I think we'll find wide resources that are the same work. ... That came up recently in running code. <timbl_> Noah, http://www.w3.org/2006/gen.ont[27] Moving on to "redirections57"... -> http://sw.neurocommons.org/2008/uniform-access.html There's a document coming out in June; they'd like to say something about the link: header. JR: If the TAG can't find an answer in time, or doesn't like it, what then? ... in that case, they'll move it to the non-normative section. TimBL: Can we do a straw poll. Pretty much a three-way split: in-favor, not-in-favor, undecided. HT: I've stated my concern before: I don't want unsolicited metadata. TimBL: What are the other concerns? <scribe> Chair: TimBL DanC: My concern is the relationships; are they managed in URIs or shortnames or... JR: That's all resolved in the latest drafts. NM: I have vague concerns, but they're not crisp enough to drive the group in any direction. <DanC_lap> (right; so falling back to HTTP 1.0 doesn't address my concern about relationship names) Stuart: Is Henry's concern one of taste or style or is it actively harmful? HT: Consumption of bandwidth is the leading term. The second part is that I'm concerned its the thin end of a very long wedge. ... Header information needs to be very carefully considered. How many times ahve we had filesystems that say ... there's a data fork and a resource fork. We're going to distinguish between the message and what its about. ... It's never worked well. ... It makes me very happy to keep the seperable stuff as small as possible. We already have the problem that files don't tell you their media types. ... Now we're adding more important metadata that we won't get from file: URIs. <Zakim> DanC_lap, you wanted to suggest bounding the class InformationResource above and below Stuart: Is this a way of encoding metadata in the Link: header or a way of pointing to metadata HT: The concern is that its the thin end of a long wedge. Stuart: I don't want to encourage putting a hole RDF graph in the link headers. <noah> I'm curious whether Henry is ultimately concerned about message size, or something deeper TimBL: I like link: header *for* the bandwidth issue. Instead of having things creep into other headers, all sorts of metata can go in a server-generated virtual document. ... For people who really care about the metadata, they can follow the link. For others, it won't be clogging the bandwidth. ... I agree that the resource fork file architecture is sub-optimal. If it really were a resource fork then I'd see that as a bad thing. ... But the problem with the resource fork is you wind up with two open commands, one to open the data and oen to do both. ... The resource fork isn't a first-class file. The link: header is just a pointer to a file. <DanC_lap> (I wonder what contemporary web mirroring tools do with mime types... if I have foo.html with content-type: image/gif and I copy it with wget, does it lose the image/gif media type? I bet it does) TimBL: The resource fork is more like GETMETA. HT: I think there are three classes, link:, GETMETA, or systematically manipulating the URI. ... Only the third has any possible way of being extended to file: URIs. ... But it's a lot easier to start a server running these days. ... I have some sympathy with the systematic URI manipulation. ... If the question was called, I wouldn't object. AM: There are lots of different styles of metadata. ... Are you not happy because its one link for different kinds of metadata? HT: Yes, I think that's what Tim's point just now was. ... This is as far as you get, no farther. Everything else has to leverage this. ... I don't know if this is good or not. JR: You could go even further and just have a single "Resource-Description:" header. HT: I didn't realize that there were going to be lots of link: headers. ... I want to say "no" to that on the same grounds. DanC: If people fall back to HTTP 1.1 then they won't get those bits. JR: It's a separate RFC so it could be applied to different versions. Some discussion of the Atom/Link header registry Further discussion of a small technical error about the use of .../link-relationships.html# as the base URI for Link: headers -> http://www.mnot.net/drafts/draft-nottingham-http-link-header-01.txt <timbl_> ACTION: dan to report Relationship values are URIs that identify the type of link. If the relationship is a relative URI, its base URI MUST be considered to be "http://www.iana.org/assignments/link-relations.html[30]#", and the value MUST be present in the link relation registry. is a bug to the relevant bug sink fro http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt[31] [recorded in http://www.w3.org/2008/05/20-tagmem-irc[32]] <trackbot-ng> Created ACTION-153 - Report Relationship values are URIs that identify the type of link. If the relationship is a relative URI, its base URI MUST be considered to be \"http://www.iana.org/assignments/link-relations.html[33]#\", and the value MUST be present in the link relation registry. is a bug to the relevant bug sink fro http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt[34] [on Dan Connolly - due 2008-05-27]. JR: The question isn't settled. I find Henry convincing, but then I think about the scenarios and what's to be said to Phil and I'm not so sure. ... The situation that brought this to my mind was a lot of documents that have metadata (lab reports, etc.) and where do you put it? ... That question is going to remain for me and the link: header is a convenient answer for a lot of administrators. <Zakim> Stuart, you wanted to say that there can be more than one link; and to say that link is already regarded as being there. Stuart: There can be multiple link: headers and they can be distinguished so that you can tell what link will give you WSDL and what one will give you POWDER, etc. ... Roy would say that the link: header has always been there, what Mark has done is ground the relationships in URI space. Timbl: They can also be pushed into a single link header with commas. ... This seems like the sort of thing that the TAG should really put its weight behind. ... There are a whole lot of things taht would be made easier and it's a lever that would allow lots of innovation. ... What can we do to promote it?? JR: I'm reluctant without convincing the naysayers. TimBL: No, what would we do if we wanted to. JR: I think just a simple statement of support would be enough. NM: Maybe the question is, are there strong naysayers on the outside. JR: Yes there are NM: So we need to either convince them or convince the people who will convince them. JR: Do you want to go through the issues list? Stuart: We're into break time. <timbl_> Proposal2: The TAG recommends the use and standardization of the HTTP Link: header as described in http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt[35] <DanC_lap> issues in http://sw.neurocommons.org/2008/uniform-access.html[36] DanC: I think we should take 30 seconds and see if anyone has any of these issues they think is critical. The group pauses to read the issues at the end of the uniform-access document. <DanC_lap> #3 # <DanC_lap> # Mechanisms that require special server configuration may not be accessible to all author/publishers; there will be an interaction with the way content is hosted and so on. HT: I think 3 (mechanisms that require server configuration) is hugely important; I just want to emphasis that. TimBL: I think we need to address that as a separate TAG issue. It's important, but we should try to get ISPs to provide more control. DanC: You think this is a critical stopper for link:? HT: I don't know. Many of the alternatives have this problem. <Zakim> DanC_lap, you wanted to ask for a refined poll... not just "who likes link?" but "who finds Link to be a cost-effective solution to the powder use case? grddl? mobile bp? DanC: If you fix the bug with the hash, then the URI relationships become information resources. TimBL: So we should note that IANA will have to run a 303. ... But that will be useful for a lot of reasons. TimBL highlights proposal2 above. JR: it has to be strongly qualified DanC: Doesn't the draft enumerate the qualifications? ... I'd like to see it used for bibliographic metadata for immutable files, POWDER, etc. ... We shouldn't recommend technology for technologies sake, we should name the use cases that it addresses. HT: Is anyone actively championing alternatives? <DanC_lap> I'm happy with Link for powder, grddl, and metadata for immutable files JR: MGET has been implemented TimBL: ... scribe missed the other example ... DanC: There's PROPFIND, but that's not being recommended here. Some discussion of the benefits of manipulating the URI, a la adding ",about" or /about/ <timbl_> Proposal3: The TAG recommends the use, for POWDER and metadata about fixed resources, and GRDDL transformation links; and standardization of the HTTP Link: header as described in http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt[37] <timbl_> Proposal4: The TAG recommends the use, for example for POWDER and metadata about fixed resources, and GRDDL transformation links; and standardization of the HTTP Link: header as described in http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt[38] Henry tries alternate wording Dave likes it better <timbl_> Proposal4a: The TAG recommends the use, for example for POWDER and metadata about fixed resources, and GRDDL transformation links; and further standardization of the HTTP Link: header as described in http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt[39] <ht> Proposal5: The TAG endorses http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt[40] and standardization of the HTTP Link: header for use cases such as POWDER and metadata about fixed resources, and GRDDL transformation links Resolved without objection <scribe> ACTION: jonathan to reply publicly to Phil with respect to our decision on Link: [recorded in http://www.w3.org/2008/05/20-tagmem-irc[41]] <trackbot-ng> Created ACTION-154 - Reply publicly to Phil with respect to our decision on Link: [on Jonathan Rees - due 2008-05-27]. TimBL: Should we run the link: header on w3.org? <timbl_> should th w3 now run this on w3.org? ,meta and link header for the w3.org site <timbl_> for: ACL info, conneg variants, ... Dan and TimBL to discuss that offline. Self Describing Web NM: Previously, I had prepared a draft for Vancouver. I got a mix of reactions. ... I republished a draft that included a number of substantive comments from the last review. ... I believe that's all I've changed in this draft. ... Some highlights: ... I've promoted the RDFa material up to its own chapter ... I put in the picture that TimBL prepared of the web's standard retreival mechanism in an appendix, after prose introduction in the text <timbl_> The image needs a width=100% OWTTE NM: Added principles to motivate good practices. ... I killed a few GPNs. <DanC_lap> (hmm... the TOC lists microformats as an example of "RDF and the Self-Describing Web"; the community seems to be divided on that... ah... the text doesn't assume consensus) <timbl_> Noah, do you have a pointer to the original PNG? NM: The RDFa task force has sent an informal response that we should deal with. ... That's my brain dump on what's changed. I think it's ready to ship except for some RDFa details and some editorial work on the diagram. Stuart: Can we get explicit actions to review the draft? <DanC_lap> (I read a previous draft pretty carefully; I'm sorta used up as a reviewer) <scribe> ACTION: Norman to review The Self-Describing Web, either the 12 May draft or the draft that comes out of this meeting [recorded in http://www.w3.org/2008/05/20-tagmem-irc[42]] <trackbot-ng> Created ACTION-155 - Review The Self-Describing Web, either the 12 May draft or the draft that comes out of this meeting [on Norman Walsh - due 2008-05-27]. <scribe> ACTION: Stuart to review The Self-Describing Web, either the 12 May draft or the draft that comes out of this meeting [recorded in http://www.w3.org/2008/05/20-tagmem-irc[43]] <trackbot-ng> Created ACTION-156 - Review The Self-Describing Web, either the 12 May draft or the draft that comes out of this meeting [on Stuart Williams - due 2008-05-27]. The group reads section 5.1 Using RDFa to produce self-describing HTML NM: One of the RDFa TF comments is that RDFa only applies to XHTML. So I plan to fix that by changing all the references here to HTML. <noah> http://lists.w3.org/Archives/Public/www-tag/2008May/att-0070/00-part[44] DanC: I think the sentence that begins "Even though..." is wrong NM: I meant that historically, if you were developing an RDF app, you didn't need to read HTML and now you do. TimBL: This is an example of a design question. The fragment of HTML isn't self-describing until one of two things happens: ... 1. Revise the media type so that it references RDF ... 2. Assume that GRDDL is part of the core and add a GRDDL transformation NM: Ok, what I'm hearing is that this sentence should be deleted or restated to address Dan's concern. ... What I'd like to do is go through these two points a little bit methodically to make sure that I understand their concern and the relevant background. ... Come out of today with a story of what they could have done, what they did, and then go back and revisit the first sentence. ... So, "The last paragraph reads in part "For this example document to be self-describing, the pertinent media type and the specifications on which it depends must provide for the use of RDFa in XHTML; at the time of this writing, they do not."" "The XHTML 2 Working Group disagrees with this statement" Some discussion of with what they are disagreeing. General agreement: You can't have action at a distance. The assertion that you're a member of the family isn't enough, the *actual mime type* has to point explicitly to the members of its family. NM: There are three markers you can use to say that this is not any old HTML. DanC: Ok, so tell the follow-your-nose story with one of these. NM: One of the ways you can go forward is with a DTD TimBL: Take out the DTD. DanC: You can't, because that's part of the spec. TimBL: The DTD is required? NM: It's a SHOULD -> http://www.w3.org/MarkUp/2008/ED-rdfa-syntax-20080519/#docconf -> http://www.w3.org/TR/rdfa-syntax/#docconf Some discussion of whether or not they have an example without a document type declaration. DanC: If you're going to tell the follow-your-nose story with DTDs, good luck getting it past me and Tim, but otherwise you should remove it. JR: Why do you so badly need to know there's RDFa in it? DanC: You need the follow your nose story so that you can license the assertions in the document. NM: Let me see if I can summarize: the relevant base spec does refer to the profile attribute, therefore we can tell the follow-your-nose story with that. ... DTDs do various things, but they aren't part of that story. ... The @version attribute recommended in the new editor's draft isn't part of the follow your nose story either. ... There are two possible paths: they could revise their spec, but let's assume they won't. ... Section 4.1 of the latest RDFa draft specifies that there are three mechanisms to indicate that a document is RDFa enhanced. ... Of these, only one, the profile attribute, is useful to make the document self describing. <timbl_> I note that <title>My home-page</title> <timbl_> <meta property="dc:creator" content="Mark Birbeck" /> <timbl_> <link rel="foaf:workplaceHomepage" href="http://www.formsPlayer.com/[47]" /> <timbl_> is a FOAF error. The foaf:workplaceHomepage property I think links a person and a home page not a home page and a home page. no? <timbl_> ------ NM: because the @profile is specifically referenced as an extension mechanism in the core specs. ... the others aren't self describing. <timbl_> (above bug was in http://www.w3.org/TR/rdfa-syntax/#docconf)[48] DanC: I don't think that's a helpful way to tell the story. Stuart: There's more than one follow-your-nose story. Perhaps we're getting confused. NM: I thought TimBL offered a third choice that they don't mention, GRDDL. Stuart draws a diagram application/xhtml+xml -> RFFC 3236 -> HTML M12N -> http://www.w3.org/1999/xhtml -> RDFa specification HT: That namespace document doesn't actually refer to the RDFa specification yet, but it does say it might. Some discussion about whether or not the MIME type specification actually gives you enough information to follow your nose. It's not as crisp as one might like, but arguably works. RFC 3236 says "With respect to XHTML Modularization [XHTMLMOD] and the existence of XHTML based languages (referred to as XHTML family members) that are not XHTML 1.0 conformant languages, it is possible that 'application/xhtml+xml' may be used to describe some of these documents. However, it should suffice for now for the purposes of interoperability that user agents accepting 'application/xhtml+xml' content use the user agent conformance rules in [XHTML1]. " From which we get from the MIME type to the namespace document. By way of M12N. NM: I'll revisit the sentence "Even though this..." in 5.1 of Self Describing Web and redraft. ... And pull the DOCTYPE Stuart: So you're going to redraft? NM: As I said, I think it's pretty good except for the RDFa stuff and now I can fix that. Some discussion of how to respond to the RDFa email message. <Zakim> timbl_, you wanted to sggest remove doctype and to ask what the follow your nose algo *is* here in RDFa, the section seems to duck the issue <Zakim> DanC_lap, you wanted to note HTML 5 editor doesn't consider GRDDL nor RDF relevant to design of HTML 5 http://lists.w3.org/Archives/Public/public-html/2008May/0102.html[50] DanC: The HTML 5 editor doesn't consider GRDDL nor RDF relevant to the design of HTML 5. HTML5 has no @profile. <DanC_lap> http://lists.w3.org/Archives/Public/public-html/2007Jul/0571.html[51] <DanC_lap> Ian Hickson's rationale for not including profile, in full, seem to only be in the whatwg archive http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-May/014692.html[52] DanC: I disagree with him on an architectural basis, but I can't argue with the fact that lots of authors won't use @profile. TimBL: Leaving these things out prevents smaller communities from innovating. ... The RDF community would like a profile so that they can use HTML in the ways that they want, even though they are a minority community. DanC: "But RDF is not relevant to real life" TimBL: That's just not socially inappropriate. Some discussion of how best this argument could be phrased. Stuart: There were topics we wanted to come back to, how should we adjust our agenda for tomorrow? <DanC_lap> I heard tim give a little bit of something new: "to ignore the overlap between the RDF and HTML communities is unacceptable" NM: I believe that XHTML says it may sometimes be necessary to deliver it with text/html. Furthermore, lots of it is delivered that way. ... I tried to cover follow-your-nose from text/html. DanC: You can't. NM: So I could just leave it out, or I could say why text/html doesn't work. DanC: I kind of like the profile story TimBL: But there are lots of reasons why the RDFa folks don't want to do that. ... They story I think we should tell is that text/html is a poor person's XML and the implicit namespace for text/html documents is the XHTML namespace. ... The other way is to make the RDFa spec is part of the core Scribe note: this is a third option from Tim's earlier list <DanC_lap> (a point I noted earlier: Ian Hickson: For example, in most of about a billion pages I hit in 2005 I found that the html 4 profile attribute was used in about 1.4 million pages... which sounds like a lot, until you realize that the dc.title in the <meta> element, which you should always use with the profile attribute was used about 19 million times. So 1.4 million times we use profile ever, and 19 million times we use dc.title, just one of any number of v <DanC_lap> alues that requires the profile attribute. So that's 10 times more times we use the extension mechanism than we use the extension declaration it wants. -- http://esw.w3.org/topic/TPAC2007Session6[53] ) Some more discussion of the text/html media type. DanC: The text of the text/html media type spec probably hasn't caught up with current understanding. NW: I think you could just leave it out. NM: But there's a lot of XHTML that's served as text/html NW: I still think you could just leave it out. Some discussion of the editorial mods needed to the graphic. <DanC_lap> (what was that address, timbl?) <timbl_> (http://www.w3.org/DesignIssues/diagrams/arch/follow.graffle[54] , danc) Stuart: What was the outcome of the @profile discussion? DanC: You're all notified and I might follow up with TimBl. I accepted that there was no action following. Stuart: There were a few things to potentially revisit: ... XML Versioning ... Distributed extensibility ... URNs and Registries <DanC_lap> agenda order is 15, 16, 13, 14 <DanC_lap> agenda order is 12 <DanC_lap> agenda order is 12, 15, 16, 13 Adjourned for the day <DanC_lap> scribe editing: HT for day 1, Norm for day 2, Noah for day 3 Summary of Action Items [NEW] ACTION: dan to report Relationship values are URIs that identify the type of link. If the relationship is a relative URI, its base URI MUST be considered to be "http://www.iana.org/assignments/link-relations.html#[55]", and the value MUST be present in the link relation registry. is a bug to the relevant bug sink fro http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt[56] [recorded in http://www.w3.org/2008/05/20-tagmem-irc[57]] [NEW] ACTION: David finish refs etc on passwords in the clear finding [recorded in http://www.w3.org/2008/05/20-tagmem-irc[58]] [NEW] ACTION: henry announce namespaceDocument-8 finding on tag-announce etc. [recorded in http://www.w3.org/2008/05/20-tagmem-irc[59]] [NEW] ACTION: Jonathan review overlap between the HCLSI URI note and HT's w.r.t. contribution to TAG finding on UrnsAndRegistries [recorded in http://www.w3.org/2008/05/20-tagmem-irc[60]] [NEW] ACTION: jonathan to reply publicly to Phil with respect to our decision on Link: [recorded in http://www.w3.org/2008/05/20-tagmem-irc[61]] [NEW] ACTION: Norman to review The Self-Describing Web, either the 12 May draft or the draft that comes out of this meeting [recorded in http://www.w3.org/2008/05/20-tagmem-irc[62]] [NEW] ACTION: Stuart to review The Self-Describing Web, either the 12 May draft or the draft that comes out of this meeting [recorded in http://www.w3.org/2008/05/20-tagmem-irc[63]] [End of minutes] ---------------------------------------------------------------------- [1] http://www.w3.org/ [2] http://www.w3.org/2001/tag/2008/05/19-agenda [3] http://www.w3.org/2008/05/20-tagmem-irc [5] http://www.w3.org/2008/05/20-tagmem-irc [6] http://www.w3.org/2008/05/20-tagmem-irc [7] http://www.w3.org/2008/05/20-tagmem-irc [9] http://openid.net/specs/openid-authentication-2_0.html [10] http://docs.oasis-open.org/xri/2.0/specs/cd02/xri-resolution-V2.0-cd-02.pdf [11] http://openid.net/specs/openid-authentication-2_0.html#anchor34 [12] http://docs.oasis-open.org/xri/2.0/specs/cd02/xri-resolution-V2.0-cd-02.pdf [13] http://openid.net/pipermail/general/2006-November/000586.html [14] http://www.xdi.org/docref/legal/egs-dispute-resolution-rules.html [15] http://esw.w3.org/topic/AwwswDboothsRules [16] http://www.w3.org/2001/tag/group/track/actions/116 [17] http://www.w3.org/2008/05/21-jar-tbl.html [18] http://www.w3.org/2000/Talks/www9-larch/all.htm [19] http://www.w3.org/2001/tag/fdesc54/slides [20] http://www.w3.org/2006/04/irw65/urisym [21] http://www.w3.org/2006/04/irw65/urisym#frbr [22] http://vocab.org/frbr/core [23] http://www.w3.org/2006/04/irw65/urisym#iflafrbr [24] http://www.w3.org/2008/05/21-jar-tbl.html [25] http://www.w3.org/2008/05/21-jar-tbl.html [26] http://www.w3.org/2006/04/irw65/urisym [27] http://www.w3.org/2006/gen.ont [30] http://www.iana.org/assignments/link-relations.html [31] http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt [32] http://www.w3.org/2008/05/20-tagmem-irc [33] http://www.iana.org/assignments/link-relations.html [34] http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt [35] http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt [36] http://sw.neurocommons.org/2008/uniform-access.html [37] http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt [38] http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt [39] http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt [40] http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt [41] http://www.w3.org/2008/05/20-tagmem-irc [42] http://www.w3.org/2008/05/20-tagmem-irc [43] http://www.w3.org/2008/05/20-tagmem-irc [44] http://lists.w3.org/Archives/Public/www-tag/2008May/att-0070/00-part [47] http://www.formsPlayer.com/ [48] http://www.w3.org/TR/rdfa-syntax/#docconf) [50] http://lists.w3.org/Archives/Public/public-html/2008May/0102.html [51] http://lists.w3.org/Archives/Public/public-html/2007Jul/0571.html [52] http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-May/014692.html [53] http://esw.w3.org/topic/TPAC2007Session6 [54] http://www.w3.org/DesignIssues/diagrams/arch/follow.graffle [55] http://www.iana.org/assignments/link-relations.html# [56] http://tools.ietf.org/id/draft-nottingham-http-link-header-01.txt [57] http://www.w3.org/2008/05/20-tagmem-irc [58] http://www.w3.org/2008/05/20-tagmem-irc [59] http://www.w3.org/2008/05/20-tagmem-irc [60] http://www.w3.org/2008/05/20-tagmem-irc [61] http://www.w3.org/2008/05/20-tagmem-irc [62] http://www.w3.org/2008/05/20-tagmem-irc [63] http://www.w3.org/2008/05/20-tagmem-irc [64] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [65] http://dev.w3.org/cvsweb/2002/scribe/ Minutes formatted by David Booth's scribe.perl[64] version 1.133 (CVS log[65]) $Date: 2008/05/28 15:54:17 $
Received on Wednesday, 28 May 2008 15:58:18 UTC