- From: <noah_mendelsohn@us.ibm.com>
- Date: Tue, 5 Jan 2010 12:58:16 -0500
- To: www-tag@w3.org, public-tag-announce@w3.org
I am pleased to announce the availability of approved minutes of the TAG
F2F that was held from 8-10 December 2009 at the W3C Offices at MIT. Links
to discussions of particular subjects are available from the agenda page
[1]. The records of the three days are checked into separate files at
[2-4], and are attached in text-only form below. Thank you.
Noah
[1] http://www.w3.org/2001/tag/2009/12/08-agenda
[2] http://www.w3.org/2001/tag/2009/12/08-tagmem-minutes.html
[3] http://www.w3.org/2001/tag/2009/12/09-minutes.html
[4] http://www.w3.org/2001/tag/2009/12/10-tagmem-minutes.html
--------------------------------------
Noah Mendelsohn
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------
[1]W3C
[1] http://www.w3.org/
Technical Architecture Group F2F Meeting, Cambridge, MA
08 Dec 2009
[2]Agenda
[2] http://www.w3.org/2001/tag/2009/12/08-agenda
See also: [3]IRC log
[3] http://www.w3.org/2009/12/08-tagmem-irc
Attendees
Present
Noah Mendelsohn, Tim Berners-Lee, Jonathan Rees, Ashok
Malhotra, Larry Masinter, Henry Thompson, Dan Connolly, John
Kemp
Regrets
TV Raman (partial regrets, present in afternoon via phone)
Chair
Noah
Scribe
John Kemp (morning), Tim Berners-Lee (afternoon)
Contents
* Topics
1. [4]Convene, review agenda
2. [5]Web Application Architecture: Security and Policy
3. [6]Review agenda, meeting goals
4. [7]Metadata Architecture: ISSUE-63: Metadata Architecture
for the Web
5. [8]Web Application Architecture
6. [9]HTML 5 review: ISSUE-20 (errorHandling-20): What should
specifications say about error handling?
7. [10]Admin: meeting planning
8. [11]ISSUE-50 (URNsAndRegistries-50) (status check)
* [12]Summary of Action Items
_________________________________________________________
<scribe> Scribe: JohnK
<scribe> ScribeNick: johnk
Convene, review agenda
<noah> Thomas, we're missing a phone here, working on getting one.
Should be a few mins. Sorry.
trackbot-ng, start telcon
<trackbot> Date: 08 December 2009
Web Application Architecture: Security and Policy
NM: (connects us with TLR)
TLR: there was a well-attended session at TPAC on Web Security
... strict transport security paypal proposal
... XSS discussion
<DanC_> [13]strict transport security wiki topic
[13] http://www.w3.org/Security/wiki/Strict_Transport_Security
TLR: next steps for Origin header draft
... no formal minutes available, however
... have the impression that Origin draft is moving forward in IETF
... HTTP state WG is "under review"
<DanC_> (I saw a draft charter re cookies, I think; where did I see
that? ...)
<tlr> ietf mailing list
TLR: sense is that group should do two deliverables: - one
documenting current state, another more normative
<DanC_> [14]public-web-security archive
[14] http://lists.w3.org/Archives/Public/public-web-security/
<noah> FWIW, I recommend that TAG members willing to deal with the
traffic subscribe to the mailing list. I find it to be
interesting/worthwhile.
<masinter> News on http-state
[15]http://www.ietf.org/mail-archive/web/apps-discuss/current/msg011
82.html
[15]
http://www.ietf.org/mail-archive/web/apps-discuss/current/msg01182.html
<masinter> HTTP-STATE WG charter finished IETF review and IESG
Evaluation, and waiting on a few edits & input responses
TLR: fairly happy with state of affairs
DC: has an area director stepped forward to shepherd the Origin
draft?
TLR: I believe so
<DanC_> ( "Lisa" == Lisa Dusseault , as in
[16]http://www.ietf.org/iesg/members.html )
[16] http://www.ietf.org/iesg/members.html
LMM: haven't heard a positive direction on Origin yet
some of the mics appear to be on mute
<Zakim> DanC_, you wanted to ask which AD is shepherding the Origin
draft
<Zakim> noah, you wanted to ask for a bit of intro on the strict
transport/paypal stuff
<tlr>
[17]http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051
/draft-hodges-strict-transport-sec-05.plain.html
[17]
http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html
NM: what is strict transport security about?
TLR: let a site declare that it wants to use HTTPS even if it sees
an HTTP link
<DanC_>
[18]http://www.w3.org/Security/wiki/Strict_Transport_Security ->
[19]http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051
/draft-hodges-strict-transport-sec-05.plain.html
[18] http://www.w3.org/Security/wiki/Strict_Transport_Security
[19]
http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html
<DanC_> "draft specification proposed by Jeff Hodges (=JeffH,
Paypal.com), Adam Barth (UC Berkeley), Collin Jackson (CMU-SV). "
2.2 Strict Transport Security Policy Summary
The characteristics of the Strict Transport Security policy, as
applied to some given web site, known as a STS Server, is
summarized as follows:
1. Insecure ("http") connections to a STS Server are redirected by
the STS Server to be secure connections ("https").
2. The UA terminates, without user recourse, any secure transport
connection attempts upon any and all errors, including those
caused by a site wielding self-signed certificates.
3. UAs transform insecure URI references to a STS Server into
secure URI references before dereferencing them.
<masinter> Miller's note about "origin:" header being harmful
[20]http://lists.w3.org/Archives/Public/public-web-security/2009Dec/
0035.html
[20]
http://lists.w3.org/Archives/Public/public-web-security/2009Dec/0035.html
TLR: limits DNS corruption and MITM attack
LMM: what are future plans for organizing web security in some way?
more microphone mayhem...
TLR: TPAC tried to coerce volunteers to get involved in review
... usual problem: how do we recruit volunteers?
LMM: is there some possibility for a "formal" security board - a way
of being able to sign up more consistently?
TLR: use the chairs of the security WGs, but we don't have critical
mass
... create a TAG-like body, focused on security?
HT: I had a conversation with Mark Miller at TPAC - he was heartened
by the meeting
... disagreements are purely technical
<Zakim> ht, you wanted to mention personal feedback from Mark Miller
TLR: skillful chairing has contributed to the positive movements
<tlr> +1 to the value of face-to-face meetings, in these points, btw
LMM: keep this as a topic to review periodically
... too early to decide on a formal structure, but would encourage
some thought about a process for improving security review
NM: anything specific for us to follow up on?
<DanC_> I'm gonna close this in a minute unless anybody objects:
<DanC_> ACTION-323?
<trackbot> ACTION-323 -- Dan Connolly to as Thomas for a report form
the security BOF -- due 2009-12-08 -- PENDINGREVIEW
<trackbot> [21]http://www.w3.org/2001/tag/group/track/actions/323
[21] http://www.w3.org/2001/tag/group/track/actions/323
NM: any specific specifications?
<DanC_> (I'm glad Noah is persuing getting actions if we're to keep
this on our agenda. LMM seems to be pursuing a process point, which
is not the TAG's mandate, so I'm OK if nothing comes of it.)
<masinter> origin header -- is it in, is it out, is it dead, is it
shipping?
<DanC_> (tlr, do you want to be here when we talk about confused
deputy?)
<masinter> IRI spoofing -- who has the responsibility for insuring
that user agents don't depend on showing the user a IRI and
expecting them to distinguish
<DanC_> (where's the list tlr is reading? I don't see websockets on
[22]http://www.w3.org/Security/wiki/Main_Page )
[22] http://www.w3.org/Security/wiki/Main_Page
TLR: XHR, CORS, HTML5, WebSockets... encourages LMM to add his short
list
<tlr> I said "I think websockets should go on there, too"
<jar> johnk: Add Uniform Messaging to the list
JK: asks about Uniform Messaging Policy proposal
<tlr> XHR has a last call that closes in a week.
TLR: XHR documents current usage and is in LC
<tlr> [23]http://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/
[23] http://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/
<tlr> LC for XHR ends on 15 December
JK: XHR and UMP both have XHR-like APIs, and seem to be related
<jar> tlr: XHR assumes SOP
<DanC_> DanC: the XHR whose LC is 15 Dec is async with one that
takes on UM, right? [tlr said right]
JK: and UMP allows cross-origin with opt-out from SOP
ACTION johnk to review XHR and UMP together and provide comments to
TAG as relevant
<trackbot> Sorry, couldn't find user - johnk
<DanC_> trackbot, status?
ACTION John to review XHR and UMP together and provide comments to
TAG as relevant
<trackbot> Created ACTION-340 - Review XHR and UMP together and
provide comments to TAG as relevant [on John Kemp - due 2009-12-15].
<DanC_> [24]http://www.w3.org/Security/wiki/HTML5 has an answer to
NM's Q
[24] http://www.w3.org/Security/wiki/HTML5
<tlr> (and that's just the *trivial* list of likely relevant
sections)
NM: any TAG members willing to look at this security wiki and take
any other actions regarding the items listed there?
TLR: HTML5 security policies are worthy of review!
... we don't know what we don't know
... possibility of a workshop around these items
NM: rough guess about when that might happen?
TLR: probably a few months out
<DanC_> . ACTION: noah to let the TAG know about any upcoming HTML 5
security workshop
<tlr> ACTION: noah to follow up with Thomas about security review
activities for HTML5 [recorded in
[25]http://www.w3.org/2009/12/08-tagmem-minutes.html#action01]
[25] http://www.w3.org/2009/12/08-tagmem-minutes.html#action01
<trackbot> Created ACTION-341 - Follow up with Thomas about security
review activities for HTML5 [on Noah Mendelsohn - due 2009-12-15].
<masinter> [26]http://www.w3.org/Security/wiki/Talk:HTML5
[26] http://www.w3.org/Security/wiki/Talk:HTML5
DC: do "sandboxed iframes" work as well as they could or are there
possible improvements?
(seems like no-one knows the specifics well-enough)
TBL: permeability of iframe boundary has been in flux during our
work on tabulator...
<masinter> at least 100 messages on sandboxed iframes in
[27]http://lists.w3.org/Archives/Public/public-web-security/2009Dec/
thread.html
[27]
http://lists.w3.org/Archives/Public/public-web-security/2009Dec/thread.html
TBL: is this in research phase, or fairly solid in browsers?
TLR: (thinks still research phase)
LMM: lots of messages on sandboxed iframes this week, so situation
is still evolving
NM: (reviews the agenda item)
<DanC_> close action-321
<trackbot> ACTION-321 lightly edit TAG input to DAP WG per 8 Oct and
tell Noah closed
<DanC_> close action-318
<trackbot> ACTION-318 Send note to Device APIs and Policy (DAP)
Working Group on behalf of the TAG closed
DC: can I close actions?
<DanC_> close action-323
<trackbot> ACTION-323 As Thomas for a report form the security BOF
closed
LMM: I would be happy if there were an interest group for tracking
these issues
<tlr> (encouragement heard, but not going to happen this year. ;-)
LMM: part of web arch is security, and it probably requires more
attention than the TAG is able to give it
NM: TAG still has a role, and I'm not sure if a W3C mechanism to
track all of these things outside W3C is useful
... what problem does IG solve?
DC: possibility of a workshop is a good start
<jar> I just added uniform messaging to the security wiki FYI
ACTION Noah January 15th ask the TAG again about more formally
tracking security issues in HTML5
<trackbot> Created ACTION-342 - January 15th ask the TAG again about
more formally tracking security issues in HTML5 [on Noah Mendelsohn
- due 2009-12-15].
AM: read the UMP draft, which speaks about 2 actors
<tlr> jar, CORS and UM are closely enough linked that I'd prefer to
keep them together
AM: does UMP extend to multiple actors?
<DanC_> (I'd like to see an explanation of how UM generalizes to
multiple parties)
JAR: yes
<DanC_> action-340: to include an explanation of how UM generalizes
to multiple parties
<trackbot> ACTION-340 Review XHR and UMP together and provide
comments to TAG as relevant notes added
LMM: in last IETF, long discussion about non-ASCII chars in IRIs and
related security issues
... possibility of constructing IRIs that the user cannot really
tell whether they represent what the user is actually trying to do
... this is not a security mechanism, but there is a security issue
there
<DanC_>
[28]http://www.w3.org/Security/wiki/Trusted_User_Interface#IDN_Spoof
ing
[28]
http://www.w3.org/Security/wiki/Trusted_User_Interface#IDN_Spoofing
NM: is the current group of the group working around the web
security wiki looking at issues such as the one Larry describes?
TLR: not specifically, no
<DanC_> (I too think Singer wrote that bit)
NM: next steps?
... should someone from TAG work with the community around this wiki
to frame the issues?
LMM: would like to make normative references from various specs. to
something relevant for web security
... a wiki is not enough
DC: we have IRIEverywhere issue - can we track the relevant security
portion under that?
NM: HTML5 tells user agents what to do; should perhaps be giving
advice about, for example, IRIs that might confuse the user
dangerously
thanks Thomas
<ht> Everyone says "Thank you Thomas"
DC: there's an opportunity to engage the people involved in this
wiki... but not sure how/whether we will declare victory
<noah> TLR, thank you >so< much for taking the time to join us. It
was very, very useful!
JAR: mentions pet names: that one should never trust the names given
to you by anyone else
... you get to designate your own name, rather than blindly
accepting the name given you by a server
DC: I visit 10000 web pages a day, can't give them all pet names
JAR: solution is proposed, but isn't yet usable perhaps?
NM: when about to click on a link, I should know what I'm clicking
on
<DanC_> (tracker, note we're discussing ISSUE-27 IRIEverywhere-27 )
NM: if a page contains 50 links (to images for example), should I
get to choose whether I want to access all 50 of them?
... associate my own pet name with a given URI?
TBL: what's the process?
JAR: the point is that it makes it possible for the user to
discriminate
NM: the user can be confused, but only the first time - when they
make the pet name association
TBL: system should protect you from confusing your pet names
JAR: overall constraint is exactly that - to make it more difficult
to confuse the user with names
DC: can you (JAR) post to www-tag about pet names?
LMM: how about IRI list instead?
<tlr> note that petnames were discussed and even speced
*extensively* in the WSC WG. Implementers wouldn't have any of that.
<DanC_> ACTION: jonathan discuss petname application to IRI spoofing
in public-iri and www-tag [recorded in
[29]http://www.w3.org/2009/12/08-tagmem-minutes.html#action02]
[29] http://www.w3.org/2009/12/08-tagmem-minutes.html#action02
<trackbot> Created ACTION-343 - Discuss petname application to IRI
spoofing in public-iri and www-tag [on Jonathan Rees - due
2009-12-15].
HTML5, WebSockets, XHR, CORS
<DanC_> action-343?
<trackbot> ACTION-343 -- Larry Masinter to discuss petname
application to IRI spoofing in public-iri and www-tag -- due
2009-12-15 -- OPEN
<trackbot> [30]http://www.w3.org/2001/tag/group/track/actions/343
[30] http://www.w3.org/2001/tag/group/track/actions/343
NM: WebSockets is moving fast...
LMM: wanted to noted the IETF meeting on HyBi
<tlr> [31]http://dev.w3.org/html5/websockets/
[31] http://dev.w3.org/html5/websockets/
LMM: two groups - one documenting current practice on long-polling
et al with HTTP
<tlr>
[32]http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol
[32] http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol
LMM: and another discussing WebSockets
... result, I believe, was that WG forming would focus on WebSockets
NM: how about CORS?
<DanC_> ACTION-331 ?
<trackbot> ACTION-331 -- Dan Connolly to consider ways to track the
'confused deputy problem' issue in webapps/cors -- due 2009-11-24 --
PENDINGREVIEW
<trackbot> [33]http://www.w3.org/2001/tag/group/track/actions/331
[33] http://www.w3.org/2001/tag/group/track/actions/331
<DanC_> [34]http://www.w3.org/2008/webapps/track/issues/108
[34] http://www.w3.org/2008/webapps/track/issues/108
DC: TPAC goal achieved
... Mark Miller took the ball, resulting in the UMP proposal:
[35]http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/at
t-0931/draft.html
[35]
http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/att-0931/draft.html
<DanC_> DanC: what's critically different between UniformRequest and
XMLHTTPRequest is that no cookies go out; it's not clear to me why
that's more secure
<noah> NM: Note that uniform messaging looks at the Javascript level
just like XHR, except that you "new" a different object to start.
<DanC_> ... if you want to do something different, you have to put
your credential/permission elsewhere
JK: there are two parts to the spec:
<DanC_> HT: yes, you put it in your code
<DanC_> DanC: but who is "you"? the server? the client? the
attacker?
i) that an HTTP response header can be sent saying that the server
opts-out of SOP
<DanC_> JAR: the code is the attacker...
<DanC_> ... if he doesn't have permission, he can't do anything
dangerous.
ii) the UA uses a new XHR that doesn't send cookies
meaning any "credentials" are i) not site-specific ii) not sent
implicitly
<Zakim> DanC_, you wanted to talk about credential/permission
DC: some concerns about the terminology regarding 'permission' sent
as editorial comments
<DanC_> on permission and such
[36]http://lists.w3.org/Archives/Public/www-archive/2009Dec/0021.htm
l
[36]
http://lists.w3.org/Archives/Public/www-archive/2009Dec/0021.html
JAR: proof of permission?
<DanC_> "proof of permission" would be good; maybe I'll suggest that
in email to the editors
<Zakim> noah, you wanted to ask about community reaction to uniform
messaging draft
DC: it's good that CORS has an issue open on confused deputy so the
WG has to choose UM or not before going to LC
... how, for example, does this impact sandboxed iframes, for
example?
ACTION Jonathan to alert TAG chair when CORS and/or UMP goes to LC
<trackbot> Created ACTION-344 - Alert TAG chair when CORS and/or UMP
goes to LC [on Jonathan Rees - due 2009-12-15].
<DanC_> close action-321
<trackbot> ACTION-321 lightly edit TAG input to DAP WG per 8 Oct and
tell Noah closed
<DanC_> action-331?
<trackbot> ACTION-331 -- Dan Connolly to consider ways to track the
'confused deputy problem' issue in webapps/cors -- due 2009-11-24 --
PENDINGREVIEW
<trackbot> [37]http://www.w3.org/2001/tag/group/track/actions/331
[37] http://www.w3.org/2001/tag/group/track/actions/331
<DanC_> close action-331
<trackbot> ACTION-331 Consider ways to track the 'confused deputy
problem' issue in webapps/cors closed
Review agenda, meeting goals
NM: we discussed 3 big items (linked in agenda) before the summer
... later moved to closely study HTML5
... is there something bigger than the sum of the parts (ie. action
items) similar to webarch that we want to do beyond review of
detailed actions?
AM: as we begin talking about web apps, metadata it might become
obvious if we want to write something more "overarching"
LMM: we had talked about creating products of long-term value?
NM: such as the "architecture of web applications"
... agenda is in service of a set of goals
... agenda does reflect those goals
Metadata Architecture: ISSUE-63: Metadata Architecture for the Web
ACTION-282
ACTION-282?
<trackbot> ACTION-282 -- Jonathan Rees to draft a finding on
metadata architecture. -- due 2009-12-02 -- PENDINGREVIEW
<trackbot> [38]http://www.w3.org/2001/tag/group/track/actions/282
[38] http://www.w3.org/2001/tag/group/track/actions/282
JAR:Our job is to encourage a connected, open Web, and a "global"
approach to metadata seems important for that. Is there a related
way to understand some of the "puzzles" - RDFa vs. Microdata,
XRD/LRDD/Link, related HTTP semantics; using URIs to "refer" rather
than to "locate"; link rel="canonical", multimedia "bookmarking" and
the nature of "authoritative"?
[Jonathan's draft at
[39]http://www.w3.org/2001/tag/2009/12/metameta.html is what we're
reviewing]
[39] http://www.w3.org/2001/tag/2009/12/metameta.html
TBL: I thought we were doing an overall model of the whole "shebang"
- not just philosophical layer. This includes APIs, no?
JAR: that seems like an opportunity we have
<DanC_> (I'm not sure I agree with TBL that the AWWSW model is "not
philosophical". I'm not sure there any falsifiable claims in it.
Maybe around "immutable resources", but I don't see that as a
pressing issue.)
AM: we should start from metadata use-cases
... these are the situations in which you might want some metadata
... then we can say "in situation N, here's what you ought to do..."
JAR: yes, use-cases are very important
JK: what if someone doesn't acquire metadata in the way you suggest
even in a given use-case?
TBL: You can tell them what they would be losing by doing it
differently
LMM: in my earlier work, I was taking a narrower perspective on
"what is metadata" than I think we have generally taken. For
example, perhaps related to the difference between metadata about
information resources vs. metadata about non-information resources?
TBL: Metadata is data about documents. If it's about an information
resource, then it's metadata. If it is about something else, it
isn't.
LMM: That's the conventional meaning, I think
<ht> [40]http://www.e-learningguru.com/articles/metacrap.htm
[40] http://www.e-learningguru.com/articles/metacrap.htm
JAR: that is part of the work we need to do to bound this project.
Metadata can come from many different places - a protocol might only
get that metadata from one place - "first-party provided" metadata
NM: you're stopping short of discussing the impact of provenance?
JAR:No.
NM:There is a big difference between we know a claim about
something, or whether we know the thing itself. There is a
difference of trust. Is the statement "noah says the wall is brown",
or "the wall is brown"?
AM: yes
<ht> [the metacrap reference is old: Version 1.3: 26 August 2001 --
here's the original [41]http://www.well.com/~doctorow/metacrap.htm ]
[41] http://www.well.com/~doctorow/metacrap.htm
TBL: Almost anyone who deals with any data on the web technology
deals with and is aware of provenence. It is a large area, but we
don't have to get into it deeply now.
JAR: Most of my draft is a list of questions. Those questions could
stimulate actions items - there is a lot of work here. Does metadata
have any special role on the web?
TBL: Metadata is data about documents, and as docuements have a
special role in web architecture, so metdata has a special role to a
certain extent.
LMM: In the narrow definition, metadata is data about "information
resources"
NM: if someone makes a statement about a document, it is clearly
metadata. If someone makes a statement such as "I was born on
November 3rd" what do we call that statement?
LMM: There are some special properties of documents that make them
more interesting in this regard.
DC: Can you be more specific?
HT: There's a fundamental difference between representations whose
referents are available digitally and those which are not. Therefore
reasoning about them is different
DC: Larry, can you be more specific about the properties of a
document that make it more interesting this way?
TBL: AWWW spends a lot of time trying to describe this so it's very
important - deal with the Web, you deal with docs.
<masinter> the library and digital library community have a long
history of establishing "metadata" for items that might appear in a
world of managed information, and that this tradition is
instructive, helpful, and with available techniques for management,
refinement. The general "knowledge management" problem is hard, but
the "metadata management" problems are tractable
NM: take a set of measurements and record them
... if I then also record that I took these measurements on a
particular date, then that is metadata about the measurements
... if you limit only to digital representations, it seems to me you
lose the historical meaning of metadata
<DanC_> ("I don't want to get hung up on terminology" <-- famous
last words. terminology _is_ the problem. Agreeing on terminology is
solving the problem.)
LMM: metadata was about "what was in the card catalogue"
<noah> let's do terminology after we cover use cases.
<DanC_> no, let's not
LMM: common way to describe that the book in library a was the same
book as in library b
<DanC_> let's try out terminology as we discuss use cases, and keep
careful eye on which terms comfortably fit and which ones don't.
LMM: Dublin Core was a way of cataloging metadata about documents /
IRs
... value is to leverage that work
NM: you don't buy my 'measurements' example?
... not scoped only to library usage
AM: I think we should ask different questions
<masinter> there are things that are on the boundary ... you can
treat them as "information resources" or not
AM: what could *we* write that would be useful here?
<DanC_> ([42]http://en.wikipedia.org/wiki/Metadata is disappointing
in that it doesn't have a history section like most good
encyclopedia articles)
[42] http://en.wikipedia.org/wiki/Metadata
<Zakim> ht, you wanted to say "yes" to NM wrt measurements
Dublin Core: I think you should split the screen
HT: yes, Noah, your example is within "metadata" scope
... I think Dublin Core is useful for any set of digital data
right...
JAR: back to document...
... not a lot of standardization
... poor incentives for creating explicit metadata
... difficult to deploy - why?
... difficult to validate
... it doesn't feel that all of these things are adequately
connected - it doesn't feel like a "Web"
<DanC_> (the mismatch betwen CiteULike and Amazon ... I wonder how
many man-hours a day that costs the world. Sounds a lot like what
LMM was talking about for library metadata in the 1st place... "how
do you know it's the same book?")
HT: host-meta is data about a set of resources
LMM: there's a question about metadata when related to statements
made about a person
TBL: lots of people are not doing metadata when they are making
statements of identity of people. The issue of different people
assigning different names to the same person is quite general. Let's
not expand the scope of "Metadata" to the semantic web in general.
There is a general problem of co-reference... different people
assigning different names to the same thing ... let's not try to
tackle that under the rubric Metadata as though it were special to
people or people were special to metadata.
TBL: people, music, place names, countries (and other administrative
areas) all have data about them and coreference issues
... we shouldn't focus only on authors
JAR: is RDF "nose-following" a metadata use-case?
LMM: metadata has a data model, a vocab, a serialization, and method
of association (linking/embedding)
<DanC_> [43]Framing an Architecture for Metadata on the Web
[43] http://lists.w3.org/Archives/Public/www-tag/2009Jul/0153.html
<DanC_> LMM was talking about that ^
<timbl> RDF nose-following is a technical solution for many of these
problems, coupled with the stitched-together quilt of grass-roots
ontologies.
<Noah_phone> From Wikipedia:
JAR: what are interesting cases that deal with metadata?
<Noah_phone> Metadata (meta data, or sometimesmetainformation) is
"data about data", of any sort in any media. Metadata is text,
voice, or image that describes what the audience wants or needs to
see or experience. The audience could be a person, group, or
software program.
LMM: if we have a framework for metadata, we can use this to explore
the specific cases and see how/if it applies
<Noah_phone> The above is Wikipedia def of metadata. Consonant with
my assumptions.
JAR: that suggests a matrix between your framework items (LMM - see
earlier list) and the uses documented in my draft
... (describes examples listed in linked document)
<masinter> note
[44]http://tools.ietf.org/html/draft-reschke-rfc2731bis-05
[44] http://tools.ietf.org/html/draft-reschke-rfc2731bis-05
JAR: is anything different since RDF/Dublin Core?
... (references Metadata Activity statement)
<masinter> [45]http://dublincore.org/documents/2008/08/04/dc-html/
[45] http://dublincore.org/documents/2008/08/04/dc-html/
metadata activity statement: [46]http://www.w3.org/Metadata/Activity
[46] http://www.w3.org/Metadata/Activity
NM: ADJOURN FOR LUNCH
<jar>
[47]http://gov2.net.au/files/2009/12/Draft-Government-2-0-Report-rel
ease.pdf
[47]
http://gov2.net.au/files/2009/12/Draft-Government-2-0-Report-release.pdf
<timbl> jar, [48]http://gov2.net.au/about/draftreport/#rec6
[48] http://gov2.net.au/about/draftreport/#rec6
<DanC_> that's wierd.
<timbl> --------------------------
<timbl> scribenick: timbl
<DanC_> just a sec while I sync the agenda
Noah: We have to Web App Arch slots, one now and one for the same
time tomorrow.
Raman: I can't make tomorrow morning PST
... I can make 15:00-17:00 EST
Noah: Philippe Le Hégaret has offered to join us.
<noah> [49]http://www.w3.org/2001/tag/tag-weekly#Application
[49] http://www.w3.org/2001/tag/tag-weekly#Application
Web Application Architecture
<noah> [50]http://www.w3.org/2001/tag/doc/content-to-apps.html
[50] http://www.w3.org/2001/tag/doc/content-to-apps.html
<noah> [51]http://www.w3.org/2001/tag/2009/09/webAppsTOC-20090921
That is the thing which Ashok et al did, This is what JAR did
[51] http://www.w3.org/2001/tag/2009/09/webAppsTOC-20090921
Noah: We have two documents to frame this discussion:
1. Jonathan as revised the [52]Table of Contents for Web
Application Architecture that was gathered at the June and Sept.
TAG F2F Meetings.
2. Ashok, with help from Raman and Larry, has prepared [53]From Web
Content to Applications
[52] http://www.w3.org/2001/tag/2009/09/webAppsTOC-20090921
[53] http://www.w3.org/2001/tag/doc/content-to-apps.html
Ashok: Most of this talks about how the web started as a web of
documents, and is now turning into a web of apps.
... That is useful stuff, but we wanted to extract the issues
engendered by this fundamental shift.
... None of us looked at Web IDL -- we didn't have the knowledge
... One question is, how to capture state. This is complicated.
... There is HTML5 work split out into Storing Client-Side State, as
there are two specs, one SQL-based, and the other keyword/value
based.
... You send in data from the user, and the app by its nature has
lots of data. It has to be protected: it has to have policies about
its access.
... The third on which Larry put up is that the Web is now more
complex.
... It has different sorts of user agent, different URI schemes, and
so on. What does this imply?
... So those were are main pints, plus the UMP stuff -- how does UMP
extends to multiple agents? (UMP = Uniform Messaging) [seee required
reqding]
... The trouble is, you are going to make a request of an app, and
the app is in fact behind many appliances. The appliances can
communicate. WHat do we do about this data being secure, protected?
<noah> [54]http://www.w3.org/2001/tag/2009/09/webAppsTOC-20090921
[54] http://www.w3.org/2001/tag/2009/09/webAppsTOC-20090921
Masinter: My intent, I thought, was to elaborate some of these
points into paragraphs.
Masinter: Other bits still need to be done.
<Zakim> DanC_, you wanted to answer tbl: yes, the state of the art
is (a) "installed stuff", including extensions and MacOS widgets and
phone apps (b) remote code, e.g. scripts in web
Tim: Some times will the application be downloaded by the user and
installed and trusted, making the security situation surely much
simpler? Like with an installed desktop app or a iPhone app
DanC: There are two design centers. The installed code, and the web
site script case. But they are starting to overlap in some cases.
<Zakim> noah, you wanted to talk about device APIs permissions
TimBL: Like running Mac mail and a web version of it which try to be
the same interface.
Noah: If I am a smart user, then I expect there are bounds to what I
have trusted it to do, and those bounds are being stretched, like
with geolocation. The stickiness of the policy is where this
happnes. Does the permission stick?
<DanC_> (speaking of letting my browser run javascript, after
reading crockford's writings, I installed noscript immediately. It's
fairly painful, but the alternative is to turn my computer over to
anybody on the internet who wants to use it for whatever purpose
they see fit and blame it on me.)
Noah: A huge barrier to getting people to move apps to the web, it
asks anew whether it can have your location, which is frustrating.
Maybe a longer term storage of the preferences would help.
TimBL: I am surprised if these things are not remembered by web site
Ashok: Where would that be stored? On the client or server?
Noah: Not relevant
DanC: In fact a Firefox extension can change that from local to
remote
John: A common trust model is this origin-based thing -- a (widget)
package which is verified as coming from an origin via a signature.
... Another common trust model is like iGoogle -- Google gadgets are
assembled onto a home page for you, and Google has 'vetted' the
code: Google is the thing which you trust
<Zakim> johnk, you wanted to note that code for an application might
come from multiple un-trusting (of each other) elements
<Zakim> ht, you wanted to ask TBL about gmail
John: There is a third possibility we hadn't even counted about,
where the client is making the mashup and assembling things from
multiple sources which may not trust each oither. A more dynamic
situation. This involves cross-site scripting.
Henry: Normal users do not really understand the distinction.
TimBL: They know whether they have installed an iphone app
Noah: GMail on the gPhone is really a web abb which behaves like an
app.
<noah> zaki, close the queue
Ashok: It looks as though there are just two cases, downloaded
[installed] app and web app. There could be a third situation.
Henry: No, the consumer would not distinguish.
<masinter> (a) The "WebApps" working group is working on something
like Adobe AIR -- something that uses web technology for building
traditional applications, where the fact that it's using web
technology is pretty much irrelevant to the end user experience.
<masinter> (b) I want to see if we can separate the conversation
between mechanisms for providing security, vs. the different kind of
user models. of course they don't match, and getting them to match
-- is that in scope for this ?
JAR: The problem of getting the user to connect them is them user
programming system.
<DanC_> ack
<Zakim> DanC_, you wanted to ask if anybody knows the state of the
art in maybe cultural anthropology about how many brand names we can
trust: mom, dad, my school, my town, my country,
DanC: What is the state of the art in what we can trust?
HT: People trust a lot.
LM: There are people working on web apps more like adobe air, which
is like installing an application because it gets the same
privileges.
<ht> LMM mentioned Adobe Air, Microsoft silverlight is another
<ht> ... distributed app deployment platform
Noah: There is a widget spec which allows you to make an installable
thing.
Masinter: Note that Web Application can be used for either animal.
<noah> I propose the following working terminology for use in the
TAG:
Masinter: We have mechanisms for providing security -- and user
perception -- and we know they don't match. But that we knew.
<noah> Web Application -> A zero-install application accessed by
doing HTTP GET of the main page (which in turn tends to use
Javascript)
Masinter: To tackle it, we would have to understand the [inherent]
user models of security. I am not sure we are ready to deal with
them.
<noah> W3C Widget -> An installable application built of Web
technologies per [55]http://www.w3.org/TR/2009/CR-widgets-20091201/
[55] http://www.w3.org/TR/2009/CR-widgets-20091201/
<masinter> lmm: are we ready to take on the "user model"
<DanC_> I prefer "zero-install" and "installed".
<masinter> -1 don't like Noah's "Web Application" definition
Noah: I propose we use "Web Application" to mean a zero-install
application.
<ht> So I hear three categories: functionality running in the
browser on the [AJAX] platform or, maybe, on browser plugins, e.g.
Flash; functionality runninng on other metal-installed distributed
deployment platformsl, e.g. Silverlight; and Widgets, which are
installed but run on the [AJAX] platform
<masinter> the line between these two things are blurry, and it's
not clear that making categories is useful
<ht> DC: Running is not the same as getting: when you run, you allow
all kinds of privileges, e.g. to write all over your disk
<masinter> why is it useful to make these categories when they are
aspects of technology decisions with many variables which don't
correspond to these categories, and users have trouble
distinguishing too
Noah: We have 45 minutes . We have no future work in the web apps
area.
... . We can let this go and go back to the table of contents.
<DanC_> (fwiw, we do have actions in the webapps area/product,
though they're mostly about security
[56]http://www.w3.org/2001/tag/group/track/products/7 )
[56] http://www.w3.org/2001/tag/group/track/products/7
<Zakim> ht, you wanted to underline _three_ categories
<DanC_> (I stipulate that we _need_ to manage storage; I still don't
_want_ to 1/2 ;-)
TimBL: Users need to be able to see which applications are taking up
the space on their phone, and a good UI would let a user manage that
and decide which apps to let go in order to install another when the
device is full
Henry: Look at Silverlight aps -- they don't fall well into Noah's
two categories.
E.g OpenStreetMap: 3.46G [x] Uses location [ ] use contacts [remove]
<DanC_> ("open standard" is orthogonal to most of the technical
issues we've been talking about, no?)
<johnk> plugins i) get access to platform APIs below the browser ii)
get to "violate" the SOP
<Zakim> masinter, you wanted to argue against premature categories
as per above
<raman> it's very hard to participate in this discussion via the
phone
<Zakim> noah, you wanted to note that installable iPhone apps are,
in may respects, sandboxed
(( [...something missed here...]ways of disrupting discussions like
this:(on webapp) 1) Widening -- "ah, but what about apps in
general?" 2) Splitting hairs "If authorship of the data is webapp,
is the author's address? or is that data about a person and so not
metadata?" 3) Considering time-variance: "But isn't it not just a
question of the webapp now, but how the webapp has changed over
time"? 4) Let's see what happens when we look "webapp" up in the
dictionary. 5) .. i
wikipedia... 6) Do we really have an agreement on a definition of
"webapp"? ))
Raman: If you have the (Google) 'native client' plugin installed,
you can run them locally as apps
<DanC_> (yeah... native-client goes one way, and phonegap goes the
other)
Noah: I think the web app case I was talking about is fairly well
isolated.
... Limited access to other clients, etc
Raman: The browser sandbox is getting richer .. so the sandboxing is
getting more powerful, so the line is blurring.
<Zakim> johnk, you wanted to note that there is probably no useful
distinction to be made between widget and "web app"
Raman: Like web and internet being pervasive.. The net is one more
part of the computer.
John: I don't think there is a useful distinction between "widget"
and "webapp". One possible distinction would be if you have separate
decisions to make as to whether you will download it and whether you
will run it.
... I am not sure it is a useful distinction.
<Zakim> ht, you wanted to emphasise DC's point which I scribed above
Henry: Categories are valuable
... Desktop apps can do anything
<Zakim> DanC_, you wanted to try to get "native-client goes one way,
and phonegap" in a TOC or TODO list or something
Noah: iPhone apps can only run in theor own memory, not communicate
one to the other.
DanC: Phonegap allows you to write HTML and JS and deploy it as an
application.
... NativeClient allows you to download machine object code.
These are existing technologies
<DanC_> These are existing, concrete technologies that we could use
to explain concepts to people.
<DanC_> (IE's trust categories are, in a distant way, similar to
noscript's trusted site lists and petnames.)
TimBL: Maybe making up distinctions as a design point, then defining
the properties of them (like IE did with levels of trusted sites in
the past say) so that you can then prove what sorts of functionality
you can get from applications in each category. Not observing a
distinction but inventing one.
<Zakim> noah, you wanted to note that W3C Widgets share things like
device access APIs with Javascript apps running in the browser
Noah: I am convinced by the point that proprietaryness is not an
*architectural* concern.
... However, there things we W3C are responsible for as we are not
responsible for silverlight or Flash. these are the AJAX
technologies.
... We additionally have the widget work. With W3C Widget packaging.
... I am told phonegap may converge with widgets.
... I think the policy model will be shared by those two models.
... For example the geolocation API can be used from either type of
application.
... I think that the policy issues are interesting in both cases.
Raman: Also it is our responability to make sure all bits of tech
work on the web whether or not they come from W3C.
Ashok: If you use a webapp, the danger is that you will give it
data. It might sell that data.
Noah: Same for iPhone apps.
Ashok: You will need different types of protection mechanisms,
different types of policies.
... I was talking at lunch to Lalana Kagal, who is a policy person.
<DanC_> [57]http://people.csail.mit.edu/lkagal/
[57] http://people.csail.mit.edu/lkagal/
Ashok: She felt that the note we sent out about policy [@@link]
wasn't strong enough.
<DanC_> action-318?
<trackbot> ACTION-318 -- Noah Mendelsohn to send note to Device APIs
and Policy (DAP) Working Group on behalf of the TAG -- due
2009-11-20 -- CLOSED
<trackbot> [58]http://www.w3.org/2001/tag/group/track/actions/318
[58] http://www.w3.org/2001/tag/group/track/actions/318
Ashok: She would like something stronger,. with an outline of
architecture and outline of protection mechanisms.
... It just said "You have to have a policy" Nothing in what kind,
where enforced, etc .. the next layer of the architecture.
<Zakim> DanC_, you wanted to prompt for "what are we trying to
promote/prevent?" and to note "phonegap converge with w3c widget
work" as perhaps something we're trying to promote
DanC: What are we trying to promote? to prevent? Maybe we should
promote the convergence of phonegap and w3c widget work.
<DanC_> problem making ajax crawlable
[59]http://lists.w3.org/Archives/Public/www-tag/2009Dec/0030.html
[59] http://lists.w3.org/Archives/Public/www-tag/2009Dec/0030.html
<noah> I would be willing to take an action to investigate
Phonegap/W3C Widget convergence plans
<johnk> I think your distinction is interesting, Larry (re: which
sandbox is used) and definitely, the issues you raise re protection
et al are correct
DanC: Also I wrote an email about his idea about making AJAX space
crawlable: a mapping from a URI with an AJAX hash in it to a URI
without an AJAX hash in it. There is a question then as to whether
the original URI should be the one without the hash or the one with.
There is a really broken idea of having a standard mapping from any
URI with a hash to some equivalent/related URI without. The people
who define such mappings don't have the right to say things about
everyone else's URI space.
<DanC_> (the point I'm trying to make is about squatting; i.e. who
gets to choose which names)
Masinter: Mainly the same except a widget as a security domain which
is the local machine.
... We might be advantaged by not making the distinction at all.
<Zakim> noah, you wanted to say that the bit Dan talked about with
server/client URI aliasing is exactly the sort of thing I'd like to
see us explore, perhaps in an Arch of Web Apps.
<DanC_> . ACTION noah to investigate Phonegap/W3C Widget convergence
plans
ACTION Noah to investigate possible convergence of phonegap and w3C
widgets, by January 30
<trackbot> Created ACTION-345 - Investigate possible convergence of
phonegap and w3C widgets, by January 30 [on Noah Mendelsohn - due
2009-12-15].
<DanC_> action-345 due 30 jan
<trackbot> ACTION-345 Investigate possible convergence of phonegap
and w3C widgets, by January 30 due date now 30 jan
<DanC_> action-345?
<trackbot> ACTION-345 -- Noah Mendelsohn to investigate possible
convergence of phonegap and w3C widgets, by January 30 -- due
2009-01-30 -- OPEN
<trackbot> [60]http://www.w3.org/2001/tag/group/track/actions/345
[60] http://www.w3.org/2001/tag/group/track/actions/345
<noah> b
<DanC_> action-345?
<trackbot> ACTION-345 -- Noah Mendelsohn to investigate possible
convergence of phonegap and w3C widgets -- due 2010-01-30 -- OPEN
<trackbot> [61]http://www.w3.org/2001/tag/group/track/actions/345
[61] http://www.w3.org/2001/tag/group/track/actions/345
<DanC_> action-345?
<trackbot> ACTION-345 -- Noah Mendelsohn to investigate possible
convergence of phonegap and w3C widgets -- due 2010-01-30 -- OPEN
<trackbot> [62]http://www.w3.org/2001/tag/group/track/actions/345
[62] http://www.w3.org/2001/tag/group/track/actions/345
Noah: About this trickery between client-side and server-side URIs
.. the Google maps URIs are neat -- the server generates a map with
URIs, but the javascript knows how tro generate permalinks to panned
versions of the map which will work when you use them on the server
... This is a really useful idiom. We should promote it.
... In fact, if the code was really trusted, then the URI bar would
change in real time as one pans anyway.
TimBL: A Firefox extension is trusted like that, so Tabulator can do
that with URIs
<Zakim> DanC_, you wanted to ask about addressbar updating
Henry: A taxonomy or enumeration of who you are trusting when you
perform which gestures would be interesting.
... When you are doing a GET then you are trusting the browser
implementation to not do anything as a result of that get. But when
you install something, you are trusting the source of the code you
install.
DanC: Browsing isn't safe. When you do a GET, in fact you can load a
script which can do a POST. Which is broken.
[ADJOURNED to XX:15]
______________________
HTML 5 review: ISSUE-20 (errorHandling-20): What should specifications
say about error handling?
We start without John for the moment.
John arrives
Noah: This item is a combination of error handling and content
override
<DanC_> action-308?
<trackbot> ACTION-308 -- John Kemp to propose updates to
Authoritative Metadata and Self-Describing Web to acknowledge the
reality of sniffing -- due 2009-12-25 -- OPEN
<trackbot> [63]http://www.w3.org/2001/tag/group/track/actions/308
[63] http://www.w3.org/2001/tag/group/track/actions/308
<DanC_> action-309?
<trackbot> ACTION-309 -- Henry S. Thompson to henry to bring back
proposed TAG pushback on sniffing and HTTP bis draft
[64]http://trac.tools.ietf.org/wg/httpbis/trac/export/663/draft-ietf
-httpbis/latest/p3-payload.html, or his recommendation that we leave
it alone -- due 2009-11-26 -- PENDINGREVIEW
[64]
http://trac.tools.ietf.org/wg/httpbis/trac/export/663/draft-ietf-httpbis/latest/p3-payload.html
<trackbot> [65]http://www.w3.org/2001/tag/group/track/actions/309
[65] http://www.w3.org/2001/tag/group/track/actions/309
action-309?
<trackbot> ACTION-309 -- Henry S. Thompson to henry to bring back
proposed TAG pushback on sniffing and HTTP bis draft
[66]http://trac.tools.ietf.org/wg/httpbis/trac/export/663/draft-ietf
-httpbis/latest/p3-payload.html, or his recommendation that we leave
it alone -- due 2009-11-26 -- PENDINGREVIEW
[66]
http://trac.tools.ietf.org/wg/httpbis/trac/export/663/draft-ietf-httpbis/latest/p3-payload.html
<trackbot> [67]http://www.w3.org/2001/tag/group/track/actions/309
[67] http://www.w3.org/2001/tag/group/track/actions/309
Henry: I attempetd in this email
([68]http://lists.w3.org/Archives/Public/www-tag/2009Dec/0006.html)
to get everyone up to speed. Section 3.2.1 of HTTP-bis is where we
left our valiant hero.
... This has all stablized, and this is *all* the draft currently
say about sniffing, and nothing else.
[68] http://lists.w3.org/Archives/Public/www-tag/2009Dec/0006.html
TimBL; When the spec says "[the receiver] MAY assume that it is
application/octet-stream" then that does of course say much. It is a
stream of bytes.
Henry: It is crucial that they say that you should not override the
given media type.
Masinter: In the abarth draft, the introductory text is all about
incorrectly labelled resources
masinter: Does it say you should override the content-type
Henry: It is careful about privilege escalation but that is *all* it
is careful with
... We don't want to say "Authoritative metadata or death"
<DanC_> +1 phrase it in terms of "risks of misrepresentation"
Noah: Any agent which interprets data in a way inconsistent with the
content-type risks drawing incorrect conclusions.
Masinter: I am reluctant to ask the HTTPbis group to say more than
they think is in scope.
... We might recommend changes to the mime-sniffing document.
<DanC_> +1 getting the HTTPbis spec to cite the MIME sniffing draft
Masinter: As that is where the main analysis.
JAR: No "no security escalation" idea is one thing to keep. Can we
isolate other principles?
DanC: Like "If a lot of people do it then it must be right' :-/
Henry: They did go against IE6
JAR: Error correction case, whether the given content type does not
make the document valid
<ht> We've gone mute
[misssed HT]
Noah: Say what you want about existing servers -- but in many cases
the user agent cannot distinguish betwen an error case and in fact a
correct deployment. JAR gave a counterexample, if the bits are not
legal for the advertized type, then you have more reason to try
error recovery.
Masinter: I think apple mail clients sniff too.
JAR: Should we change the MIME registries?
<noah> [69]http://www.noahdemo.com/rte/Metadata/broken_text.xml
[69] http://www.noahdemo.com/rte/Metadata/broken_text.xml
Serves as text/plain, first bytes look like XML, but in fact is not
well formed. Renders fine in Firefox, breaks in IE6
<jar> No, that's not what I asked. What I asked was, does anyone
know if barth et al. considered updating lots of mime type
registrations, INSTEAD of writing a sniffing RFC?
<noah> Updating mime type regs to say what?
<jar> To say whatever the Barth "sniffing rfc" draft says.
Henry: I wonder whether they are just rewriting things which could
not be text plain documents. If the first bit is a unicode Byte
Order Mark, then you treat it as text/plain, and if none of the
first N bytes are binary then you must stick with text/plain. If the
first bytes of the resource match a magic number the see the table.
You can promote text/plain to application/postscript
TimBL: You can do denial of service with PS, no?
Masinter: Apple promise PS
<Zakim> timbl, you wanted to object to trapping HTML as "scriptable"
early on when it is not necessarily.
Henry: you can promote to zip or image
TimBL: I'm constantly frustrated by the way my machine and its
software deals with scriptable things. It keeps warning me about
HTML files downloaded from the Internet or in email. Given that a
lot of HTML doesn't have script in it, this idea that "HTML is
scriptable" worries me.
the machine goes to so much trouble to keep track of where things
came from; can't it use a non-scripting viewer? Why does it assume
that the document is dangerous rather than the viewing app?
Jonathan: but isn't the point to get interoperability between apps
that are going to do this [?] anyway?
<noah> FWIW, I'd like to gradually evolve this discussion to next
steps.
<Zakim> DanC_, you wanted to note content security policy and to
project the web apps product to show what actions we have
DanC: The idea of a non-scripting viewer is interesting.
... The content-providers have this problem as people contribute
HTML which should not have scripts in, and no one notices.
<DanC_>
[70]http://lists.w3.org/Archives/Public/www-tag/2009Dec/0063.html
[70] http://lists.w3.org/Archives/Public/www-tag/2009Dec/0063.html
<DanC_> [71]http://www.w3.org/Security/wiki/Content_Security_Policy
[71] http://www.w3.org/Security/wiki/Content_Security_Policy
DanC: There is a proposal to add a feature to "please ignore all
scripts in this.. it is our stuff but we are not sure about it".
<DanC_>
[72]http://people.mozilla.org/~bsterne/content-security-policy/
[72] http://people.mozilla.org/~bsterne/content-security-policy/
<johnk> [73]https://wiki.mozilla.org/Security/CSP/Spec
[73] https://wiki.mozilla.org/Security/CSP/Spec
<DanC_> [74]http://www.w3.org/2001/tag/group/track/agenda
[74] http://www.w3.org/2001/tag/group/track/agenda
<Zakim> ht, you wanted to clarify my attitude to mime-sniff
Henry: Parenthetically, my own university allows me to publish by
submitting an HTML body which wraps it by a wrapper I have no
control over.
<DanC_> ... e.g. scripts
Henry: About the "Lowest Common Denominator" problem of tarring all
HTML with the same brush. I don't think the current situation is the
one we want to be in, but the current draft is the best for the
given situation. This Barth-Hixie draft rules out the worst of the
bad behavior, and documents the existing behaviour, so they should
be encouraged, but so should the HTTP-bis folks, to comment on thhe
best bits of the draft.
scribe: We need to both warn of the risks and identify the
necessity.
John: Why in HTTP?
Henry: Because it is the HTTP spec which specifies the content-type
DanC, no the HTTP bis spec is not a big PR option -- but it is a
reference to which people will fall back in their arguents.
Henry: I will still be arguing for "SHOULD"s in there
John: What about modularity of specifications
Henry: They changed the spec to licence sniffing but did not say
that if you do that you get burned.
<Zakim> johnk, you wanted to rephrase my concern
Noah: Tim brought up the idea of a non-scripting viewer... but just
showing the data with no script running is not always what we want.
Maybe there should be a warning?
<DanC_> action-309?
<trackbot> ACTION-309 -- Henry S. Thompson to henry draft input to
HTTP bis draft re sniffing based on 8 Dec discussion -- due
2009-12-09 -- PENDINGREVIEW
<trackbot> [75]http://www.w3.org/2001/tag/group/track/actions/309
[75] http://www.w3.org/2001/tag/group/track/actions/309
<DanC_> action-309?
<trackbot> ACTION-309 -- Henry S. Thompson to draft input to HTTP
bis draft re sniffing based on 8 Dec discussion -- due 2009-12-09 --
OPEN
<trackbot> [76]http://www.w3.org/2001/tag/group/track/actions/309
[76] http://www.w3.org/2001/tag/group/track/actions/309
Admin: Upcoming Teleconferences ...
<DanC_> NM: tag election ongoing...
<DanC_> HT: ends 9 Jan
<DanC_> NM: 4 candidates for 2 slots
<DanC_> NM: reminder: TAG meeting 17th-19th March 2010, MIT,
Cambridge, MA, USA
<DanC_> NM: inclined to not schedule next ftf until election done,
OK?
<DanC_> [agreement by silence]
<DanC_> discussion of timing of upcoming TAG ftf w.r.t. AC
meeting...
<DanC_> someone suggests 24-26 Mar, Wed-Fri of the week of the AC
meeting
<DanC_> better for 2 people, worse for 1
<DanC_> ACTION: Dan to collect March 2010 W3C Team day info
[recorded in
[77]http://www.w3.org/2009/12/08-tagmem-minutes.html#action03]
[77] http://www.w3.org/2009/12/08-tagmem-minutes.html#action03
<trackbot> Created ACTION-346 - Collect March 2010 W3C Team day info
[on Dan Connolly - due 2009-12-15].
<ht> [78]http://www.rfc-editor.org/rfc/rfc2046.txt
[78] http://www.rfc-editor.org/rfc/rfc2046.txt
ISSUE-50 (URNsAndRegistries-50) (status check)
<trackbot> ISSUE-50 -- URIs, URNs, "location independent" naming
systems and associated registries for naming on the Web -- OPEN
<trackbot> [79]http://www.w3.org/2001/tag/group/track/issues/50
[79] http://www.w3.org/2001/tag/group/track/issues/50
<DanC_> ACTION-121 due 1 Mar 2010
<trackbot> ACTION-121 HT to draft TAG input to review of draft ARK
RFC due date now 1 Mar 2010
<DanC_> action-33 due 1 Mar 2010
<trackbot> ACTION-33 revise naming challenges story in response to
Dec 2008 F2F discussion due date now 1 Mar 2010
<DanC_> ADJOURN (for today)
Summary of Action Items
[NEW] ACTION: Dan to collect March 2010 W3C Team day info [recorded
in [80]http://www.w3.org/2009/12/08-tagmem-minutes.html#action03]
[NEW] ACTION: jonathan discuss petname application to IRI spoofing
in public-iri and www-tag [recorded in
[81]http://www.w3.org/2009/12/08-tagmem-minutes.html#action02]
[NEW] ACTION: noah to follow up with Thomas about security review
activities for HTML5 [recorded in
[82]http://www.w3.org/2009/12/08-tagmem-minutes.html#action01]
[80] http://www.w3.org/2009/12/08-tagmem-minutes.html#action03
[81] http://www.w3.org/2009/12/08-tagmem-minutes.html#action02
[82] http://www.w3.org/2009/12/08-tagmem-minutes.html#action01
[End of minutes]
_________________________________________________________
Minutes formatted by David Booth's [83]scribe.perl version 1.135
([84]CVS log)
$Date: 2010/01/05 17:42:21 $
[83] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[84] http://dev.w3.org/cvsweb/2002/scribe/
[1]W3C
[1] http://www.w3.org/
TAG f2f
09 Dec 2009
[2]Agenda
[2] http://www.w3.org/2001/tag/2009/12/08-agenda.html
See also: [3]IRC log
[3] http://www.w3.org/2009/12/09-tagmem-irc
Attendees
Present
Tim Berners-Lee, Dan Connolly, John Kemp, Ashok Malhotra (in
part), Larry Masinter, Noah Mendelsohn, Jonathan Rees, Henry
S. Thompson
Regrets
Chair
Noah Mendelsohn
Scribes
Henry S. Thompson, Jonathan Rees, Noah Mendelsohn
Contents
* [4]Topics
1. [5]Metadata Architecture (HTTP Semantics): ISSUE-57
(HttpRedirections-57): The use of HTTP Redirection
2. [6]HTML 5 review: References to versioned specs (#15 in our
HTML 5 review topics) etc.
3. [7]ISSUE-50 and persistent domains
4. [8]ISSUE-53 (genericResources-53): Generic resources
5. [9]Web Application Architecture (ACTION-306 etc)
* [10]Summary of Action Items
_________________________________________________________
[Agenda planning. . .]
NM: Let's try issue HttpRedirections-57
Metadata Architecture (HTTP Semantics): ISSUE-57 (HttpRedirections-57):
The use of HTTP Redirection
[11]http://www.w3.org/2001/tag/2009/12/08-agenda.html#HttpRedire
[11] http://www.w3.org/2001/tag/2009/12/08-agenda.html#HttpRedire
JR:
[12]http://lists.w3.org/Archives/Public/www-tag/2009Jun/0057.html
... Going through the history---first two points are the origin of
this
... 1) 303s aren't supposed to be cached -- bug in 2616 -- fixed in
HTTPbis
[12] http://lists.w3.org/Archives/Public/www-tag/2009Jun/0057.html
DC: Let's endorse that fix
LM: Not sure about that -- not prepared to endorse -- abstain
NM: This becomes relevant because we encouraged people to use 303
JR: Any reason not cache 303 responses?
LM: No
NM: draft RESOLUTION: TAG endorses the proposed change to HTTPbis to
allow caching of 303 responses
DC: Specific proposal is where?
<jar>
[13]http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-08#se
ction-8.3.4
[13]
http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-08#section-8.3.4
<DanC_> is this OK? "A 303 response SHOULD NOT be cached unless it
is indicated as
<DanC_> cacheable by Cache-Control or Expires header fields."
JR: This is different from 307. . .
DC: I think the HTTP spec. is usually neutral wrt caching
JR: OK, we need to explore this further -- the difference from 307
is worrying
<noahm> I heard DC say HTTP was neutral in the absence of
cache-control or expires header
<DanC_> ACTION: jonathan to research 303 caching change in HTTPbis
[recorded in
[14]http://www.w3.org/2009/12/09-tagmem-minutes.html#action01]
[14] http://www.w3.org/2009/12/09-tagmem-minutes.html#action01
<trackbot> Created ACTION-347 - Research 303 caching change in
HTTPbis [on Jonathan Rees - due 2009-12-16].
JR: Sub-issue 2) There's a need for a non-3xx response, in order
that the original URI stays in the status bar
... Unlike 302, 303 or 307, where the target goes in the address bar
<DanC_> (researching the bug...)
JR: This is described as a security concern
<DanC_> (many/most purl users want the purl bookmarked, not the
redirected addressed)
TBL: But we really don't want that for e.g. 307, because it's only a
temporary redirect, so people shouldn't e.g. bookmark it
LM: The single result display in the address bar is insufficient for
what we want to tell the user
... Doing UI design is inappropriate for us. . .
JR: I agree, that's why I want to lose this part of the issue
LM: The principle we can endorse is that the URI you see should be a
URI you can use to get you what you see
... Going further to say it should be a long-term, bookmarkable,
etc. URI is a bit fuzzier
NM: WebArch says use one URI for a resource
... even when they're not going away, it can be a problem, for
example when example.com redirects to example-1.com or example-2.com
for load balancing
JR: What should I do
<jar> For all practical purposes it's impossible to get a purl.org
URI into your bookmarks list
DC: Let's find out why Mozilla decline to address the PURL folks'
request to fix this, so that you could bookmark PURLs
TBL: Flight of fancy on 303x, 303y, 303z. . .
<DanC_> "304622 min -- All nobody RESO INVA Adding a live bookmark
via feedview uses the location of the feed rather than the location
given in the referring page's link element; redirects, PURLs don't
work "
<DanC_> maybe this is the bug
[15]https://bugzilla.mozilla.org/show_bug.cgi?id=304622
[15] https://bugzilla.mozilla.org/show_bug.cgi?id=304622
<noahm> proposed ACTION: Jonathan to research reasons why browser
providers (e.g. Mozilla) aren't willing to meet requests (e.g. from
purl) to switch address bar URL following successful redirect
<noahm> ACTION: Jonathan to research reasons why browser providers
(e.g. Mozilla) aren't willing to meet requests (e.g. from purl) to
switch address bar URL following successful redirect [recorded in
[16]http://www.w3.org/2009/12/09-tagmem-minutes.html#action02]
[16] http://www.w3.org/2009/12/09-tagmem-minutes.html#action02
<trackbot> Created ACTION-348 - Research reasons why browser
providers (e.g. Mozilla) aren't willing to meet requests (e.g. from
purl) to switch address bar URL following successful redirect [on
Jonathan Rees - due 2009-12-16].
<jar> or to not switch
JR: 3) Rhys Lewis was working on a finding wrt httpRange-14, but
that work stopped when the SWEO note Cool URIs for the SemWeb was
published
... I think that work should be picked up and made into a finding
... which would replace/elaborate the email message which currently
stands as the resolution of httpRange-14
... That was the context for ISSUE-57 at its inception
... Additional points that have been added, are my points 4--6
... Latest news: AWWSW task force has reported:
[17]http://www.w3.org/2001/tag/awwsw/http-semantics-report-20091204.
html
... A number of forms for this work, of which I'm the main editor
... helped along by our discussion at the last f2f
... A lot of text to introduce one key definition:
... for the phrase "corresponds to", which comes from the definition
of the 200 response code, in 2616 and HTTPbis
[17]
http://www.w3.org/2001/tag/awwsw/http-semantics-report-20091204.html
LM: I wouldn't take this too seriously -- we didn't when we wrote it
JR: We agree entirely. It's the practice which matters to actually
pin this down
LM: I note that this story works/should work pretty much for ftp: as
well
JR: Wrt WebArch, 'representation' corresponds to 'entity' or
'content entity'
... and 'represents' corresponds to 'corresponds to'
<DanC_> LMM: the HTML spec uses 'resource' for what HTTP calls
entity. I filed a bug; we'll see...
LM: Note that the correspondence is at a particular instant
JR: Yes, at a particular time
LM: And in a particular context
JR: It's hard to pare things down to the point where we could focus
... So there's now a bunch of stuff which has been moved off the
table
... Section HTTP Exchanges summarizes what we all know about GET
requests
DC: hmm... in pt 5, "preferably"? the server decides which resource
the name refers to...
JAR: but an intermediary might get confused
DC: ah... "preferably" makes more sense for intermediaries
TBL: 304? 307?
JR: Yes, step 6 pbly should be clarified wrt responses other than
200
... [works through the RDF formalization]
TBL: Why did you avoid 'representation'
JR: Because people objected to giving a URI to something called
'representation' a URI
TBL: All I was concerned is to distinguish the original resource,
identified by its URI, and the 'resource' which is some
representation of that resource, which also may have a URI, but is
not the same
JR: Right
... correspondence is a 4-place rel'n between resource, a content
entity, a start time and an end time
HST: Context is richer than just time
LM: Accept headers
TBL: But there's still something core
JR: I try to work breadth first
HST: I didn't mean Accept Headers, but rather deixis, e.g.
[18]http://localhost/
[18] http://localhost/
DC: or [19]http://my.yahoo.com/
[19] http://my.yahoo.com/
JR: On to section "What this semantics is careful not to say"
<masinter>
[20]http://tools.ietf.org/html/draft-masinter-dated-uri-05
[20] http://tools.ietf.org/html/draft-masinter-dated-uri-05
<masinter> vs
[21]http://tools.ietf.org/html/draft-masinter-dated-uri-06
[21] http://tools.ietf.org/html/draft-masinter-dated-uri-06
LM: Server response is a speech act
JR: Precisely -- let's look at some more recent slides
... How do you prove correctness of an HTTP proxy, cache, API or
theory
<DanC_> [22]Potatoes don't say anything
[22]
http://lists.w3.org/Archives/Public/www-archive/2009Dec/att-0024/z.html
<DanC_> bug in "Content negotiation" slide: speaks_for should be
corresponds_to
slide21 should have corresponds_to instead of speaks_for in conneg
slide (21?)
<jar> TOPLAS 1993 ?
<DanC_> (I think of it as BAN logic)
JR: Now make use of Abadi, Burrows, Lampson and Plotkin logic (ABLP)
... originally for crypto
... and access control
<DanC_> (a larch formalization
[23]http://www.w3.org/Architecture/iiir-larch/BAN.lsl based on a
1989 SRC Research Report )
[23] http://www.w3.org/Architecture/iiir-larch/BAN.lsl
LM: What's good about this is precisely that it qualifies everything
with the principal who/which/that says it
JR: Crucial observation -- HTTP defines corresponds_to as follows:
"example.com controls {[24]http://example.com/foo corresponds_to E}"
[24] http://example.com/foo
JR: The domain of "says" is principals, Non-principals don't say
anything
... Not all resources are principals
NM: Break for 15 minutes
<jar> There are two versions of ABLP, the DEC SRC TR from 1991, and
the TOPLAS paper from 93 or 94
<jar> not to be confused with the earlier BAN paper from 1990, which
overlaps in content
NM: Resumed
JR: [Gets to slide 12, reconstruction of httpRange-14]
NM: So this is stronger than the original conclusion?
JR: Yes
... The original 'resolution' simply constrained the range of the
corresponds_to relation
... but it didn't actually address the original problem
NM: Elaborating the "image conneg example": URI identifies a photo.
Conneg used to retrieve either jpeg or gif. They agree up to a point
in conveying the photo, but not completely, does the theory
allow/explain that?
JR: This theory as it stands isn't articulated enough to determine
the relationship between corresponds_to and speaks_for
NM: Good progress here, wrt httpRange-14
... Note that we're OK, mostly, when we ask for, say, the
Declaration of Independence, and what we get back has some
advertising in a sidebar
... and I think this can address that
LM: I think this is very good stuff. I hope we can use it to clarify
what is meant by Origin
LM: The whole CORS, confused deputy, etc. debate is hampered by a
lack of clear definition of precisely this kind of thing: what is an
origin, a deputy, etc.
LM: Linking SemWeb and Security would be a great thing, possibly a
win for both sides
NM: Great idea -- specific action?
DC: I'd like to write this up in a different editorial style
<timbl> Have we finished JAR's slide set?
JR: Sure
<timbl> ah
JR: Connects with CAPdesk, DARPA-funded DARPAbrowser
<noahm> The chair would very much like for Dan to propose an action
for himself.
<DanC_> . ACTION Dan write up speaks_for applied to httpRedirections
and httpRange using motivating examples
<noahm> Thank you!
<DanC_> ACTION Dan write up speaks_for applied to httpRedirections
and httpRange using motivating examples
<trackbot> Created ACTION-349 - Write up speaks_for applied to
httpRedirections and httpRange using motivating examples [on Dan
Connolly - due 2009-12-16].
<johnk> Pointing out Miller et al's Horton paper:
[25]http://www.erights.org/elib/capability/horton/
[25] http://www.erights.org/elib/capability/horton/
<johnk> re: "delegating responsibility in digital systems"
<jar> JAR is babbling about Mark Miller's previous work:
DARPAbrowser and CAPdesk (w.r.t our discussion of 307 and what's in
the browser URI bar, etc. )
TBL: Slides done, can we try to find a replacement for 'speaks_for'
... We have a URI, we get a 200
... Using 'speaks_for' as the relationship which relates content to
the resource
... but if R is a person, the content can't 'speak_for' a person
<DanC_> contexts in which the term gets used "a secure channel from
Bob speaks for bob"
TBL: that is, an entity speaking for the agent
<masinter> you get a 200 from a server, where the server speaks for
the person
JR: In the old days we sent letters, and my letter did 'speak_for'
me
... No resource speaks for me, it doesn't say that
<DanC_> (it's clear to me that offline witing is going to be more
efficient than group discussion, but if Tim has a clear example, I'm
interested to capture it.)
<DanC_> i identifies Pat Hayes
<DanC_> 2. 200 from resource identified by i
Slide 9 appears to back Tim
<DanC_> conjecture: 200 response speaks for Pat
HST: Stipulate that we have a URI for Pat Hayes
... Then your slides appear to say that if I get a ContentEntity
from GETting that URI
... that it a) corresponds_to Pat and therefore, per the
'Controversial Axiom', that it speaks_for Pat
JAR: would give us a reason to ask Pat not to assert such things,
because it breaks our theory
JR: Ah -- the ContAx isn't licensed by any existing spec.
... I think it's useful to explain a lot of WebArch
TBL: So if it is, we have a reductio wrt Pat saying what he says
about that URI
<DanC_> phpht
JR: Oh, yes, and, the ContAx should include server says that E
speaks for R
... not E speaks for R directly
AM: Looking at R doesn't say any s, then E doesn't (mustn't) say any
s
JR: This is meant just to be a restatement of the positive direction
AM: This says E's only role is to say what R says
JR: Yes, that's the ContAx
JAR: yes, advertising conflicts
DC: I'm getting useful input, not guaranteed to end up in the same
place
LM: Please try to include Origin
DC: Not sure how, but I'll at least try.
HT: I think perhaps there are too many levels at which entities say
things. It's clear to me that an XML document says some things,
because of the semantics of XML. I.e. the infoset.
TBL: I dispute that it says those things.
DC: I understand both positions.
JAR: Me too.
HT: I'm being intentionally obtuse in part to get to talking about a
3rd party, which is the interpreter of the message. We often think
of this as a human observing a screen, can also be listening to
audio.
HT: It's that which ultimately says things.
JAR: Similar to the crypto case, in which the interpreters have to
be part of the proof system.
<masinter> A potato says "help i'm a potato" ?
<DanC_> (the dispute between TBL and HT is issue ISSUE-28
fragmentInXML-28; odd that tracker considers it closed when it's
plain that the TAG doesn't have consensus.)
TBL: When it's RDF, what it says is what the triples it produces say
<DanC_> (the resolution in tracker sides with Tim)
HT: Isn't that analagous to my statement that what an XML document
"says" is first order the Infoset, and then 2nd order the
interpretation of those.
TBL: No, I'm talking about the interpretation of the graph.
HT: Ah.
HT: What I [originally] scribed is wrong when I attributed to TBL
"what it says is the triples it produces"; should have scribed "what
it says is what the triples it produces say"
NM: good progress here, great work JR
... DC is going to try to restate/elaborate
<DanC_> action-201?
<trackbot> ACTION-201 -- Jonathan Rees to report on status of AWWSW
discussions -- due 2009-12-01 -- PENDINGREVIEW
<trackbot> [26]http://www.w3.org/2001/tag/group/track/actions/201
[26] http://www.w3.org/2001/tag/group/track/actions/201
<DanC_> . action-201 due 15 Mar 2010
[procedural discussion]
<DanC_> action-201 due 15 Mar 2010
<trackbot> ACTION-201 Report on status of AWWSW discussions due date
now 15 Mar 2010
TBL: I'd like to see some interaction with the Tabulator work
<DanC_> ACTION-116 due 31 Dec 2009
<trackbot> ACTION-116 Align the tabulator internal vocabulary with
the vocabulary in the rules
[27]http://esw.w3.org/topic/AwwswDboothsRules, getting changes to
either as needed. due date now 31 Dec 2009
[27] http://esw.w3.org/topic/AwwswDboothsRules
<noah> ACTION-201 Due 2 March 2010
<trackbot> ACTION-201 Report on status of AWWSW discussions due date
now 2 March 2010
LM: Could we have used a Link Header in a 404 response?
JR: Yes
LM: But not a link in the body of 404 document itself?
DC: No
LM: But I like the idea of having links in the body, because you can
have lots of them
HTML 5 review: References to versioned specs (#15 in our HTML 5 review
topics) etc.
[28]http://lists.w3.org/Archives/Public/www-tag/2009Oct/0075.html
[28] http://lists.w3.org/Archives/Public/www-tag/2009Oct/0075.html
<noah>
[29]http://lists.w3.org/Archives/Public/www-tag/2009Oct/0075.html
[29] http://lists.w3.org/Archives/Public/www-tag/2009Oct/0075.html
<noah> This is in relation to ACTION-303
AM: Doesn't this allow me to just support an earlier version?
<Zakim> noah, you wanted to talk about problems with >requiring<
future proofing
HST: The 'earliest appropriate' sentence is meant to rule that out.
... Maybe that needs to be stronger
NM: I have a long history of interest in this
... I like this as a goal for many circumstances
... But there are cases where it doesn't work
... The XML 1.1 experience is illustrative in this case
... So we shouldn't require this kind of future-proofing of
references
... Specifically in terms of systems which are involved in
communication
<DanC_> +1 "should future-proof" is too strong. The simple case of
citing a frozen spec is fine in many cases
<Zakim> johnk, you wanted to wonder whether it is confusing to
combine conformance and referencing behaviour in one statement
<noah> Seeing where you're going, Henry, unless new editions >never<
allow for new content, I think my concern stands.
JK: Conformant implementations? Should that be separated from what
is referenced? Trying to pack too much in?
<noah> Or maybe I'm not guessing right as to what your
concern/suggestion will be.
JK: How references are written is different from what is a
conformant implementation
<Zakim> DanC_, you wanted to ask for a reminder of a specific case
we're particularly interested in... it was somewhere in the HTML 5
references, yes?
DC: There was a specific case wrt the HTML 5
<masinter> think IETF tradition is to make the 'future proofing'
more part of general policy than being specific in each draft. A1
references B1. When B2 updates B1, implementations of A1 may or may
not follow B2
HT: As it stands, there are only stubs in the HTML 5 references.
DC:HT: No.
HT: Last I looked. E.g. following link from content-sniffing you got
something that just said content sniffing.
<DanC_> [30]http://dev.w3.org/html5/spec/references.html#references
[30] http://dev.w3.org/html5/spec/references.html#references
<noah> We pause to read HTML 5 references section....
HT: Ah, it's better than it was.
DC: So if we pushed on any of these, we would pbly find the editor
would have a reason
HT: E.g. the text in the references says "[CSS] Cascading Style
Sheets Level 2 Revision 1, B. Bos, T. Celik, I. Hickson, H. Lie.
W3C, April 2009.", but links the undated copy.
HST: So what does it mean for an implementor? Specifically,
implementors 5 years from now have to figure out what was meant.
We're trying to fix that.
<Zakim> TBL, you wanted to point out that anyone using this language
assumes there is a contract with future working groups to maintain
the operability of the referencing spec, when
TBL: If you propose we use the present and the future -- why not
earlier ones?
... As for the future, that depends on the sort of WG and the sort
of spec.
... If the group doesn't commit to back compatibility, you can't
rely on it
<masinter> Is the distinction between "edition" and "version"
important?
TBL: You might try to negotiate a commitment from the WG that they
won't change. . .
... Or you might just require people to check
<masinter> Can distinction between "technical specification" and
"applicability statement" be useful? "applicability statement" calls
out specific dated versions, while general "technical specification"
doesn't? Two documents, one of which updates.
TBL: So it's not clear that we can go with what you propose
LM: I like the difference between edition and version
... We used to differentiate between applicability statements and
language specs.
... So you would only have to update the appl. statement
<Zakim> ht, you wanted to reply to Noah wrt editions vs. versions
LM: Alternatively, you could have policy outside the doc. altogether
NM: You haven't addressed my concern, because it wasn't lack of
back-compat that broke the XML 1.1 situation
HT: The response to Noah and Tim is to say "yes, all those
criticisms apply to unrestricted blank checks" (leaving aside for a
sec refs to older versions), by relying on the W3C Policy for
Edtions (stepping gently around XML 1.1/10 5th edition in
particular), is precisely because it makes this plausible.
NM: Do new editions allow new content?
HT: Yes.
NM: Then I still have a problem. See problems deploying XML 1.0 5th
edition. A sometimes inappropriate (depending on the specs)
expectation is created that implementations that haven't been
updated will support new content sourced by those that have been.
JR: Conformance to a spec. that has a variable in it is
intrinsically vague
<Zakim> jar, you wanted to consider classes of comforming
implementations (conforming to various combinations of specs)
JR: So there's a time-sensitivity wrt the answer to "does this
conform?"
<Zakim> noah, you wanted to mention that there can be issues with
3rd party specs.
NM: TBL mentioned SOAP in passing
[AM leaves]
NM: SOAP wasn't sure about supporting XML 1.1
... It depended on the Infoset, and we weren't sure that even if we
went to XML 1.1, the Infoset would have been well-future-proofed
enough for it all to hold together
... So in some ways, my willingness to future-proof my references
depends on other specs also being well future-proofed
<Zakim> johnk, you wanted to ask how can we apply henry'd text to
the specific issue noted?
HST: Yes, we have a real case of this with XML 1.0 5e and XML NS 3e
JK: Addressing dated prose in conjunction with an undated URI is
separate from future-proofing?
LM: My assumption is that the dated ref. is normative
<jar> If dated spec A normatively cites undated spec B, and artifact
Z conforms to A - what does that mean? Maybe: (1) it conforms to
A(B(t)) for some t, or (2) it conforms to A(B(t)) for all t, or (3)
if conforms to A(B(t)) for t >= now
DC: Hidden URIs are less significant
<DanC_> (editorially I like including the full, dated URI in a
citation, but I much prefer using the document title as the link
text.)
HST: Jonathan attempted to answer John. I agree as far as it goes
but want to go further. You're right, I was trying to address two
problems: 1) dated vs. undated refs conflict, and BTW some peoples'
styles to make the URI explict...
... there are many variations on that 2) usually, all that people
tend to say is by grouping into normative and non-normative. It's
rare for the conformance section to clarify what is meant by making
a reference normative.
<noah> FWIW, Dan, though it's clunky, I tend to feel that making
both live links, to the same URI, is the least bad approach.
<jar> the normative reference speaks for the spec that refers to it
<DanC_> (oh... and I don't like "available at"; I consider the
semantics "identified by", and I leave it implicit)
<DanC_>
[31]http://lists.w3.org/Archives/Public/public-html-comments/2009Dec
/0002.html
[31]
http://lists.w3.org/Archives/Public/public-html-comments/2009Dec/0002.html
<noah> Queue is open only for next steps discussion
DC: I asked the HTML 5 editor to add 'work in progress' to links to
documents which identify themselves as work in progress
... The response was 'busywork'
NM: I don't think this can go further unless my concerns and maybe
TBL's are addressed
<DanC_> (aha! found some work I did in this area:
[32]http://lists.w3.org/Archives/Public/public-swbp-wg/2005Sep/0136
'formally defining W3C's namespace change policy options w.r.t.
recent TAG versioning terminology' )
[32] http://lists.w3.org/Archives/Public/public-swbp-wg/2005Sep/0136
JR: I thought restricting to editions was good enough
TBL: I had missed that HST meant to constrain to editions, that
satisfies me
<noah> What I have in mind is something along the lines of:
<noah> The TAG believes that this is good practice in many cases,
but not in all. We recognize that, particularly in cases where no
assurance is given that future editions won't support use of new
(I.e. previously invalid) content, the advice given here may be
impractical.
<DanC_> I think the short para HT proposed is "too clever by half";
it'll only be an effective communication if it recapitulates
critical parts of the edition policy
<DanC_> also, I want to make it clear that it's not the only
"template" we endorse by providing more than one template; e.g.
another one for really frozen, dated specs
. ACTION: Henry to revise
[33]http://lists.w3.org/Archives/Public/public-html-comments/2009Dec
/0002.html based on feedback on www-tag/html-comments, and the
feedback from TAG f2f 2009-12-09 discussion
[33]
http://lists.w3.org/Archives/Public/public-html-comments/2009Dec/0002.html
<jar> whether in practice the "edition" process as specified and
executed is sufficient to protect investment is something I'm not
qualified to answer. it sounds as if it would be, as specified, if
followed, but haven't checked...
<DanC_> close action-303
<trackbot> ACTION-303 Draft text on writing references closed
<DanC_> close action-304
<trackbot> ACTION-304 Write up issue around normative references to
particular versions of specs closed
<scribe> ACTION: Henry to revise
[34]http://lists.w3.org/Archives/Public/www-tag/2009Oct/0075.html
based on feedback on www-tag and the feedback from TAG f2f
2009-12-09 discussion [recorded in
[35]http://www.w3.org/2009/12/09-tagmem-minutes.html#action03]
[34] http://lists.w3.org/Archives/Public/www-tag/2009Oct/0075.html
[35] http://www.w3.org/2009/12/09-tagmem-minutes.html#action03
<trackbot> Created ACTION-350 - Revise
[36]http://lists.w3.org/Archives/Public/www-tag/2009Oct/0075.html
based on feedback on www-tag and the feedback from TAG f2f
2009-12-09 discussion [on Henry S. Thompson - due 2009-12-16].
[36] http://lists.w3.org/Archives/Public/www-tag/2009Oct/0075.html
<johnk> [37]http://www.erights.org/elib/capability/horton/
[37] http://www.erights.org/elib/capability/horton/
<DanC_> Miller et. al.
NM: Adjourned for lunch.
Note: the lines below, up to the announcement that the meeting is
"resuming", are in response to informal requests that were made
during breaks for information about certain recent Microsoft
announcements. These were not discussed during the formal meeting
sessions.
<timbl> [38]http://pinpoint.microsoft.com/en-US/Dallas
[38] http://pinpoint.microsoft.com/en-US/Dallas
<noah> Tim, if you're interested in Microsoft's Dallas, it was
introduced at their developer's conference a couple of weeks ago.
You can go to the transcript of the keynote at
[39]http://www.microsoft.com/presspass/exec/ozzie/2009/11-17pdc.mspx
and look for the word "Dallas". The video of the keynote, with
demos, is at
[40]http://cdn-smooth.ms-studiosmedia.com/presspass/mpeg2/1001009_PD
CD1_500k.mpg
[39] http://www.microsoft.com/presspass/exec/ozzie/2009/11-17pdc.mspx
[40]
http://cdn-smooth.ms-studiosmedia.com/presspass/mpeg2/1001009_PDCD1_500k.mpg
<noah> You can use the transcript to find the right place in the
video.
NM: Resuming.
<masinter> I believe the TAG asked me to review widget:
<masinter> I did so
<masinter> the webapps working group replied
<masinter> i answered their replies this morning
<masinter> if the TAG would like to review the correspondence and
chime in later, then we don't need to take up meeting time here. If
you'd like, I can go over what I think the open issues are.
Opinions?
<masinter>
[41]http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/
[41] http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/
<masinter> see "Comment on Widget IRI" messages
(still working on the agenda)
<noah> [42]http://www.w3.org/2001/tag/2009/12/08-agenda.html
[42] http://www.w3.org/2001/tag/2009/12/08-agenda.html
ISSUE-50 and persistent domains
<timbl> [43]http://www.w3.org/DesignIssues/PersistentDomains
[43] http://www.w3.org/DesignIssues/PersistentDomains
close action-311
<trackbot> ACTION-311 Schedule discussion of a persistent domain
name policy promotion closed
timbl: Above link is old, but background
... Argument against using http: URIs as names, is that DNS doesn't
socially support you. The domain name is rented, not owned.
... One proposal, if it's broken, fix it.
... DNS was controlled by IETF, ICANN, and it being up for rent was
assumed a good idea
... now the dangers are becoming known.
... All the white house pages disappeared when the administration
changed (e.g.)
danc: (asks about how that example bears...)
<masinter> points to [44]http://larry.masinter.net/9909-twist.pdf
again
[44] http://larry.masinter.net/9909-twist.pdf
timbl: Many companies put up things that people would like to find
later
danc: There is a third-party business around finding things like
that
<DanC_> (I don't see how domains would help in either of the
supposedly-motivating cases timbl just gave)
timbl: Anyhow. One way to tackle is to make a new TLD that has
different rules
... You might use it for archivable web pages , under a set of rules
... concerning transfer of rights to other entities so that pages
can continue to stay live
<masinter> points to [45]http://larry.masinter.net/duri.html and
previous version
[46]http://tools.ietf.org/html/draft-masinter-dated-uri-05
[45] http://larry.masinter.net/duri.html
[46] http://tools.ietf.org/html/draft-masinter-dated-uri-05
timbl: there might be a pot of $ to pay for this
... Problem is to design a social system, maybe as a DNS play, or by
setting up a consortium
<masinter> points to whitehouse.gov
timbl: Suggesting that to help make this happen, the TAG could write
a finding advocating it
ashok: These would be *unalterable* pages?
timbl: To be determined
ashok: Can you then sell something in this archive space?
timbl: What transfers is responsibility - not any right to change
jar: It's a contract with the public
<Zakim> ht, you wanted to suggest a workshop
ht: There are many design points. We could spend time talking about
alternatives...
... I wonder is for the TAG to host a workshop before we write a
finding, to scare up a representation of the interested parties
... a new TLD is a problem for existing URIs that are supposed to
have persistent resolution
... but might be worth paying the cost
... Another way to go is to talk ICANN into a process around
existing domains & persistence
<DanC_> (ah.. that would be better... a way for any domain to get
permanent status, sorta like 501(c)3 )
ht: Can we get theorists, library community, other constituencies
together to talk
... How about a workshop?
<DanC_> +1 workshop
<masinter> points out talks from previous 1999 workshop on Internet
Scale naming
<noah> Wondering whether cost/logistics would work out for workshop
proposal. If so, seems appealing, but not sure whether we can get
<Zakim> DanC_, you wanted to note that it's not any more broken that
it could/should be. New domains are not going to get companies to
keep their product manuals online or stop the
danc: Tim's examples didn't motivate a TLD for me...
... Giving more visible to best practices is a good idea though
... There's a running business that does endowed web publication
ht: I haven't found any reference to DNS insurance
danc: There are journals like PLoS that charge authors because they
agree to host the content in perpetuity
... you pay once, it's there forever
noah: (pokes fun at this)
<ht> [47]http://www.arkhold.org/
[47] http://www.arkhold.org/
danc: The White House doesn't have the URI persistence ethic
<masinter> points to "This American Life" story about a cyrogenics
firm which promised perpetual freezing:
[48]http://thisamericanlife.org/Radio_Episode.aspx?sched=1239
[48] http://thisamericanlife.org/Radio_Episode.aspx?sched=1239
masinter: Points to 1999 workshop "problems URIs don't solve"
<masinter> points to [49]http://larry.masinter.net/9909-twist.pdf
again
[49] http://larry.masinter.net/9909-twist.pdf
masinter: Organizations split. They merge. They go out of business.
Sub-sites move. Countries disappear.
... In perpetuity has to be around content, not just names
... People will look to organizations like archive.org for long-term
resolvable names
<timbl> ./me quickly runs a script to change all the links in all
his HTML to point to an internet archive version of the URL just in
case
masinter: Getting a guarantee is not the same thing as getting a
credible guarantee
<masinter> points to [50]http://larry.masinter.net/duri.html and
previous version
[50] http://larry.masinter.net/duri.html
<masinter>
[51]http://tools.ietf.org/html/draft-masinter-dated-uri-05
[51] http://tools.ietf.org/html/draft-masinter-dated-uri-05
lm: would like advice on how to progress with these two projects
... duri = dated URI, guarantees persistent reference, but
resolution may be tricky
<timbl> I wonder whether "that described by" is one word in Latin
lm: still puzzled about this approach
danc: Use cases?
lm: tdb: has an optional date... actually two of them, when the
resource was read, and when it was interpreted
danc: I've never seen a situation where the complexity of duri: is
required
<Zakim> noah, you wanted to say that the TLD with persistent
assignment seems very appealing, restricting the owner's ability to
alter the pages doesn't. Seems best approached as an
danc: The URI scheme space is high price real estate, so better to
do as an RDF property for those who are happy to use RDF
noah: Something was said about locking down the content, Tim
hesitated
timbl: source code repository with version control
<masinter> 1999 workshop:
[52]http://www.isr.uci.edu/events/twist/twist99/
[52] http://www.isr.uci.edu/events/twist/twist99/
noah: What about perpetual ownership of name - should be orthogonal
to an obligation to preserve
... Preservation of content should be more granular
ashok: Who will host all this stuff? Not a private company, which
can go away.
timbl: A consortium of libraries.
ht: Replication is the only assurance of permanence
... This is a huge design space.
<Zakim> johnk, you wanted to ask what is the incentive for someone
to use duri and if not sufficient incentive, and not all using them,
wouldn't we still have the problems described by
johnk: This is a social problem. Not sure we can solve this. All of
the institutions and agreements go away.
... Not sure this is web architecture
timbl: We need to kick it from the technical into the social
<Zakim> ht, you wanted to mention transparency
<masinter> points to [53]http://www.lockss.org/lockss/Home
[53] http://www.lockss.org/lockss/Home
johnk: There's no technical solution here
<DanC_> yes, lockss is great work in this space
<noah> Heads up: before Dan goes, I want to remind everyone that we
should switch to generic resources within 5+ mins
ht: Footnote: The motivation for things like tdb: and wpn: was
transparency, so that you can tell by looking at a URI that it named
a non-information-resource (not sure i still believe that)
... One component is a board of trustees with the power to wind it
all up (e.g. if there were no web, at some future time)
<masinter> points to
[54]http://larry.masinter.net/0603-archiving.pdf for long-term
archiving also (and see references)
[54] http://larry.masinter.net/0603-archiving.pdf
ht: The digital curation people worry about: Where do the resources
come from to carry resources forward (e.g. archaic disks)
timbl: lots of ways for accessibility to fail
<Zakim> DanC_, you wanted to push back: why should IBM get "ibm.com"
in perpetuity without giving back to the commons/community a
persistence promise (e.g. re content of homepage) and to
ht: Aim for June?
<noah> suggest phrasing, "perhaps in June"
<DanC_> ACTION Henry to look into a workshop on persistence...
perhaps the June 2010 timeframe
<trackbot> Created ACTION-351 - Look into a workshop on
persistence... perhaps the June 2010 timeframe [on Henry S. Thompson
- due 2009-12-16].
<Zakim> masinter, you wanted to ask who gets "att.com" when AT&T is
broken up into baby bells, lucent, etc.
lm: recommends references in the long term archiving paper (see
above)
<DanC_> ... esp the references
<noah> NM: To be clear, I think persistence of name assignment
should be attacked (mostly) separately from encouraging providers of
content to provide that content in perpetuity and/or to make it
immutable.
<DanC_> action-312?
<trackbot> ACTION-312 -- Jonathan Rees to find a path thru the specs
that I think contradicts Dan's reading of webarch -- due 2009-12-01
-- PENDINGREVIEW
<trackbot> [55]http://www.w3.org/2001/tag/group/track/actions/312
[55] http://www.w3.org/2001/tag/group/track/actions/312
<DanC_>
[56]http://lists.w3.org/Archives/Public/www-tag/2009Dec/0061.html
[56] http://lists.w3.org/Archives/Public/www-tag/2009Dec/0061.html
JAR:The email I sent on Monday was sort of "camouflaged"
JAR: In a sense, some people are trying to say, 'I can prove I need
URNs'
JAR: I was trying to set that down more rigorously.
JAR: I want to relate it to the formalism I've been building.
<DanC_> close action-312
<trackbot> ACTION-312 Find a path thru the specs that I think
contradicts Dan's reading of webarch closed
<DanC_> action-121 due 15 Mar 2010
<trackbot> ACTION-121 HT to draft TAG input to review of draft ARK
RFC due date now 15 Mar 2010
<DanC_> action-121 due 2 Mar 2010
<trackbot> ACTION-121 HT to draft TAG input to review of draft ARK
RFC due date now 2 Mar 2010
<DanC_> action-33 due 20 Dec
<trackbot> ACTION-33 revise naming challenges story in response to
Dec 2008 F2F discussion due date now 20 Dec
ISSUE-53 (genericResources-53): Generic resources
<noah>
[57]http://lists.w3.org/Archives/Public/www-tag/2009Nov/0069.html
[57] http://lists.w3.org/Archives/Public/www-tag/2009Nov/0069.html
masinter: I drafted replacement text
... "how to use conneg" explanation for HTTPbis
<masinter>
[58]http://lists.w3.org/Archives/Public/ietf-http-wg/2009JulSep/0763
.html
[58]
http://lists.w3.org/Archives/Public/ietf-http-wg/2009JulSep/0763.html
danc: Don't see any text about how the representations relate to one
another
<noah> BTW, the "problems" with the tag-weekly.html version of the
agenda seem to be due to slow response by W3C servers. The
tag-weekly.html version now appears to match the dated version.
<masinter>
[59]http://lists.w3.org/Archives/Public/www-tag/2009Nov/0077.html
[59] http://lists.w3.org/Archives/Public/www-tag/2009Nov/0077.html
masinter: sentence about server's purposes needs to be added.
re-open action
danc: This is what the speaks_for slide in the presentation is
about... if representations contradict, it's incoherent
... How about striking "for its purposes"
lm: "for the purposes of this communication"
<DanC_> +1
+1
noah: (making another point about attribution)
... determining, for the purposes of this communication, which
representations...
<noah> Note that the supplier of representations (or choices) has
the responsibility of determining, for purposes of this
communication, which representations might be considered to be the
"same".
<noah> I don't like "considered to be the same".
<DanC_> how about: considered to give the same information
noah: The spec already says entity corresponds to resource
... Two representations each have the responsibility to correspond
to.
... so nothing else needs to be said.
<masinter> change "might be considered 'the same'" to "might be
considered to represent the same information'
DanC: That's the bug we're trying to fix.
<noah> Not convinced.
noah: Saying "corresponds to" is enough
<masinter> the proposed text in
[60]http://lists.w3.org/Archives/Public/ietf-http-wg/2009JulSep/0763
.html uses "represent"
[60]
http://lists.w3.org/Archives/Public/ietf-http-wg/2009JulSep/0763.html
johnk: You're saying two things. Do we want to make the second
statement, that the conneg reps have to sufficiently resemble one
another (or something similar)?
<noah> There is already an obligation that each representation
correspond. It will tend to be the case that multiple
representations of a (an immutable) resource will tend to have
interpretations that are in some ways similar, perhaps extremely
similar, but the archicture should not rule out, e.g. a B&W gif and
a color jpeg of very different resolution.
lm: Different ways to represent "the same information" (quoting lm's
email 763)
... I infelicitously said "same representations" when I should have
said "represent the same information"
noah: There are enough weasel words
... good that we're talking about representing the same information
<noah> I.e. to make me happy
lm: And the server has responsibility.
<DanC_> action-231?
<trackbot> ACTION-231 -- Larry Masinter to draft replacement for
\"how to use conneg\" stuff in HTTP spec -- due 2009-11-18 -- OPEN
<trackbot> [61]http://www.w3.org/2001/tag/group/track/actions/231
[61] http://www.w3.org/2001/tag/group/track/actions/231
<DanC_> action-231 due next week
<trackbot> ACTION-231 Draft replacement for \"how to use conneg\"
stuff in HTTP spec due date now next week
(consensus around give or represent the same information)
?
break.
Web Application Architecture (ACTION-306 etc)
noah: Let's see if we can get organized for a more comprehensive
approach, or find a whole that's greater than the sum of the parts
... The TOC is broader in the topic coverage than it might be
... maybe look at the form of our products in this area
ashok: From what we spoke about yesterday, it seemed there were many
differences between various people think about web apps
... I thought: web app = you are working with several communicating
components
... but maybe some people thought it was an app running on a server
[with sessions]
<Zakim> DanC_, you wanted to project the web app product next to the
outline, and to suggest (a) invited presentations or other
get-togethers and (b) looking at relevant wikipedia pages
ashok: In the first case, authorization etc are big issues. In 2nd
case, security issues go away
danc: I was looking at PhoneGap and Native Client [see previous
action]
... Inviting any of those folks to talk to us would be a good thing
... Let's look at wikipedia pages related to security, web apps,
widgets, etc
... The idea is to inform the developer community; a lot of people
end up at wikipedia
... Maybe contributing to wp might be a way to help
... (brainstorming)
<Zakim> jar, you wanted to ask for / suggest criteria etc
JAR: I agree with Ashok's comment about Web applications, and
assumed we were talking about the distributed case.
JAR: I assumed it involved The Common Man in the Street (TCMITS).
JAR: Regarding the TOC, it was a brain dump, first developed by the
group together, and then refined by me. What I'm missing are
criteria. Some sort of structure or philosophy that would guide us.
<noahm> NM muses: maybe the criteria include: 1) architectural
issues you would not get right based on what's been set out for the
Web of documents and 2) clarifying points of confusion Goal: show
that it's, in the end, one consistent, scalable architecture
integrating documents and apps.
JAR: Consider, e.g., why a specific programming language wasn't
chosen for the Web. It was deemed desirable to have competition
there. Maybe there's a winner now (Javascript.) Anyway, what do we
want to make the same, and what different?
noah: We don't talk about how you use oracle, that's an
implementation detail
<DanC_> (I dunno how conscious it was that javascript happened when
it happened... there was talk of active content back in 1990. tcl
and such. not to mention display postscript.)
<johnk> well, and you have XSLT with XML and CSS too I guess
noah: Things like cross-origin security, how to use URIs right -
those things are in scope
... What happens inside server is not in scope
... typed possible criteria into IRC (above)
... clarify confusion around e.g. AJAX, or say how to apply old
story in new situations
... to what extent is google maps one application, vs. a very large
number of maps? ... more than just a document
<Zakim> noahm, you wanted to respond to ashok
timbl: Even though mapping software allows you to display many
overlays, this is always done in code. But with calendars - you can
control calendar view, how they're stacked / displayed - that's
richer than what you can do with maps
<DanC_> (hmm... I wonder if KML is sufficient.)
<noahm> I think that talking about proper use of URIs when you're
composing layers might be interesting
<DanC_> (... to get maps to work, like calendars, in various
clients)
<noahm> Ah, when Tim says music, he's thinking more iTunes than
Sibelius
<noahm> [62]http://www.sibelius.com/home/index_flash.html
[62] http://www.sibelius.com/home/index_flash.html
timbl: Music: iTunes maybe - other applications - multidimensional
access / view. Key point is you're looking at more than one document
at a time
timbl: When you pull in the data you have to be clever. E.g. you're
looking for photos tagged x. Client would do a query to get the
photos of interest
<DanC_> (it's really a drag that the Zakim queue isn't a UI feature,
e.g. integrated with the list of names in the channel. So many times
I'm this close >< to writing an ajax-based front end to
Zakim/tracker/rrsagent)
[?]
<Zakim> johnk, you wanted to say that it was part of web arch in
1990
johnk: Want to push back on jar's idea that webarch didn't address
programming / application layer
... For last TAG meeting I tried to draw a parallel between local
web browser vs. javascript ... original web arch did deal with
this...
timbl: For example, you could have faceted browsing using forms
... javascript model just moves data/code onto the client
johnk: Phone's IP address isn't public, but a server [once it knows
address] can call back to the phone to perform actions
... would like to address that applications are distributed in some
way [holds up piece of paper]
johnk: Here are some models. 1. server & client, server assembles a
widget, client GETs widget, does a software install
... interesting thing is 2 trust decisions. 1. Install? 2. Run?
... side case: What is difference between this and native client, or
plugin?
... again you have 2 trust decisions, except that (maybe) app is
given more power
ashok: Model: app stays on server ---
johnk: I'm not done. Case 2. For example, in iGoogle (?), Google
says all this content is sanctioned by Google
... Client does a GET, trust decision is: Install + run? (as one
decision)
... ashok: How different from widget case?
... Both in one step.
noah: (something about cookies vs. user ids)
... Reserve the word "install" for ...
johnk: Case 3: Site A has a document, with content that calls out to
site B (Fedex and airline)
... Fedex has document that calls out to airline
... (2nd example) Amazon is in control, compiles the content
... Cross-site case. there are trust decisions in both directions
danc: Line from amazon to fedex - ?
johnk: Not saying this is deployed in a reasonable way, just
observing
Case 4: Client accesses both Amazon and Fedex
scribe: the client does the mashup
danc: e.g. tabulator
... We're trying to get a feel for case 4
timbl: Tabulator is a browser extension
danc: What's a good example?
timbl: If you look up me, it pulls up information from wikipedia
danc: No, where the *user* chose both sites?
timbl: What people have we seen?
danc: The interesting difference is that in case 4, the user chooses
the sources to be combined. It's not one server referring the user
to another.
timbl: Consider two people on twitter, each with a bunch of tweets.
<DanC_> (might have been nice if tim had drawn a separate thingy
rather than erasing 4. oh well.)
timbl: Storage of the data is separate from the...
... Suppose tweets are to be readable by my friends
... when someone pulls in tweets, it's because they're in the group
... tabulator code is completely trusted by C. Runs with user's
identity
<DanC_> (hmm... this speaks_for exercise might be an interesting way
to look closely at OpenID phishing risks... and to explore my
intuition that OAuth is sorta kerberos-shaped)
johnk: The user has to decide to download the twitter app, and ...?
timbl: No, it's in the cloud
(scribe not quite getting it)
timbl: Separate decisions about where to store their data, vs.
[something about the app]
johnk: (End of 4 cases as diagrammed on piece of paper and then on
the whiteboard)
Photo of what John wrote on the white board
[63](timbl takes photo)
[63] http://www.w3.org/2001/tag/2009/12/WhiteboardDec9.jpg
johnk: web server provider / consumer issues coming out of SOAP work
ashok: There are several trust decisions... made by the *user*
explicitly
johnk: brainstorming...
... The site is also making some decisions for you
<DanC_> . ACTION: John integrate whiteboard drawings into a prose
document about ways to distribute applications
ashok: In case 2, where igoogle pulls in stuff for you, there's the
question of state
johnk: Yes, in all 4 cases
<DanC_> ACTION: John integrate whiteboard drawings into a prose
document about ways to distribute applications [recorded in
[64]http://www.w3.org/2001/tag/2009/12/09-minutes.html#action04]
<trackbot> Created ACTION-352 - Integrate whiteboard drawings into a
prose document about ways to distribute applications [on John Kemp -
due 2009-12-16].
<Zakim> noahm, you wanted to ask about use of core mechanisms like
URIs in the Tim use case
noah: Tim's use case was about making maps much better. You go out
and say 'tell me about this area'
<Zakim> DanC_, you wanted to look at the list of install-time
capabilities/permissions in the W3C widgets spec and to note
[65]http://www.w3.org/TR/widgets/#feature seems to have no
[65] http://www.w3.org/TR/widgets/#feature
(timbl recessing himself)
danc: List of install capabilities in widget spec - seems dangerous
to standardize this
... "This is xxx and it wants to look at your contacts list"
(timbl back)
danc: Can't find an actual starter list of particular permissions /
capabilities - seems good to not standardize, but seems bad because
not tested
... Lets you sprinkle open dust on your distributed system
noah: We're no worse off. Let the market deal with it
johnk: Symbian has a specific list of caps that the OS gives you
<DanC_> I'm fairly satisfied with using URI space as a marketplace
of features, if it works out that way
masinter: Issue of versioning APIs, registries comes up repeatedly
... the problem becomes much worse regarding what might be available
on the device
<DanC_> but yeah... if everybody pretends to support
hundred-pound-gorrila.com/featurex , then that sucks
masinter: "are you a Symbian phone"? is the wrong question. "do you
support geolocation?"
noah: If you have an ordinary web page, it asks, can I call the
geoloc API?
... or, in the install process, the question gets asked at install
time
... phonegap either does or doesn't give you a good answer
danc: The premise of the w3c widget spec is that you could have a
w3c widget store
... The 100-pound gorilla phenomenon is still a risk
... ... little guys will be disenfranchised
<Zakim> noahm, you wanted to ask about use of core mechanisms like
URIs in the Tim use case
lm: If you want to name it with the name of the implementation, it's
hard to extend, or you run into trademark problems
danc: It's in CR (widget packaging & config)
noah: If they want to write a great iphone app this is a dumb way to
do it
lm: The failure hasn't happened because the 2 years haven't passed
(you name a capability by the implementation, and there's no
extensibility story, then within 2 years you'll have kludges)
jar: +1 to LM
<noahm> I'm not convinced we're seeing that problem is happening.
Yet.
danc: The spec says, URIs go here
<noahm> I'm sympathetic to watching for this trouble happening; I'm
unenthusiastic about getting the TAG all geared up about this until
we see trouble brewing.
danc: The install time ritual says, this app wants to look at x, y,
z
<johnk> +1 to Noah
danc: The spec only says put URIs here
... Maybe there will be a marketplace... but maybe the gorilla gets
in there, and everyone else has to pretend to be the gorilla
noah: It's not the user-agent string case
danc: No, not interestingly different
<noahm> I'm not convinced it's underspecified.
lm: If there's part of a spec that's underspecified, and that part
need specifications for interoperability, we (TAG) could say so
<johnk> I think the basis for the widget spec is exactly _for_
interoperability
timbl: Expecting that probably , there will be the equivalent of a
mime type registry
<noahm> I think there will be much more diversity here than for mime
types.
timbl: current frame, focal length, lots of profiles to talk
about... w3c may get involved
noah: The tough thing is there's lots of innovation going on...
would have been bad for standardization to rule out multitouch
... the fact that it's a URI is good
<DanC_> (given that the players in this space seem to be acting in
good faith, I'm ok to accept the 100-pound-gorrilla name-mangling
risk; I'm OK to hope for a healthy market)
lm: I don't want a solution, I just want to ask the question: What
is the migration path e.g. from one pointer to two?
danc: Maybe people will come to W3C to get a URI?
lm: We'd like to see, if they have a solution, let's get it
documented better. If not, let's work on one.
<DanC_> Larry, if you want an action, you can pretty much always
assign yourself one. or you can nominate somebody.
<Zakim> noahm, you wanted to ask about use of core mechanisms like
URIs in the Tim use case and to talk about innovation vs.
standardizatoin in this space and to ask about use of core
lm: Not sure I want to engage widget folks again
noah: The maps could be more sophisticated... (that's what Tim was
saying...) telling a story about naming and identity is important.
Is there agreement on when to mint a URI, how much client/server
AJAX flexibility is, who knows what the URIs are. Very interesting
area to work.
... TAG story: identity, interaction, formats
danc: Identity per noah is a big story
(scribe hears "semantics" when noah says "identity")
noah: Portals ...
<DanC_> DanC: it's interesting to me in that it includes/subsumes
the concern I have about "proposal to make ajax crawlable". If
success can be less than the whole thing, I'm all for it.
<Zakim> timbl, you wanted to say that for that class of application
(map, iTune, document mgt, iPhoto, calendar, timelines, etc) there
typically are *not* URIs for the total view.
<noahm> Are not and should not be, or are not but there should be?
timbl: Noah asked, do people make up URIs for the views?
... Not in general.
... If so, the URIs get big.
... Tabulator students took a sparql query to encode a view.
... When URIs get too big, they invent a data format.
(jar promises to be brief)
<Zakim> jar, you wanted to talk about the US civil war and to talk
about sparql-over-GET + tinyurl
JAR: In nearly every part of this discussion, I see us dancing
around, meaning, inference, and contracts.
JAR: Want to encourage people to look at OWL, which is the W3C
technology in the inference space (and it's very nice)
DC: there's a consortium of URL shortening companies
noah: I said, identification is something we could profitably work
on
jar: 'Identification' is meaningless without meaning / inference
(discussion of agenda)
jar: re OWL, e.g. a specification induces a class of conforming
entities. that's DL. one of many possible applications.
<noahm> . ACTION: Noah to do just a bit of work framing some issues
around identification for Ajax apps (remembering the merged maps use
case) Due 20 January 2009
johnk: Approach of starting with 3 pillars of webarch is good
<noahm> ACTION: Noah to do just a bit of work framing some issues
around identification for Ajax apps (remembering the merged maps use
case) Due 20 January 2009 [recorded in
[66]http://www.w3.org/2001/tag/2009/12/09-minutes.html#action05]
<trackbot> Created ACTION-353 - Do just a bit of work framing some
issues around identification for Ajax apps (remembering the merged
maps use case) Due 20 January 2009 [on Noah Mendelsohn - due
2009-12-16].
jar: spec / interface naming /v ersioning is one good focus,
security is another
danc: Minions, please check client side storage design and look for
architectural issues
ashok: web databases?
danc: yes
<DanC_> . ACTION ashok review client side storage apis (web simple
storage etc.), looking for architectural issues or other critical
problems... or interesting design features the TAG should know about
<DanC_> ACTION ashok review client side storage apis (web simple
storage etc.), looking for architectural issues or other critical
problems... or interesting design features the TAG should know about
<trackbot> Created ACTION-354 - Review client side storage apis (web
simple storage etc.), looking for architectural issues or other
critical problems... or interesting design features the TAG should
know about [on Ashok Malhotra - due 2009-12-16].
johnk: I could try to map AWWW section on interaction to parts of
webapps TOC that seem related
noah: Interesting, but how about look at interaction story in webapp
& findings, and ask: could I tell the Ajax story?
johnk: Yes, I was trying to be more specific, but that's the idea
<noahm> . ACTION john to explore the degree to which AWWW and
associated findings tell the interaction story for Web Applications
<noahm> ACTION john to explore the degree to which AWWW and
associated findings tell the interaction story for Web Applications
due: 2 Feb 2010
<trackbot> Created ACTION-355 - Explore the degree to which AWWW and
associated findings tell the interaction story for Web Applications
due: 2 Feb 2010 [on John Kemp - due 2009-12-16].
<noahm> ACTION-355 = john to explore the degree to which AWWW and
associated findings tell the interaction story for Web Applications
<noahm> ACTION-355: john to explore the degree to which AWWW and
associated findings tell the interaction story for Web Applications
<trackbot> ACTION-355 Explore the degree to which AWWW and
associated findings tell the interaction story for Web Applications
due: 2 Feb 2010 notes added
<DanC_> action-355 due 2 feb 2010
<trackbot> ACTION-355 Explore the degree to which AWWW and
associated findings tell the interaction story for Web Applications
due: 2 Feb 2010 due date now 2 feb 2010
lm: Do we have an exit strategy for ISSUE-50?
... The goal of Henry's action is to close the issue, right?
all: yes
Adjourned until 0900 2009-12-10
Summary of Action Items
[NEW] ACTION: Henry to revise
[67]http://lists.w3.org/Archives/Public/www-tag/2009Oct/0075.html
based on feedback on www-tag and the feedback from TAG f2f
2009-12-09 discussion [recorded in
[68]http://www.w3.org/2001/tag/2009/12/09-minutes.html#action03]
[NEW] ACTION: John integrate whiteboard drawings into a prose
document about ways to distribute applications [recorded in
[69]http://www.w3.org/2001/tag/2009/12/09-minutes.html#action04]
[NEW] ACTION: jonathan to research 303 caching change in HTTPbis
[recorded in
[70]http://www.w3.org/2001/tag/2009/12/09-minutes.html#action01]
[NEW] ACTION: Jonathan to research reasons why browser providers
(e.g. Mozilla) aren't willing to meet requests (e.g. from purl) to
switch address bar URL following successful redirect [recorded in
[71]http://www.w3.org/2001/tag/2009/12/09-minutes.html#action02]
[NEW] ACTION: Noah to do just a bit of work framing some issues
around identification for Ajax apps (remembering the merged maps use
case) Due 20 January 2009 [recorded in
[72]http://www.w3.org/2001/tag/2009/12/09-minutes.html#action05]
[67] http://lists.w3.org/Archives/Public/www-tag/2009Oct/0075.html
[End of minutes]
_________________________________________________________
Minutes formatted by David Booth's [73]scribe.perl version 1.134
([74]CVS log)
$Date: 2010/01/05 17:42:53 $
[73] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[74] http://dev.w3.org/cvsweb/2002/scribe/
[1]W3C
[1] http://www.w3.org/
W3C TAG Meeting in Cambridge
10 Dec 2009
[2]Agenda
[2] http://www.w3.org/2001/tag/2009/12/08-agenda
See also: [3]IRC log
[3] http://www.w3.org/2009/12/10-tagmem-irc
Attendees
Present
NM, TBL, JK, AM, LMM, JAR, DC, HT, Philippe
Regrets
TVR
Chair
NM
Scribe
masinter, DC
Contents
* [4]Topics
1. [5]HTML 5 review: ISSUE-54: Default Prefix Declaration
2. [6]HTML 5 review: HTML WG status update
3. [7]HTML 5 review: issue-54: review of Microsoft's
namespaces in HTML 5 proposal
4. [8]HTML 5 review: Authoring guide/language spec
5. [9]Admin: scribe duties, agenda review
6. [10]Metadata Architecture: ISSUE-62
(UniformAccessToMetadata-62): Uniform Access to Metadata
7. [11](xmlFunctions-34 / ISSUE-34): XML Transformation and
composability (e.g., XSLT,XInclude, Encryption)
8. [12]HTML versioning change proposal
9. [13]HTML media type and pre-HTML 5 content
10. [14]Widget URI Scheme
11. [15]Closing remarks, thanks to the host
12. [16]Postscript: bulk action review
* [17]Summary of Action Items
_________________________________________________________
<masinter> Date: 10 Dec 2009
<masinter> scribenick: masinter
HTML 5 review: ISSUE-54: Default Prefix Declaration
ht: this idea is not mine -- been floating around, never been
written down, so I thought it was time to do so. I don't take credit
for idea, but take blame for details.
... published in W3C blog.
<ht> [18]Default Prefix Declaration Henry S. Thompson 18 Nov 2009
[18] http://www.w3.org/QA/2009/11/default_prefix_declaration.html
ht: criticism we've heard about namespaces are: syntactic complexity
and API complexity issue. This proposal basically addresses the
syntactic complexity, belief is that API can be handled later.
TAG participates in a W3C staff meeting about the Default Prefix
Declaration idea
<masinter_> [19]#xmlnames minutes
[19] http://www.w3.org/2009/12/xmlnames-minutes.html
Note: minutes of the phone discussion held at this point were
recorded by Carine Bournez and are available at:
[20]http://www.w3.org/2009/12/xmlnames-minutes.html
[20] http://www.w3.org/2009/12/xmlnames-minutes.html
ht: slide 5 out of 7 already, just want to show example
... A "dpd" file gives default prefixes. One way to to give a link
with rel="dpd" or for XML using a processing instruction. Or
applications could ship in with a default DPD, or there could be
media-type defaults.
... establish a priority order.
... In general, people are happy with using prefixing for avoiding
collisions, but don't like namespace declarations, let's fix that.
tbl: We should investigate this sort of thing, going down this path
is a good idea. I'm keen on getting them linked on the MIME type,
why not do things at the MIME-type level.
... One technical issue ...
<scribe> scribenick: masinter
<scribe> scribe: masinter
Joint meeting ends; TAG meeting resumes.
danc: neither of these proposals address interesting use cases
... I can see two use cases: Person wants to write SVG without
gobbledygook in top of document. <svg> is simpler than <svg:svg>.
... This doesn't seem to be on the road to decentralized
extensibility
noah: you can change the link element or the linked DPD
danc: then you're back to gobbledygook at the top of the document
... I'm looking for use cases & cost benefit
timbl draws bar graph of document types. Most documents are HTML,
but ther are SVG, MathML, FBML and lots of others. (draws zipf
distribution, with HTML at the head, and "lots of others" as the
long tail)
(FBML is face book markup language)
(discussion about cost and benefits for various use cases)
<johnk> I would like to see it be possible to have XHTML + XML
namespaces then served as text/html be processed correctly
timbl: the issue is "in here" (pointing to HTML + popular other
markups, SVG, etc.) but not minor
... languages that aren't used widely
danc: which are the interesting use cases? allowing svg namespace
without declaration doesn't help deploy SVG, they still have to
learn how to draw circles
noah: two communities invent <video> tag with conflicting meaning.
To me the use case is "do you care about pollution"
(discussion about use cases and transition path)
danc: I'm trying to find some place where it's cost effective for
someone
timbl: so you're saying there's nothing in the middle?
danc: svg and mathml are in the language. html5 does nothing
interesting with rdfa.
... I'm still listening for the interesting use case.
<Zakim> noahm, you wanted to noodle a bit on wild innovations
evolving to the left of Tim's graph
noah: example: notes that [w3c_home] was originally an extension to
html. Although very sympathetic to need to support decentralized
extensibility, it's important mosaic:img to ask how an extension
originally spelled would eventually become part of the core HTML
spec and spelled [w3c_home] . That's the challenge to mechansisms
like namespaces that interests me most.
henry's proposal just gets rid of the
xmlns:mosaic="[21]http://ncsa.uiuc.edu/tags"
[21] http://ncsa.uiuc.edu/tags
<DanC_> no, it replaces it by <link ... ncsa>
scribe: points out that "mosaic:img" would have been stuck with the
prefix
timbl: we would have added img as an alternative to mosaic:img
ht: yes, there are some bumps in the road, if we go this way. But if
that's the only thing in the way, i think we can live with this.
<DanC_> (I'm trying to find the details of the <link> syntax ; I
don't see it in
[22]http://www.w3.org/QA/2009/11/default_prefix_declaration.html ,
henry)
[22] http://www.w3.org/QA/2009/11/default_prefix_declaration.html
danc: when i think of this, i think of <canvas> which is more
recent.
... as much as I hate x-, the most successful example is the vendor
prefix (e.g. moz-) in css.
noah: that works for css, but the rules are different for css, won't
work for paragraph names
<DanC_> but yes, the cascade is critical to the transition from
moz-smellovision to smellovision
ht: two observations, different from dan. I don't agree, I think the
current situation with SVG and MathML isnt' good enough. It has to
define every possible transition. It specifies in detail where you
can or can't put MathML and SVG elements.
... The fact that the SVG working group has been bullied into
submission isn't good enough for me.
... They were pushed back to the current state of play. It isn't
good enough for me.
<DanC_> I think the SVG WG was convinced that this is simpler for
authors
<noahm> I would like to wrapup, get to next steps, and break
ht: It is interesting to say that the RDFa group is happy, because I
don't think there is any place in HTML5 wrt the HTML serialization
for namespace declarations, because the DOM isn't going to be what
they want.
... I've recorded my disagreement
danc: the rdfa use case involves scripting
noah: what are next steps
<scribe> ACTION: noah to work to schedule followup meeting on
xmlnames next week [recorded in
[23]http://www.w3.org/2009/12/10-tagmem-irc]
[23] http://www.w3.org/2009/12/10-tagmem-irc
<trackbot> Created ACTION-356 - Work to schedule followup meeting on
xmlnames next week [on Noah Mendelsohn - due 2009-12-17].
ht: reminds himself to work to figure out how this interacts with
XML documents
<DanC_> (do you remember the action #, larry? care to suggest a new
due date?)
<ht> ACTION: Henry to elaborate the DPD proposal to address comments
from #xmlnames and tag f2f discussion of 2009-12-10, particularly
wrt integration with XML specs and wrt motivation, due 2010-01-08
recorded in [24]http://www.w3.org/2009/12/10-tagmem-irc]
[24] http://www.w3.org/2009/12/10-tagmem-irc
<trackbot> Created ACTION-357 - Elaborate the DPD proposal to
address comments from #xmlnames and tag f2f discussion of
2009-12-10, particularly wrt integration with XML specs and wrt
motivation, due 2010-01-08 [on Henry S. Thompson - due 2009-12-17].
action-337?
<trackbot> ACTION-337 -- Larry Masinter to frame the F2F agenda and
preparation on metadata formats/representations -- due 2009-12-08 --
OPEN
<trackbot> [25]http://www.w3.org/2001/tag/group/track/actions/337
[25] http://www.w3.org/2001/tag/group/track/actions/337
<ht> trackbot, action-337 due 2010-01-08
<trackbot> ACTION-337 frame the F2F agenda and preparation on
metadata formats/representations due date now 2010-01-08
(group on break)
reconvene
HTML 5 review: HTML WG status update
Philippe joins
<plh> [26]http://dev.w3.org/html5/status/issue-status.html
[26] http://dev.w3.org/html5/status/issue-status.html
plh: not coverage between issues and change proposals
noah: would help to add issue names to table
... failure mode is that people don't notice
plh: issue 7 was closed. chairs are willing to reopen if there is no
new information
<DanC_> HTML WG issue 7 was video codecs
<DanC_> (referring to issues by number only is an anti-pattern)
HTML 5 review: issue-54: review of Microsoft's namespaces in HTML 5
proposal
action-327?
<trackbot> ACTION-327 -- Henry S. Thompson to review Microsoft's
namespaces in HTML 5 proposal -- due 2009-11-19 -- PENDINGREVIEW
<trackbot> [27]http://www.w3.org/2001/tag/group/track/actions/327
[27] http://www.w3.org/2001/tag/group/track/actions/327
looking at Microsoft namespace proposal
<noahm> We note that HTML issue 41 appears to be open
<DanC_> HTML WG issue 41 is open, with no dead-man-switch yet issued
<noahm> [28]Microsoft's Namespaces Proposal (TAG ACTION-327) Henry
S. Thompson 19 Nov 2009
[28] http://lists.w3.org/Archives/Public/www-tag/2009Nov/0039.html
HT: Microsoft's proposal imports a subset of XML namespace syntax
into the HTML serialization. Core proposal is a duel of what we
talked about earlier: allow xmlns:foo, and within that scope foo:xxx
uses the namespace
timbl: identical to xmlns, with regard to prefixed names
ht: then it goes on to suggest a number of possible extensions
<DanC_> (I wonder if everybody here is aware of the way HTML
interacts with XPath in the case of unprefixed element names...
maybe I'll q+)
ht: the addition of default namespace declarations
... I'm just telling you what it says
... then there is an additional proposal, to treat unbound prefixes
as if they were identity-declared
... namespace spec says you "shouldn't" use relative URIs
(discussion of whether xmlns:udp="udp" is an error, a relative URL)
timbl: local namespace declarations are useful in (context missed)
ht: interesting idea, don't think it is going to fly
timbl: maybe want #udp, not udp
(speculation about what is deployed inside microsoft)
ht: "3. to define short namespace names for commonly-used namespaces
..."
(timbl bangs head on wall)
plh: discussion on HTML was that this proposal would break
(something), and Microsoft needs to revise
ht: I think it is sound but doesn't address the two issues that
other WG members had raised, (a) syntactic complexity and (b) API
complexity
noah: do we have a sense of where this is going?
(speculation about what might happen in the HTML working group)
<Zakim> ht, you wanted to reply to DanC
<noahm> ac2 next
danc: thanks for gathering all he facts. I think this is as good as
it gets, though, disagree with conclusion. Henry's isn't simpler and
Microsoft's is more like current namespaces.
timbl: use this for svg?
ht: orthogonal point -- stipulating that one of these proposals is
adopted, opens the possibility but not necessity of revisiting the
current embedding of SVG and MathML
timbl: and the <a> tag, that's done by context?
ht: yes
timbl: should the TAG endorse the microsoft proposal?
<DanC_> +1 TAG endorsedd
jar: (put on the spot)
noah: would like to see something happen, but insofar as doing this
by saying TAG isn't happy with Henry or Liam's proposal, not ready
to do that
<Zakim> noahm, you wanted to discuss tim's proposal
jar: here's how to convince me -- hard for me to keep this in my
head... how about requirements?
timbl: I need the Microsoft one anyway for the long tail
ht: that's just not true. There's a place in HT for ideosyncratic
use
(danc at board making matrix of requirements vs proposals)
noah: (floating idea for TAG position about endorsing MS vs. others)
columns: DPD (ht), mangled xmlns (MS), Unobtrusive Namespaces
(Liam's)
rows: long tail, static scoping, ie, webkit, opera, mozilla
static scoping means: changing some other document doesn't change
what foo:bar would mean
discussion of what the rows IE, Webkit, Opera, Mozilla mean
jar: wondering if there's a null hypothesis? Maybe there's a 'status
quo' column?
adding 4th column, "Standing WG"
adding rows for SVG, MathML, RDFa authoring communities
adding examples of "Long Tail", FBML, SL = Second Life vs.
SilverLight
ht: PLH, what do you think about this?
timbl: Were a browser manufacturer to change their attitude and
implement application/xhtml+xml, would that make a difference?
noah: expected question to be 'does then the TAG care about this',
and I think they do, because e.g., service provider doesn't allow
people to set MIME type
... even if 1st class support for application/xhtml+xml
ht: as long as the columns are full of "maybe this or maybe that",
it isn't helpful to push people to make their minds up
(chart only partly filled out... longtail check, check, check, x
scribe: x check x check
IE has only ? under MS proposal
Photo of the white board
[29]whiteboard photo
[29] http://www.w3.org/2001/tag/2009/12/Whiteboard.jpg
danc: queue slot was to solicit people to write a blog entry
jar: there's enough in the chart to take us from Tim's original
proposal that we endorse the MS proposal, but I think this takes us
a step further. We could say "we like the MS proposal insofar as it
does X, Y and Z"
noah: (will drain queue, and see where we are)
<Zakim> timbl_, you wanted to point out that reusing exstig xmlns
syntax has great advantages
<DanC_> yeah, timbl, I meant to make a row for that; neglected to
timbl: Reusing existing syntax, not inventing new stuff. Inventing
new stuff is a hurdle. If it's a good thing to do. Just being able
to say: for a given MIME type, have a default namespace.
danc: that's the state of the art
timbl: XML tools don't have an easy way of taking that into account
... This would be a relief in other cases
<DanC_> (ah yes, tim; in particular, authors have to put the
xmlns="...xhtml" for XML tool interop.)
ht: i've just added 3 new rows to the table: reuses existing syntax.
X for all but MS
... ... simplifies the syntax and simplifies the DOM
timbl: I asked "Is the DOM the same?" and you said "Yes"
ht: the HTML community *wants* the DOM to be simplified
... currently standing HTML tick on "Simplifies the DOM" is x for
everything except for standing HTML5
... 'simplify the syntax' is all check except for MS
<DanC_> (still no takers on blogging this table? sigh. oh well.)
<DanC_> action-357: try to include the requirements table
<trackbot> ACTION-357 Elaborate the DPD proposal to address comments
from #xmlnames and tag f2f discussion of 2009-12-10, particularly
wrt integration with XML specs and wrt motivation, due 2010-01-08
notes added
HTML 5 review: Authoring guide/language spec
<plh> [30]HTML 5: The Markup Language
[30] http://dev.w3.org/html5/markup/
<ht> There are 3 docs: Hixie's, Mike Smith's and Lachlan Hunt's
(looking for normative language reference spec)
<ht> [31]http://dev.w3.org/html5/html-author/
[31] http://dev.w3.org/html5/html-author/
[32]http://dev.w3.org/html5/markup/ has a different date
[32] http://dev.w3.org/html5/markup/
<DanC_> (editor of html-author is lachlan, I think; he's carrying 0
actions. [33]http://www.w3.org/html/wg/tracker/users/40364 )
[33] http://www.w3.org/html/wg/tracker/users/40364
plh: the group doesn't want to have a document that is normative,
since this would create a high risk of conflicts between the
documents
ht: I think we lost the argument to split the spec into a language
spec. and a behaviour spec.
noah: point of clarification? Is this document going to progress
plh: for the moment, it doesn't officially exist [i.e. hasn't been
published as a WD]
... if the working group decided to do that, it would likely be
normative
<DanC> [34]CfC: Close ISSUE-59 normative-language-reference (ends
2009-12-17) Maciej Stachowiak 08 Dec 2009
[34]
http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.html
noah: would like he TAG to assess this. I skimmed this: far better
than my worst fears, considerably worse than what I would hope for
<Zakim> noahm, you wanted to talk about hixie's spec
<ht> what is URI for "authoring view" of Hixie's draft?
<noahm> [35]email from Ian Hickson
[35]
http://lists.w3.org/Archives/Public/public-html-comments/2009Jun/0016.html
<noahm> I have now made the three versions available:
<noahm>
[36]http://www.whatwg.org/specs/web-apps/current-work/multipage/?sty
le=complete
[36]
http://www.whatwg.org/specs/web-apps/current-work/multipage/?style=complete
<noahm>
[37]http://www.whatwg.org/specs/web-apps/current-work/multipage/?sty
le=author
[37]
http://www.whatwg.org/specs/web-apps/current-work/multipage/?style=author
<noahm>
[38]http://www.whatwg.org/specs/web-apps/current-work/multipage/?sty
le=highlight
[38]
http://www.whatwg.org/specs/web-apps/current-work/multipage/?style=highlight
ht: this doesn't come close to what I want
... there is no grammar. I want a grammar.
noah: I don't elevate the lack of a grammar to... (absolutely
necessary)
<Zakim> masinter, you wanted to talk about DOM API call being
documented by normative algorithms
<noahm> FWIW, my criterion for success is not "does it use formal
grammars", though I think they
<noahm> they're >very< valuable. My criterion is: does it crisply
and reasonably unambiguously set out: which texts are legal html5,
and as declaratively as possible, set out the "meaning" of every
possible document (e.g. the occurrance of a <table> element signals
that your document has in it a table), etc.
<DanC_> (lightbulb... ACL2 was hard for me to get used to as a
formal system because it expects you to write things as programs...
just like "normative algortithms". Perhaps transcribing these
algorithms to ACL2 would be a way to think about them formally)
LMM reminds us of the point he's made before, that there are things
stated algorithmically (e.g. interpretation of image width/height)
that should be done more declaratively.
<masinter_> the point was: what are the invariants that a reasonable
programmer or generator of programs can assume? Many of these are
embedded deeply within algorithms presented for implementors, that
cannot be inferred or extracted by any textual processing, because
it's not written down anywhere.
<Zakim> DanC_, you wanted to note two targets: (a) more traditional
language spec (b) guide for authors. We seem to have missed HT's
interest in (b). html-author is dated March 2009 and
<jar> (danc, ACL2 is for proofs. Larry says he's missing the
theorems.)
<DanC_> (ACL2 does plenty of stuff with theorems; I don't understand
your point)
ht: I was interested in the document, because I thought it was
actively being worked on. But to be clear, i'm not interested in an
authoring spec, I'm interested in a language spec.
<noahm> I am interested in the style=author one as a best
approximation to a language spec, because it's the only one we're
likely to get that's normative.
<noahm> I do regret that it's advertised as an authoring spec,
because I agree that a language spec is the higher priority.
<noahm> Still, it may do the job, and my question is: does it, and
if not, would some tuning get it there.
<DanC_> (I think mutliple normative specs is _good_ for QA, but when
I gave that opinion in the HTML WG, it was clear hardly anybody else
in the WG agrees.)
<DanC_> (e.g. having the OWL language spec and the test suite both
normative; if they conflict, there's a bug, and I'm not prepared to
say, in advance, where the bug is.)
<Zakim> jar, you wanted to say the issue is how to evaluate the spec
(speaks to openness of web). having 2nd spec that tracks is one way,
modularizing the spec is a 2nd way, having a
jar: this may be obvious: there's some objective to be able to
approach the spec. This thing is just too big for that. There are
multiple for making this tractable.
... you want to know what the spec does what it's supposed to do,
and having it be so big is a problem. My message is to keep your eye
on the ball.
<Zakim> ht, you wanted to explain why I find
[39]http://www.whatwg.org/specs/web-apps/current-work/multipage/?sty
le=author unhelpful
[39]
http://www.whatwg.org/specs/web-apps/current-work/multipage/?style=author
ht: i would like to use the last part to ask PLH his view.
<Zakim> noahm, you wanted to say why I find
[40]http://www.whatwg.org/specs/web-apps/current-work/multipage/?sty
le=author helpful
[40]
http://www.whatwg.org/specs/web-apps/current-work/multipage/?style=author
noahm: I do find it helpful, but the question is whether it is (or
will be) good enough. I think it would be worthwhile for us to take
what was offered and read it with some care... if the answers are in
some ways promising, that would be good.
<Zakim> masinter, you wanted to talk about getting away from the
need for always-on updates to HTML
<noahm> Some was lost in scribing what I said above, so let me
clarify:
<noahm> I think the style=author draft, which I've skimmed but not
read in full detail, is valuable in several ways, but especially
because it is being offered as normative, and well synced with the
other variants of the spec.
<noahm> I therefore (as a WG member, and perhaps also as chair)
would find it a good thing for other TAG members to take a careful
look. I expect you'll find that it's a very significant compromise
in terms of how declarative it is, how terse, but perhaps on balance
a good enough base for meeting the need for a language
specification.
LMM reiterates applicability statement idea raised earlier. 2 docs,
one with undated references, another (the a.s.) with dated
references "the way things are in 2010"
LMM: the goal is to avoid the need to publish new specs too
frequently
danc: authoring spec engaged me to some degree, but didn't find it
compelling to spend more time on it
noah: is there something you could say?
<jar> does it matter whether it engages anyone? the OWL WG basically
said no, the non-normative docs can be engaging
<noahm> DC: Well, hello world is in section 8. Oops, nope, I guess I
fixed that.
danc: the 'hello world' example *was* in section 8. Previously, it
was hard to tell whether there was something that was a constraint
on documents vs. a constraint on implementation
... that seems to have gotten better.
<Zakim> DanC_, you wanted to respond re reading the author view
<ht> Beware that if you follow TOC links from
[41]http://www.whatwg.org/specs/web-apps/current-work/multipage/?sty
le=author you _lose_ the parameter, and have to re-enter it by hand
[41]
http://www.whatwg.org/specs/web-apps/current-work/multipage/?style=author
jk: who are we helping with respect to getting a grammar? Who cares?
... Hixie has done something toward satisfying a goal, we don't know
if it is close to satisfying our goal
... maybe this is our chance of getting a spec that's normative
<noahm> I heard Dan say "I'm not convinced the style=author draft
will meet the needs of the design community (though some of the
shortcomings may be inherent in the complexity of HTML 5). FWIW I
(Noah) find that to be just the sort of feedback I hope to give.
<Zakim> johnk, you wanted to ask who are we trying to help here?
<DanC_> I'm not prepared to give feedback on behalf of the design
community, Noah; look at my web pages; they're design jokes, at
best. I've encouraged the design community to comment for
themselves, and had mixed success.
jar: I think it is a threat, if you have standards that are hard to
understand, that's a threat to openness
<ht> HST absolutely agrees with PLH -- W3C writes specs for
implementors
<ht> .. but implementors need language specs, not algorithms
plh: with the working group, who are we writing the spec for? For
the implementors? The users can buy books. The implementors
disagree.
danc: there are lots of examples for users in the spec, though, not
just for implementors.
plh: given the resources, though, most of them spend their time
<noahm> I strongly disagree. Books are very helpful, but not
normative. There are architectural, and thus practical, benefits to
having a rigorous, precise specification for a language, a spec
that's not unnecessarily tangled with specs for other things.
<DanC_> (I think it's a _huge_ mistake to say "the book writers will
satisfy the users". It's incredibly important to validate the design
by trying to explain it to users. If you can't explain it, you
should think again about the design. I think quite a few of the HTML
WG members agree with this view.)
plh: there's a RELAXNG schema
ht: it has no authority
plh: The WG might adopt it as a WD
hst: That would be great
LMM: I want to support implementors of things other than browsers.
Transformers, editors, etc.
<ht> masinter +1
LMM: HTML for ATOM, HTML for email
plh: the chairs would like to move HTML5 to last call soon. pick
your battles. Look at the long list of issues the WG already has,
are there any that don't have a change proposal, consider making a
proposal for those.
noahm: would like to get someone on TAG to review the table (and
maybe things that have fallen off the table), would like to use that
to help prioritize
danc: I already did this before and did it again last night
... there is one I suggest we increase in priority: 'resource' vs
'representation'
<DanC_> ACTION Noah schedule discussion of 'usage of 'resource' vs
'representation' in HTML 5, CSS, HTML 4, SVG, ...' [note follow-up
discussion in www-archive]
<trackbot> Created ACTION-358 - Schedule discussion of 'usage of
'resource' vs 'representation' in HTML 5, CSS, HTML 4, SVG, ...'
[note follow-up discussion in www-archive] [on Noah Mendelsohn - due
2009-12-17].
(review of HTML open issues was only against 'things to be closed
soon')
<ht> DanC, I agree that user needs must be addressed by the
_designs_ which WGs produce, but that that is _not_ the leading
priority for the specs which communicate those designs
noah: we did have this discussion of authoring. Would be helpful
to... (?)
... proposal: (review of Maciej message of 08 Dec 2009 15:55:20) We
do not have a uniform opinion of how much this meets needs, but we
think this is ... positive.
<DanC_> PROPOSED: to endorse the proposed disposition of HTML WG
issue-59 in
[42]http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.htm
l , i.e. the class=author view and the informative reference guide
[42]
http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.html
ht: message proposes closes this issue. We should say: don't do
this, we're not happy.
<DanC_> I gather ht doesn't find my proposal appealing
ht: wants the TAG to ask for a language spec
lm: I want the HTML working group to agree that they will review the
resulting document and come to consensus about its adequacy, not
just to do so as a political move to meet someone else's pro-forma
requirement
ht: Maciej's message proposes to adopt it as a non-normative WG
product
(discussion of whether the doc supports RelaxNG grammar)
<DanC_> PROPOSED: to endorse the proposed disposition of HTML WG
issue-59 in
[43]http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.htm
l , i.e. the class=author view and the informative reference guide,
provided the relaxng is appended to the informative reference guide
[43]
http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.html
<ht> PROPOSED: to endorse the proposed disposition of HTML WG
issue-59 in
[44]http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.htm
l , i.e. the class=author view and the informative reference guide,
provided the relaxng is appended to the informative reference guide,
which will be published as a Working Draft and taken forward
[44]
http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.html
noahm: and maintained as the HTML language evolves?
(wordsmithing of response)
<ht> PROPOSED: to endorse the proposed disposition of HTML WG
issue-59 in
[45]http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.htm
l , i.e. the class=author view and the informative reference guide,
provided the relaxng is appended to the informative reference guide,
which will be published as a Working Draft and maintained
[45]
http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.html
<ht> PROPOSED: to endorse the proposed disposition of HTML WG
issue-59 in
[46]http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.htm
l , i.e. the class=author view and the informative reference guide,
provided the relaxng is appended to the informative reference guide,
which will be published as a Working Draft and taken to Last Call
[46]
http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.html
<plh> I suggest s/to Last Call/through Last Call/
so RESOLVED
<ht> s/taken to last call/taken through Last Call/
RESOLUTION: endorse the proposed disposition of HTML WG issue-59 in
[47]http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.htm
l , i.e. the class=author view and the informative reference guide,
provided the relaxng is appended to the informative reference guide,
which will be published as a Working Draft and taken to Last Call
[47]
http://lists.w3.org/Archives/Public/public-html/2009Dec/0249.html
<scribe> ACTION: Noah to communicate TAG resolution to HTML WG
recorded in [48]http://www.w3.org/2009/12/10-tagmem-irc]
[48] http://www.w3.org/2009/12/10-tagmem-irc
<trackbot> Created ACTION-359 - Communicate TAG resolution to HTML
WG [on Noah Mendelsohn - due 2009-12-17].
<DanC_> close ACTION-292
<trackbot> ACTION-292 Alert group to review HTML Authoring Drafts
[trivial] [self-assigned] closed
<noahm> ADJOURNED FOR LUNCH UNTIL 13:30
<DanC_> scribe: DC
<DanC_> scribenick: DanC_
Admin: scribe duties, agenda review
close action-330
<trackbot> ACTION-330 Prepare Dec f2f agenda in collaboration with
Noah etc. closed
<scribe> ACTION: John to clean up TAG ftf minutes 8 Dec [recorded in
[49]http://www.w3.org/2009/12/10-tagmem-irc]
[49] http://www.w3.org/2009/12/10-tagmem-irc
<trackbot> Created ACTION-360 - Clean up TAG ftf minutes 8 Dec [on
John Kemp - due 2009-12-17].
<scribe> ACTION: Henry to clean up TAG ftf minutes 9 Dec [recorded
in [50]http://www.w3.org/2009/12/10-tagmem-irc]
[50] http://www.w3.org/2009/12/10-tagmem-irc
<trackbot> Created ACTION-361 - Clean up TAG ftf minutes 9 Dec [on
Henry S. Thompson - due 2009-12-17].
<noah> Raman, we are starting, and we are dialed in
<scribe> ACTION: Dan to clean up TAG ftf minutes 10 Dec, and either
wrap up the 3 days or get Noah to do it [recorded in
[51]http://www.w3.org/2009/12/10-tagmem-irc]
[51] http://www.w3.org/2009/12/10-tagmem-irc
<trackbot> Created ACTION-362 - Clean up TAG ftf minutes 10 Dec, and
either wrap up the 3 days or get Noah to do it [on Dan Connolly -
due 2009-12-17].
NM reviews agenda...
<ht> John, <link id="xf" rel="prefix" is already allowed !
<raman> something is different in the room, audio is awful, lots of
echo
echo? bummer.
HT: I do have something re references... though I'm OK if that goes
to a telcon
NM: accepts the agenda request; commits Revision: 1.31
raman? audio better?
<noah> Raman, I have moved the mic, and will dial again if
necessary. Was good this morning. Can't hear you at all.
Metadata Architecture: ISSUE-62 (UniformAccessToMetadata-62): Uniform
Access to Metadata
ACTION-281?
<trackbot> ACTION-281 -- Ashok Malhotra to keep an eye on progress
of link header draft, report to TAG, warn us of problems (ISSUE-62)
-- due 2009-11-13 -- PENDINGREVIEW
<trackbot> [52]http://www.w3.org/2001/tag/group/track/actions/281
[52] http://www.w3.org/2001/tag/group/track/actions/281
AM: we're tracking 4 drafts... linking, well-known, host-meta,
XRDD... I think one got updated since I sent mail...
<noah> Raman, please ping us in IRC when we have your attention
again. Thank you.
AM: I saw comments from Tim and Dan... the authors have seen those
DC: I had a concern about the registration and Mark Nottingham fixed
it.
AM: these are 3 mechanisms for attaching metadata
... are these enough? do we need more?
... and JAR said something about an iTunes-like mechanism...
JAR: well... maybe the issue name should be changed... it suggests
there will be a limited number of ways to access metadata...
... these 3 mechanisms are about 1st-party metadata. in the
[academic] metadata world, that's the least valuable, but in other
cases, it's useful, especially if it's all you've got
... so something like "uniform access to 1st party metadata"; this
isn't metadata in general
NM: this is metadata that the 1st party helps you find
JAR: that link itself is metadata
LMM: if you include the pre-production and production workflow,
[oops; I lost the train of thought]... photo metadata...
... the camera is the 1st party...
... the person who takes the photo and edits it is the 2nd party...
and the next person in the workflow is 3rd, copyright guy is 4th
party... or there's a lot of 3rd parties
jar: I agree... I may need to adjust my terminology
DanC: from the perspective of the link-header draft, all those are,
in aggregate, the 1st party
LMM: no, if you look in the photo, you can see the audit trail
DanC: ah.
LMM: and it goes on from there... flickr taggers, commenters, etc.
JK: doesn't that means that the metadata inside the data?
(I think the way I scribed JK makes the referent of "that"
misleading.)
LMM: it helps in the production workflow...
... but flickr tags and comments, probably not
<Zakim> masinter, you wanted to talk about goals
TBL: in the adobe tools, can you set the trail of custody?
[something like that]
LMM: in varying degrees, yes
TBL: when adobe tools get content from the web, can they recover the
trail?
LMM: I don't know
TBL: the metadat trust is [scribe falls behind]
[discussion between TBL and LMM exceeds scribe bandwidth]
LMM: in the Seybold community, I learned the industry uses a variety
of mechanisms to send images around... often not compressed...
<jar> I want to know what problem we're working on now.
TBL: I'm interested in "this is/was [53]http://...." .
[53] http://.../
LMM: the workflow uses guiids rather than locations; these things
move around too much
<masinter> the locations weren't normative
<masinter> I guess the point is that first-party metadata is often
embedded, and that the Link header is better thought of as
"third-party metadata" where the third-party is the publishing web
site
danc: Host-meta, powder, EARL - I would only want to write that
software once (see mail Dan sent to www-tag)
... and I have a concern about not using .well-known unless it's
merited in ways that Roy emphasized
JAR: [who]'s concerns increases my desire to change the name of the
issue... "server provided metadata"?
<DanC> (I'm happy for the issue shepherd to change the issue name
whenever they see fit; I trust them to consult the TAG as
appropriate)
<timbl_> Maybe we should be charging $10M for an entry in
"well-known" to express the cost to the community of each one,
clients having to check different places.
<masinter> was talking about entire workflow from camera which takes
photo and adds GPS data through editing the photo by cropping and
color correcting to putting it into a web page and publishing the
page, to commenting on the image in Flickr. Whether metadata is
associated with the photo by embedding, linking, or some kind of
third-party metadata site may depend.
<masinter> issue-62?
<trackbot> ISSUE-62 -- Uniform Access to Metadata -- OPEN
<trackbot> [54]http://www.w3.org/2001/tag/group/track/issues/62
[54] http://www.w3.org/2001/tag/group/track/issues/62
<noah> Note that we just changed the name of the issue:
issue-62?
<trackbot> ISSUE-62 -- Uniform Access to Server-provided Metadata --
OPEN
<trackbot> [55]http://www.w3.org/2001/tag/group/track/issues/62
[55] http://www.w3.org/2001/tag/group/track/issues/62
AM: do we need another issue for the rest?
JAR: we have the broader issue; issue-63
<masinter> issue-63?
<trackbot> ISSUE-63 -- Metadata Architecture for the Web -- OPEN
<trackbot> [56]http://www.w3.org/2001/tag/group/track/issues/63
[56] http://www.w3.org/2001/tag/group/track/issues/63
<Zakim> jar, you wanted to suggest "server provided links" or
"server provided metadata"
<jar> These RFCs are going to be final soon. Very narrow window to
have influence.
AM: again, do we need more mechanism? or fewer?
DanC: I'd like to see fewer
JAR: these specs are nearing deployment
<Zakim> noah, you wanted to ask questions from chair
DanC: do you have any critical concerns? are you happy with the
specs, JAR?
JAR: yes, I'm happy
<Zakim> masinter, you wanted to note that there are lots of other
requirements and to diminish the importance of IETF proposed
standards
LMM: are the applicability of these draft narrow enough that other
cases are ruled out? [?]
... I don't think publication of these as Proposed Standard will get
in the way if something else is more appropriate
JAR: well, it'll compete
... well, doesn't compete with mechanisms for other sources of
metadata
<jar> it will compete in the very narrow in which it applies. won't
compete with ways of getting metadata *from other sources*
LMM: my remaining concern is: when more than one of these mechanisms
provides info, what about priority?
JAR: thie "Web Linking" explicitly says "this is not authoritative;
apps have to come up with their own trust model"
LMM: it's not a matter of trust, it's a matter of intent. e.g. if I
write copyright in both the Link header and in the content and
they're different, which do I mean? both?
TBL: that's a bug
... i.e. the web site is buggy [not the link header spec]
<jar> there's no such thing as overriding a copyright statement
(legally)...
LMM: I don't like the "then it's a bug and we don't say which"; I
prefer priorities
TBL: priorities allow people to write incorrect things that get
obscured due to priorieites; then they get surfaced when the
document moves
<Zakim> DanC_, you wanted to ask about use cases that are market
drivers
<timbl_> A language should ays "if you write this, then it means
*this*".
<jar> the resource and the server are distinct principals with
different interests. metadata is statements of fact. thus
disagreements are inherent and unresolvable outside of a trust model
<timbl_> Not "it means this unless it is overridden...".
<masinter> points to
[57]http://www.metadataworkinggroup.org/pdf/mwg_guidance.pdf for
dealing with conflicting embedded metadata
[57] http://www.metadataworkinggroup.org/pdf/mwg_guidance.pdf
DC: The specs may well come out, but it would be interesting to
remind ourselves what the market drivers are for the specs we're
discussing here.
... Anyone know what the drivers are, e.g., for host meta?
AM: It says it's for where the host controls.
DC: But who's going to make money?
Falling behind scribing johnk....
JK: I think the market-driving use case is URI templates ...
advertising.
... e.g. "if you want to look up a person whose profile is on my
site, here's the URI template to plug the username into". and having
lots of users leads to advertising revenue.
... e.g. google, yahoo, etc.
<Zakim> timbl_, you wanted to say, well it would be better if they
were all RDF of course. Are we goingto do nothing about that?
<masinter> from [58]http://www.metadataworkinggroup.org/specs/
[58] http://www.metadataworkinggroup.org/specs/
TBL: this XRD format seems to overlap significantly with RDF... how
much RDF is there out there?
... a lot.
... and we're pushing linked data...
... linking host meta into the linked data world seems helpful
<noah> The XRD thing is already deployed, right?
JAR: use GRDDL?
TBL: but I can't use an RDF serializer to write XRD
JAR: XRD is very simple
TBL: I can't write arbitrary RDF into XRD
JAR: aside from bnodes and literals, you can; i.e. arbitrary uri
triples
JK: ... web finger ...
(If I were going to push on something, I'd push RDFa rather than
RDF/XML)
<Zakim> johnk, you wanted to note that Link header was originally
specifically about representations that could not contain <link>
elements
JK: using <link> for formats that can't express links is like
[something larry was talking about]
<Zakim> masinter, you wanted to talk to the MWG document dealing
with conflicting metadata
<masinter> points to
[59]http://www.metadataworkinggroup.org/pdf/mwg_guidance.pdf for
dealing with conflicting embedded metadata
[59] http://www.metadataworkinggroup.org/pdf/mwg_guidance.pdf
NM: This reinforces Tim's point. If the use case in mind is where
there's no possible duplication, then duplication with conflict
should be an error, not resolved with priority.
LMM: even when the metadata is embedded, you can have multiple kinds
of metadata... this points to the practical issue of...
... what if you have EXIF, [something else], and conflicts, and how
to manage...
... so I think the "conflicting metadata is a bug; we're not telling
what to do" doesn't suffice...
... I suggest to say that it's not an error... providing an override
mechanism is important
<Zakim> jar, you wanted to answer larry regarding priority between
sources (i will just say what i already entered in irc)
JAR: metadata is typically a statement of fact. [LMM: no]. sometimes
the server is right; sometimes the resource is right; each consumer
has to decide who to believe
<johnk> In response to the question "is XRD deployed" I mentioned
WebFinger (see
[60]http://hueniverse.com/2009/09/implementing-webfinger/) which I
believe may already be deployed
[60] http://hueniverse.com/2009/09/implementing-webfinger/)
<masinter> I don't want to say "who is right and who is wrong". I
just am asking that the Link header be expanded to alow the server
to be clear about whether the intent of the server is to override,
supplant, or replace embedded metadata.
<Zakim> masinter, you wanted to disagree: metadata is always an
issue of opinion, not a theory of fact
JAR: It's a putative fact
AM: when I asked whether this is the right number of mechanism I got
sort of a yes from LMM and JAR and a No from Dan... elaborate?
<johnk> JK: regarding the Link header, I mentioned that the original
use-case (IIRC!) was specifically for cases where an HTTP
entity-body could not contain "links" (for example, text/plain)
<noah> LM: I'm not looking to settle who's right, I'm looking for
priority mechanisms.
DanC: I think Host-Meta overlaps with existing mechanisms: POWDER.
so we've got more mechanisms than I'd like to see. [don't mean to be
emphatic about which of POWDER or Host-Meta shold survive]
<noah> Interesting Dan, I thought some of what you wanted was an RDF
answer (or maybe I'm channeling Tim through you)
<Zakim> DanC_, you wanted to speak to expressiveness of override
mechanism
<jar> "The server believes this information to be more trustworthy
than what the resource says." or "The server that what the resource
says is more likely to be right than what it says."
DC: The client can have all sorts of policies, but it's less
expressive if you don't let the sender express a preference.
TBL: architecturally, the HTTP header overrides the content... but
in practical cases, people want their content to override the server
config too.
<timbl_> TBL: architecturall,y, the HTTP Srever is in a position to
override anything, as it is on control -- it could munge the ougoing
file and chenge the metaa -- . The provdier of hte fil eonly has
delegated control. But hen tthere are so many case of broken server
implementatuions. where th person writing the file. knows bett
ertthan te person who confiugured the apache.
JAR: I'd say mnot and Eran would say: it's the responsibility of
what's pointed to by Link: to have this override mechanism.
NM: we can always come back to this...
JAR: no; there's a market window...
DC: does anybody know timing of large deployments?
JK: I think webfinger is deployed at scale, using [Host-Meta?]
HT: uniform access has come back into this... harks back to XRI and
[missed]...
... the energy currently is going into how to provide metadata that
addresses the uniform access problem...
... the good news is that although there are what might look like 3
competing proposals, actually they play nice together
... and there's a story about how
... that's what I heard.
DC: As team contact, I feel that doing nothing isn't good.
... I think we need to connect with the Sem Web coordination group.
<Ashok> [61]Webfinger
[61] http://code.google.com/p/webfinger/
<noah> DC: What I have in mind is along the lines of going to coord
group and say: Hey, this is about to happen without RDF, Linked
Data. Problem?
. ACTION: Jonathan inform SemWeb CG about market developments around
webfinger and metadata access, and investigate relationship to RDFa
and linked data
<scribe> ACTION: Jonathan inform SemWeb CG about market developments
around webfinger and metadata access, and investigate relationship
to RDFa and linked data [recorded in
[62]http://www.w3.org/2009/12/10-tagmem-irc]
[62] http://www.w3.org/2009/12/10-tagmem-irc
<trackbot> Created ACTION-363 - Inform SemWeb CG about market
developments around webfinger and metadata access, and investigate
relationship to RDFa and linked data [on Jonathan Rees - due
2009-12-17].
<timbl_> [63]http://www.w3.org/host-meta
[63] http://www.w3.org/host-meta
<jar> Last call ended for .well-known and Link:
<masinter> the TAG could ask the editor (Mark) to note open issues:
use of RDF vs. other metadata representations, and whether Link:
overrides, supplants, or defaults embedded metadata.
<masinter> the discussion has been useful, even if we don't act
further
close action-281
<trackbot> ACTION-281 Keep an eye on progress of link header draft,
report to TAG, warn us of problems (ISSUE-62) closed
<noah> Supposedly now until 3:15, but we're struggling to
close action-336
<trackbot> ACTION-336 Prep Metadata Architecture for Dec f2f closed
<noah> WE ARE ON BREAK UNTIL 15:20 US EST
<masinter> (back from break)
(xmlFunctions-34 / ISSUE-34): XML Transformation and composability
(e.g., XSLT,XInclude, Encryption)
DanC: HT notified us of a default processing model draft in the
XProc WG
<ht> [64]http://www.w3.org/XML/XProc/docs/defproc.html
[64] http://www.w3.org/XML/XProc/docs/defproc.html
DanC: any processing model that does Xinclude shouldn't be "_the_
default_" ...
... previously, HT seemed sympathetic
<noah> (some metadiscussion on whether editors of this are obligated
to listen to input before formal drafts available. Editor warns that
lack of sleep will lead to forgetfulness anyway.)
DanC: I think the way to make it clear that this is not _the_
default processing model is to include another one...
... the trivial one: just use the bytes you got
DC: Earlier, I said "Default Processing Model" isn't the right
title. Henry, you seemed sympathetic. Are you still.
HT: Um, loses some value.
... Lots of people should point to this.
DC: So you do want to be THE model.
HT: Yes.
... With XInclude we can get rid of much of the need for DTDs.
DC: The getting rid of DTDs part appeals to me. Tim, do you feel
that justifies making XInclude the default?
<masinter> shouldn't
[65]http://tools.ietf.org/html/draft-murata-kohn-lilley-xml make
normative reference to this?
[65] http://tools.ietf.org/html/draft-murata-kohn-lilley-xml
TBL: what does the xml:id bit do?
HT: affects the DOM; e.g. GetElementById
TBL: does xinclude happen after xml:id?
HT: no; the details are in XProc
***** HT wants to remember that this could be clarified
TBL: I'm surprised to not see something recursive
HT: XInclude is recursive; unlike GRDDL, which doesn't say whether
xinclude happens 1st, xinclude does say
<Zakim> johnk, you wanted to ask what happens if the document looks
like this: <xml version='1.0'?><EncryptedData>...</EncryptedData>
JK: what if the data is encripted?
HT: well... you lose... we tried to get encryption/signature into
the design, but... they require a key...
... and we don't want to come anywhere close to encourage packaging
a document with a key
<Zakim> masinter, you wanted to ask whether this belongs with the
application/xml media type & reregistration of it
LMM: how about binding it to the XML media type?
HT: not retrospectively
LMM: but how about when people make new XML media types, they should
be referred to this processing model
<masinter>
[66]http://tools.ietf.org/html/draft-murata-kohn-lilley-xml
[66] http://tools.ietf.org/html/draft-murata-kohn-lilley-xml
<noah> NM As I recall, schema looked at this a long time, asking "do
you want to validate pre or post inclusion. The answer was a clear
"both", that's as a good reason to use the infoset.
<ht> [67]http://www.w3.org/2006/02/son-of-3023/latest.html
[67] http://www.w3.org/2006/02/son-of-3023/latest.html
TBL: what "the customer", me, asked for, is what "corresponds to"
the input, in the HTTP sense
<Zakim> noah, you wanted to ask whether this is clear on what to do
if external resources don't resolve. Can you use this in a
non-network environment?
<timbl_> In the sense, if you send me an XML document, whot I can
hold you to haveing said
NM: meanwhile, HT has an action to lay out the design space
action-113?
<trackbot> ACTION-113 -- Henry S. Thompson to hT to a) revise
composition.pdf to take account of suggestions from Tim & Jonathan
and feedback from email and b) produce a new version of the
Elaborated Infoset finding, possibly incorporating some of the PDF
-- due 2010-01-01 -- OPEN
<trackbot> [68]http://www.w3.org/2001/tag/group/track/actions/113
[68] http://www.w3.org/2001/tag/group/track/actions/113
<masinter> e.g., the XML Media Types RFC could require, at a
minimum, that registration of XML media types MUST clearly identify
what processing model they use, and whether they use this one.
<DanC> (w.r.t. wrapping up, I'm content to consider action-239 done
and come back when we see progress on action-113, provided it comes
before LC on this spec)
<Zakim> ht, you wanted to answer Tim
<timbl_> The meaning of an xinclude include emeplemnt is t its
included contents.
HT: yes, it's a reasonable exercise to answer "what is the author
held to?"
... and the value increases if there's only one answer
... that's why there's no answer in the case you gave [oops; what
case was that? I didn't scribe it]
... this only takes one step down a complicated [... more]
<Zakim> timbl_, you wanted to explain as patiently as he can that
the interesting thing i snot to tell people how they shoul dprocess
it. in fact the idea of a processing model is (of
<DanC> (I encourage jar, lmm, and noah to q- and wait for telcon
time, unless there's nothing else on today's agenda that you care
about)
TBL: [...missed] which is the decrypted material...
... and in the case of XSLT is the output
... so in fact you have to go to the spec for each element to get
what the author is held to
<jar> TBL was talking about the recursive / compositional processing
model.
<jar> I think he's saying this spec isn't ambitious (inferential?)
enough
HT: LMM, yes, I take on board the concern about the connection
between the XML media types spec and this spec
... though I'm concerned about the timelines
close action-239
<trackbot> ACTION-239 alert chair when updates to description of
xmlFunctions-34 are ready for review (or if none made) closed
HTML versioning change proposal
<masinter>
[69]http://lists.w3.org/Archives/Public/public-html/2009Dec/0055.htm
l
[69]
http://lists.w3.org/Archives/Public/public-html/2009Dec/0055.html
LMM: you can see the suggested syntax at the bottom
DC: hmm... DOCTYPE... despite my advice?
LMM: I looked and couldn't find any downside
DC: quirks mode?
LMM: no, quirks mode is triggered only in the case of known DTD
strings
... a goal is to make a change that needs no changes from browsers
NM: what's the motivation/goal for the change?
LMM: cf the change proposal, incl "The html version string is
allowed primarily because it may be useful for content management
systems and other development workflows as a kind of metadata to
indicate which specification was being consulted when the HTML
content was being prepared.
"
HT notes another procedural request from maciej
HT: this looks good to me.
... yes, we should look into the XML requirement for a system
identifier
... ah... yes... there are no XML syntaxes with only public id
(train of thought started with something NM said, which I forgot)
DC: that's why I advise a version attribute
<johnk> Jonathan how about:
[70]http://tools.ietf.org/html/draft-holsten-about-uri-scheme-02
[70] http://tools.ietf.org/html/draft-holsten-about-uri-scheme-02
<jar> johnk, that's amazing, thanks
LMM: I wanted to follow the existing tradition of using <!DOCTYPE >
DC: but it suggests there's a DTD, while there isn't one
HT: well, a DTD with all "ANY" content models could be slotted in.
LMM: in some ways I don't have a strong opinion on this issue, but
...
... I don't like to see the HTML WG close issues just because noone
was willing to take flack for making a proposal
<ht> Actually, forget ANY -- if it goes that way, I would
expect/recommend that an effectively empty external subset should be
provided at the given SYSID, i.e one consisting entirely of a
comment
LMM: and I think it's important for those who want to express a
version id to be able to
... I encourage TAG members to review and contribute directly to
public-html
some discussion of public-html mailing list logistics and
expectations
HTML media type and pre-HTML 5 content
action-334?
<trackbot> ACTION-334 -- Henry S. Thompson to start an email thread
regarding the treatment of pre-HTML5 versions in the media type
registration text of HTML5 -- due 2009-11-26 -- PENDINGREVIEW
<trackbot> [71]http://www.w3.org/2001/tag/group/track/actions/334
[71] http://www.w3.org/2001/tag/group/track/actions/334
<DanC> [72]Backward-compatibility of text/html media type
(ACTION-334) Henry S. Thompson 02 Dec 2009
[72] http://lists.w3.org/Archives/Public/www-tag/2009Dec/0013.html
HT: so that collects all relevant materials I know of
<DanC> what's "suspended animation"? wild... they use tracker:closed
<DanC> [73]ISSUE-53 mediatypereg Need to update media type
registrations
[73] http://www.w3.org/html/wg/tracker/issues/53
"State: CLOSED Product: HTML5 Spec - PR Blockers"
HT: so... should we try to get something to happen before Last Call?
I thought there was an interaction with the language design, but on
close examination, I didn't find one.
<masinter> this is a useful as a Rationale for the change proposal
<noah> ac2 n6ah
<noah> DC: I don't agree with the obvious fix. I think the HTML 5
spec describes HTML 2 better than HTML 2 spec does.
<Zakim> masinter, you wanted to ask for volunteer to write a change
proposal
LMM: I think a change proposal would be good... e.g. there are
documents that prompt quirks mode that's implemented, but the
current HTML 5 spec rules it out. [roughly]
<masinter> suggest MIME registration point to history section inside
HTML5 document and/or previous MIME registration
. ACTION DanC: ask HTML WG team contacts to make a change proposal
re issue-53 mediatypereg informed by HT's analysis and today's
discussion
<scribe> ACTION: DanC to ask HTML WG team contacts to make a change
proposal re issue-53 mediatypereg informed by HT's analysis and
today's discussion [recorded in
[74]http://www.w3.org/2009/12/10-tagmem-irc]
[74] http://www.w3.org/2009/12/10-tagmem-irc
<trackbot> Created ACTION-364 - Ask HTML WG team contacts to make a
change proposal re issue-53 mediatypereg informed by HT's analysis
and today's discussion [on Dan Connolly - due 2009-12-17].
<ht> It occurs to me that a change which said "this registration
augments [the existing registration] rather than replacing it
LMM: a change proposal might fix some other parts of the media type
registration... e.g. change controller
close action-334
<trackbot> ACTION-334 Start an email thread regarding the treatment
of pre-HTML5 versions in the media type registration text of HTML5
closed
Widget URI Scheme
<masinter>
[75]http://www.w3.org/Search/Mail/Public/advanced_search?keywords=&h
dr-1-name=subject&hdr-1-query=widget+uri&hdr-2-name=from&hdr-2-query
=masinter&hdr-3-name=message-id&hdr-3-query=&period_month=Dec&period
_year=2009&index-grp=Public__FULL&index-type=t&type-index=public-web
apps&resultsperpage=20&sortby=date
[75]
http://www.w3.org/Search/Mail/Public/advanced_search?keywords=&hdr-1-name=subject&hdr-1-query=widget+uri&hdr-2-name=from&hdr-2-query=masinter&hdr-3-name=message-id&hdr-3-query=&period_month=Dec&period_year=2009&index-grp=Public__FULL&index-type=t&type-index=public-webapps&resultsperpage=20&sortby=date
LMM: there's a TAG issue about registering URI schemes [really?]; I
think we should encourage registering permanent URI schemes rather
than provisional ones... but leaving that aside...
<johnk> [76]http://www.w3.org/TR/2009/WD-widgets-uri-20090618/
[76] http://www.w3.org/TR/2009/WD-widgets-uri-20090618/
rather
[77]http://www.w3.org/TR/2009/WD-widgets-uri-20091008/#authority
[77] http://www.w3.org/TR/2009/WD-widgets-uri-20091008/#authority
<timbl_> [78]http://www.w3.org/TR/widgets-uri/#authority
[78] http://www.w3.org/TR/widgets-uri/#authority
LMM: consider "A producer may include an authority component in
URIs. If present, the authority component is said to be opaque,
meaning that the authority component has a syntax as defined by
[RFC3987] but that the authority component is devoid of semantics. "
... this seems not well-defined
... earlier in the design discussion, this was used for cross-widget
references , but due to security concerns, I think, they made it
opaque
JAR: how about using it to distinguish widgets?
JK: but these are only used for reference within a widget
... widget URIs are used in a "manifest" contained within a widget
package, and then used to point to other files within the widget
package
<masinter> [79]http://tools.ietf.org/html/rfc4395
[79] http://tools.ietf.org/html/rfc4395
<masinter> guidelines and registration procedures for new uri
schemes
TBL: this does seem undefined
JAR: could be "reserved for future use"
<masinter> For schemes that function as locators, it is important
that the
<masinter> mechanism of resource location be clearly defined. This
might mean
<masinter> different things depending on the nature of the URI
scheme.
<masinter> The URI registration process is described in the
terminology of [$1\47].
<masinter> The registration process is an optional mailing list
review, followed
<masinter> by "Expert Review". The registration request should note
the desired
<masinter> status. The Designated Expert will evaluate the request
against the
<masinter> criteria of the requested status. In the case of a
permanent
<masinter> registration request, the Designated Expert may:
<masinter> I am not the expert.
<masinter> I hope that W3C staff will establish a process where "The
template may also be submitted in some other form (as part of
another document or as a stand-alone document), but the contents
will be treated as an "IETF Contribution" under the guidelines of
RFC 3978 [$1\47]."
Closing remarks, thanks to the host
RESOLUTION: to thank Amy for hosting arrangements. with applause
AM: This was a very successful ftf.
JK: yeah; good meeting; the action item stuff in the agenda worked;
the Zakim tracking not so well.
NM: yeah.
TBL: yeah... good meeting... JAR's "speaks_for" stuff was a
highlight
... the persistent domain stuff... not clearly within the TAG's
scope, but if not us, who?
JAR: yeah... Creative Commons will sure help... but who else is in a
position to connect the IETF with the library community?
<Zakim> johnk, you wanted to ask whether the crucial question is
whether individual components of a widget will be "on the Web"
<jar> who else other than the TAG, that is
<jar> and CC
<jar> (not a rhetorical question by the way)
NM: yeah... good meeting... noteable technical highlights
... and as to how we work as a group, this feels like we're starting
to hit stride.
<masinter> feedback: i'm very happy that the ratio of technical /
non-technical & administrative has been the highest in my experience
on the TAG. I think we're making much better progress toward
producing things of lasting value, drive toward architecture
documents, etc. Want to make sure we also focus on "last mile",
i.e., once we've worked an issue, that we do the final work toward
publishing it, rather than letting it languish in the "nearly
<masinter> done" state.
<Zakim> DanC_, you wanted to speak to the persistent domain tactics
<timbl_> Strong argument there John the the Web for an agent must
not xclude things which are local to it .. much of my most important
web i s local to my laptop. So local files are things on my web and
so I suppose are chrome: and widget:things .. not a showstopper
there.
DC: yeah... not clear that persistent domains is a TAG thing, but
it's a W3C thing, and if we can catalyze a workshop, that makes
sense
... and several of the topics that came up in the meeting kept me
thinking into the evening
next meeting looks like 17 Dec
JAR: [scribe too sleepy...] I'm starting to feel more in sync with
the group
ADJOURN
Postscript: bulk action review
Dan and Noah cleaned up some action states
action-213?
<trackbot> ACTION-213 -- Noah Mendelsohn to prepare 17 Dec weekly
teleconference agenda -- due 2009-12-16 -- PENDINGREVIEW
<trackbot> [80]http://www.w3.org/2001/tag/group/track/actions/213
[80] http://www.w3.org/2001/tag/group/track/actions/213
close action-277
<trackbot> ACTION-277 Ensure patent policy issue is resolved with
Art closed
close action-306
<trackbot> ACTION-306 Work with Raman, LM, JK to update Web
APplication architecture outline based on discussions at TAG
meetings closed
action-327
close action-328
<trackbot> ACTION-328 Convey to the EXIWG the resolution "We thank
the EXI WG for registering the conetnt encoding and encourage them
in their endeavours.". closed
Summary of Action Items
[NEW] ACTION: Dan to clean up TAG ftf minutes 10 Dec, and either
wrap up the 3 days or get Noah to do it [recorded in
[81]http://www.w3.org/2009/12/10-tagmem-irc]
[NEW] ACTION: DanC to ask HTML WG team contacts to make a change
proposal re issue-53 mediatypereg informed by HT's analysis and
today's discussion [recorded in
[82]http://www.w3.org/2009/12/10-tagmem-irc]
[NEW] ACTION: Henry to clean up TAG ftf minutes 9 Dec [recorded in
[83]http://www.w3.org/2009/12/10-tagmem-irc]
[NEW] ACTION: Henry to elaborate the DPD proposal to address
comments from #xmlnames and tag f2f discussion of 2009-12-10,
particularly wrt integration with XML specs and wrt motivation, due
2010-01-08 recorded in [84]http://www.w3.org/2009/12/10-tagmem-irc]
[NEW] ACTION: John to clean up TAG ftf minutes 8 Dec [recorded in
[85]http://www.w3.org/2009/12/10-tagmem-irc]
[NEW] ACTION: Jonathan inform SemWeb CG about market developments
around webfinger and metadata access, and investigate relationship
to RDFa and linked data [recorded in
[86]http://www.w3.org/2009/12/10-tagmem-irc]
[NEW] ACTION: Noah to communicate TAG resolution to HTML WG
recorded in [87]http://www.w3.org/2009/12/10-tagmem-irc]
[NEW] ACTION: noah to work to schedule followup meeting on xmlnames
next week recorded in [88]http://www.w3.org/2009/12/10-tagmem-irc]
[81] http://www.w3.org/2009/12/10-tagmem-irc
[82] http://www.w3.org/2009/12/10-tagmem-irc
[83] http://www.w3.org/2009/12/10-tagmem-irc
[84] http://www.w3.org/2009/12/10-tagmem-irc
[85] http://www.w3.org/2009/12/10-tagmem-irc
[86] http://www.w3.org/2009/12/10-tagmem-irc
[87] http://www.w3.org/2009/12/10-tagmem-irc
[88] http://www.w3.org/2009/12/10-tagmem-irc
[End of minutes]
_________________________________________________________
Minutes formatted by David Booth's [89]scribe.perl version 1.135
([90]CVS log)
$Date: 2010/01/05 17:43:14 $
[89] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[90] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 5 January 2010 17:56:18 UTC