- From: Henry S. Thompson <ht@inf.ed.ac.uk>
- Date: Tue, 20 Dec 2011 11:35:46 +0000
- To: www-tag@w3.org
now available at http://www.w3.org/2001/tag/2011/12/15-minutes.html and as text below. ht ----------------- - DRAFT - Technical Architecture Group Teleconference 15 Dec 2011 [2]Agenda See also: [3]IRC log Attendees Present Yves Lafon, Philippe Le Hegaret (in part), Ashok Malhotra, Larry Masinter, Noah Mendelsohn, Jeni Tennison, Henry S. Thompson Regrets Tim Berners-Lee, Peter Linss, Jonathan Rees Chair Noah Mendelsohn Scribe Henry S. Thompson Contents * [4]Topics 1. [5]Convene 2. [6]Minutes of last meeting 3. [7]Administrivia 4. [8]HTML.next 5. [9]F2F Planning 6. [10]ACTION-509, Response to RDFa WG 7. [11]ACTION-631 Microdata referenced from HTML5 spec 8. [12]Pending review actions 9. [13]Overdue actions * [14]Summary of Action Items __________________________________________________________________ Convene NM: There will be a call on 22 December ... Regrets from YL JT: Regrets NM: LM, can you scribe? LM: Yes Minutes of last meeting <noah> [15]http://www.w3.org/2001/tag/2011/12/08-minutes RESOLUTION: Approve the minutes of telcon of 2011-12-08 Administrivia Local arrangements for upcoming F2F at [16]https://lists.w3.org/Archives/Member/tag/2011Dec/0004.html NM: HST, please arrange for a telephone bridge HST: Will do Agenda for f2f is building at [17]http://www.w3.org/2001/tag/2012/01/04-agenda NM: Mark Nottingham will join us for the SPDY discussion ... Mark's time is limited, will have to fit in on Friday morning LM: Like to involve him on registries as well, as he's been taking the lead on the HAPPIANA work NM: Given time constraint, let's start the registries topic earlier, so we're well prepared to use Mark's time well ... Wrt XML-HTML unification work, chasing with Norm Walsh HTML.next NM: This topic was suggested at the Edinburgh f2f, suggesting we should look at what involvement we might want to have wrt HTML after HTML5 ... PLH has joined us, and will do so again at the F2F to help ... References to possibly relevant material in the agenda <noah> ACTION-637? <trackbot> ACTION-637 -- Noah Mendelsohn to ask PLH to join us in Dec. to bring us up to speed on HTML.next, and also join in F2F discussion -- due 2011-12-20 -- PENDINGREVIEW <trackbot> [18]http://www.w3.org/2001/tag/group/track/actions/637 <noah> close ACTION-637 <trackbot> ACTION-637 Ask PLH to join us in Dec. to bring us up to speed on HTML.next, and also join in F2F discussion closed NM: Most notably, a wiki at [19]http://www.w3.org/wiki/HTML/next PLH: Some background on HTML.next ... Not very far yet ... The HTML WG is focussed on HTML5, given the number of open issues, some of which are tricky ... So the discussions on .next have not gotten very far so far, most recently at TPAC ... Modularization of the spec. has been mentioned several times <Larry> Modularization work might benefit from some planning, even though it is premature to actually start with the work PLH: Some new features have been suggested ... Media ?? WG has brought some suggestions for some changes in their area ... A <data> element has been suggested by Ian Hickson <Larry> common protocol elements with other protocols as a big theme <noah> Larry, would you elaborate. Do mean things like HTTP-ish stuff in the <meta> tag, for example? NM: There's a sort of process issue about whether the future will be understood as working on a monolithic HTML6 or whether feature (group) by feature (group) will be specced through to REC independently PLH: Yes, but until we see a specific proposal, it's hard to know if/how this will work HT: A large architectural issue, which might arise, is whether there is any expectation within the WG (as opposed to rest of W3C) that they might want think about differing requirements for Web app delivery platform vs. browser. <Larry> I'd characterize what HT said was WebApps vs. HTML WG in W3C ... is that the right boundary in the long term NM: There's a background issue mentioned sometimes as to whether security has been well-treated in the current round ... Doug Crockford has weighed in on this <Larry> JavaScript & API rules <noah> Doug Crockford on HTML and Security: [20]http://security.sys-con.com/node/1544072 <noah> Title of article is "Discoverer of JSON Recommends Suspension of HTML5" NM: [Paraphrasing] This new spec. is chock-full of new features, and not only have you not done much to address existing issues, you've significantly expanded the surface area, and hence the risk of vulnerabilities <noah> He specifically criticizes the lack of clear resolution to cross site scripting problems, among others. <noah> Crockford is quoted as saying: "The XSS problem comes from two fundamental problems. The first is that the language of the web is unnecessarily complicated. HTML can be embedded in HTTP, and HTML can have embedded in it URLs, CSS, and JavaScript. " <noah> "JavaScript can be embedded in URLs and CSS. Each of these languages has different encoding, escapement, and commenting conventions. Statically determining that a piece of text will not become malicious when inserted into an HTML document is surprisingly difficult. There is a huge and growing set of techniques by which an attacker can disguise a payload that can avoid detection. New techniques are discovered all the time, and usually the attackers find them <noah> "The second problem is that all scripts on a page run with the same authority. " PLH: But DC has not pointed to any specific vulnerabilities. An EU study surveyed the spec. from this perspective, and identified some moderate issues, but nothing that stands out as a major problem: [21]http://www.enisa.europa.eu/act/application-security/web-security/a- security-analysis-of-next-generation-web-standards A Security Analysis of Next Generation Web Standards LM: It's not clear that the kind of security review that is needed can be done properly PLH: It's always possible that there are holes, but we're trying hard not to let that happen LM: When we discussed HTML issues a while ago, we left some things off the list because they weren't timely -- should we pull them up again? NM: I can't easily find that list -- someone needs to take an action to find the list and prepare a discussion ... so that we don't waste time LM: I will find the list, if someone else will do the review NM: I will take an action to find the list and email a link to the group <noah> ACTION: Noah to try and find list of review issues relating to HTML5 from earlier discussions [recorded in [22]http://www.w3.org/2001/tag/2011/12/15-minutes.html#action01] <trackbot> Created ACTION-641 - Try and find list of review issues relating to HTML5 from earlier discussions [on Noah Mendelsohn - due 2011-12-22]. NM: After that, I'll wait for specific requests for action wrt something there. PLH: That security review covers not just HTML5, but also related specs. ... It is often, as was the case with CSS, that it's combinations of specs that create security risks <Larry> perhaps ability to to security review is a goal for modularization PLH: The CSS risk was not CSS alone, but in combination with the DOM JT: From what you've seen about possible HTML.next features, is there potential overlap with other WGs? ... Because that's where problems have arisen in the past PLH: Not that I'm aware of, but only in-so-far as we often don't have WGs in the areas that have been mentioned <Zakim> noah, you wanted to ask if review really covered Doug C.'s concern NM: PLH mentioned the existing study, but DC's interview does mention some specifics ... For example <noah> Doug Crockford (in article linked above): "HTML can be embedded in HTTP, and HTML can have embedded in it URLs, CSS, and JavaScript. JavaScript can be embedded in URLs and CSS. Each of these languages has different encoding, escapement, and commenting conventions. Statically determining that a piece of text will not become malicious when inserted into an HTML document is surprisingly difficult." NM: Is that the kind of thing which that EU survey looked at? We're carrying a huge historical overhang which it's hard to untangle, or get away from PLH: I don't know whether that issue was covered by the survey <Zakim> Larry, you wanted to talk about modularization guideilnes, reasons for, requirements for... examples of where modularization helps, things to avoid... is this something TAG could <Larry> for example, our recent finding on web applications and URIs for application state -- could we get that into HTML.next LM: One of the requirements for modularization is that it makes security reviews easier. ... That needs to feed in to any discussion of why modularize, and how, which the TAG might contribute to <noah> I agree, but I think another way of saying this is: separation of concerns is a good characteristic of a design. If that's achieved, then one benefit will be that specs can be reviewed in pieces. LM: We've recently published a REC on Application State, and are headed for something on API Minimization HT: He said, that we've published some things that weren't well timed to affect last year's work. Things like Storage and API work in the TAG could be focused on impacting html.next HT: Those should feed in early to improve the chance of impact PLH: There is very low interest in the WebApps WG in working on the Web Storage API ... But it will go forward simply because it is so widely used, even though there is a widely known bug, in the area of concurrent access to the API PLH, AM: The bug is called out in the current spec. draft, in fact PLH: Momentum is moving toward IndexDB AM: People have been saying that Web Storage is a very simple API, IndexDB is more complicated, they don't need that complexity. PLH: It will get done, but it won't get improved or extended NM: The TAG has discussed the whole question of client-side storage, and whether we should gear up to look at this area ... The Web started out pretty stateless, then along came cookies, and now various forms of client-side persistent data, Web Storage, IndexDB, etc. . . ... I think the TAG's concern should be at the architectural level, comparing these mechanisms to a local HTTP caching proxy ... and looking at the question of accessing it via an index rather than a URI ... We need to find out what people want from these, that they can't get from a caching proxy ... and maybe feed back to developers ... So even if Web Storage isn't complicated, or likely to be extended, there may be work for the TAG to do AM: In our recent discussion, we looked also at the relation of App Cache to Web Storage NM: Not sure how much we need to devote to this going forward ... but without more evidence of new ideas, we may have to reconsider using f2f time ... Thank you Philippe for joining us F2F Planning <noah> List of topics: [23]http://www.w3.org/2001/tag/2012/01/04-agenda.html#agendaInProgress NM: Embedded in agenda format, but focus on timeline fixed points, and Working List of Agenda Items AM: 11:30 end on Friday? NM: No, usual goal -- aim for 4 p.m. ... What's up with Privacy? AM: Not yet connected with DA on this AM: I have written a short doc't, arguing that although the W3C now has a Do Not Track WG, there are other problem areas which are worrying ... But it's not clear what W3C can do in these areas ... Perhaps W3C should make a few statements on such things: Net Neutrality, ??? NM: Maybe this will fit in no problem, will see how the schedule goes JT: Previous agenda discussion included, wrt Publishing and Agenda on the Web, there is now probably not going to be a new document, because we haven't had any legal input ... But we did talk about having a brainstorming session on what kinds of punchy short outputs we should aim for ... This is a good thing for f2f HST: +1 AM: +1 ... Also need to think about how they should be delivered NM: Right, I'll plan to do that ... Aiming to wrap the agenda in the coming week, please note JT: I would like to have a brief slot to bring us up to date on the Microdata/RDFa situation NM: 30 minutes? JT: Yes NM: 10 minute update, 20 minute discussion JT: I'm not aware of any specific thing we need to do, but did want to report NM: There are several major document promises wrt preparation time before the f2f ... So the sooner the better ... Please get behind this and push if you're on the hook ACTION-509, Response to RDFa WG NM: Are we good to go here? JT: Yes, given recent agreement to the amended wording, I think we're ready to go NM: No objections? None. <noah> Can we record a resolution pointing to the email with the agreed text? JT: I'll go ahead then <noah> Since this is communication with an outside group <JeniT> Final email in thread is [24]http://lists.w3.org/Archives/Public/www-tag/2011Dec/0077.html RESOLUTION: TAG agrees that Jeni Tennison will send the text in [25]http://lists.w3.org/Archives/Public/www-tag/2011Dec/0026.html to the RDFa WG and thereby close ACTION-509 <JeniT> In some of the examples below we have used IRIs with fragment identifiers that are local to the document containing the RDFa fragment identifiers shown (e.g., 'about="#me"'). This idiom, which is also used in RDF/XML [RDF-SYNTAX-GRAMMAR] and other RDF serializations, gives a simple way to 'mint' new IRIs for entities described by RDFa and therefore contributes considerably to the expressive power of RDFa. The precise meaning of IRIs which include fragment identifiers when they appear in RDF graphs is given in Section 7 of [RDF-CONCEPTS]. To ensure that such fragment identifiers can be interpreted correctly, media type registrations for markup languages that incorporate RDFa should directly or indirectly reference this specification (RDFa Core). ACTION-631 Microdata referenced from HTML5 spec <noah> ACTION-631? <trackbot> ACTION-631 -- Jeni Tennison to suggest how is best to deal with explicit reference to only Microdata (not RDFa) from HTML spec -- due 2011-11-18 -- PENDINGREVIEW <trackbot> [26]http://www.w3.org/2001/tag/group/track/actions/631 NM: Near consensus that not much needs to be done JT: At the moment the HTML5 spec mentions neither Microdata or RDFa ... But that means there's no FYN route from the soon-to-be text/html media type definition to either of these <Larry> maybe this belongs in the MIME document NM: No action on FYN for HTML5, I don't think HST: I think this needs to be against HTML5 - unconvinced focusing on mime doc now is the right way to go JT: I'll take an action LM: I'd like to help <Larry> I think we need to address the issue of media type registration in the compound specifications and media type registration and use.... NM: Due date just ahead of the f2f, so at least we can discuss this there by expanding the microdata nd RDFa session JT: It might also make sense to discuss it in the HTML.next session, as it's larger than just microdata and RDFa NM: Doesn't really fit with HTML.next -- time frame wrong, for one thing JT: It was mostly that I was hoping PLH would be there NM: OK, I'll expand both the time slot and the topic for what was called above the Microdata and RDFa reporting session <noah> ACTION: Jeni with help from Larry to make plan of action for getting "follow your nose" for (at least) microdata and RDFA from HTML5 Due: 2 January 2012 [recorded in [27]http://www.w3.org/2001/tag/2011/12/15-minutes.html#action02] <trackbot> Created ACTION-642 - With help from Larry to make plan of action for getting "follow your nose" for (at least) microdata and RDFA from HTML5 Due: 2 January 2012 [on Jeni Tennison - due 2011-12-22]. <noah> ACTION-642 Due 2012-01-02 <trackbot> ACTION-642 With help from Larry to make plan of action for getting "follow your nose" for (at least) microdata and RDFA from HTML5 Due: 2 January 2012 due date now 2012-01-02 NM: So, close ACTION-631? <noah> close ACTION-631 <trackbot> ACTION-631 Suggest how is best to deal with explicit reference to only Microdata (not RDFa) from HTML spec closed <noah> ACTION-614? <trackbot> ACTION-614 -- Jeni Tennison to report on progress relating to RDFa and Microdata -- due 2011-12-15 -- OPEN <trackbot> [28]http://www.w3.org/2001/tag/group/track/actions/614 <noah> ACTION-614 Due 2012-01-06 <trackbot> ACTION-614 Report on progress relating to RDFa and Microdata due date now 2012-01-06 Pending review actions <noah> [29]http://www.w3.org/2001/tag/group/track/actions/pendingreview <noah> ACTION-528? <trackbot> ACTION-528 -- Henry Thompson to create and get consensus on a product page and tracker product page for persistence of names -- due 2011-11-29 -- PENDINGREVIEW <trackbot> [30]http://www.w3.org/2001/tag/group/track/actions/528 HST: Was planning to discuss minutes of the workshop today, but someone asked for more time ACTION-588? <trackbot> ACTION-588 -- Noah Mendelsohn to work with Larry to update mime-web product page Due 2011-08-18 -- due 2011-12-13 -- PENDINGREVIEW <trackbot> [31]http://www.w3.org/2001/tag/group/track/actions/588 Overtaken by ACTION-636 (Noah successfully fobs this off on Larry). Marking PENDING REVIEW. close ACTION-588 <trackbot> ACTION-588 Work with Larry to update mime-web product page Due 2011-08-18 closed ACTION-625? <trackbot> ACTION-625 -- Noah Mendelsohn to schedule followup discussion of [32]http://www.w3.org/wiki/HttpRange14Options (per agreement in Santa Clara) -- due 2011-12-21 -- PENDINGREVIEW <trackbot> [33]http://www.w3.org/2001/tag/group/track/actions/625 HST: There is a plan we hatched in Edinburgh, JAR will be letting us all know about it <noah> Include ACTION-625 in F2F agendum on URI Definition Discovery -- new work to be available for discussion <noah> ACTION-639? <trackbot> ACTION-639 -- Noah Mendelsohn to invite Mark Nottingham to SPDY/HTTP F2F session -- due 2011-12-15 -- PENDINGREVIEW <trackbot> [34]http://www.w3.org/2001/tag/group/track/actions/639 <noah> close ACTION-639 <trackbot> ACTION-639 Invite Mark Nottingham to SPDY/HTTP F2F session closed Overdue actions <noah> ACTION-560? <trackbot> ACTION-560 -- Henry Thompson to review HTML polyglot last call Due 2011-06-06 -- due 2011-12-06 -- OPEN <trackbot> [35]http://www.w3.org/2001/tag/group/track/actions/560 HST: Some progress behind the scenes, but nothing definite to report on yet ACTION-560 due 2011-12-20 <trackbot> ACTION-560 Review HTML polyglot last call Due 2011-06-06 due date now 2011-12-20 <noah> ACTION-635? <trackbot> ACTION-635 -- Henry Thompson to update product page for Frag IDS and Mime types, to include realistic goals and dates -- due 2011-12-08 -- OPEN <trackbot> [36]http://www.w3.org/2001/tag/group/track/actions/635 HST: I'll scope a session on this for the f2f, in case it's needed ACTION-635 due 2011-12-20 <trackbot> ACTION-635 Update product page for Frag IDS and Mime types, to include realistic goals and dates due date now 2011-12-20 HST: The updated page will not promise anything in time for the f2f <noah> [37]http://www.w3.org/2001/tag/group/track/actions/overdue?sort=owner <noah> ACTION-501? <trackbot> ACTION-501 -- Ashok Malhotra to follow up on whether GeoLocation finds reasonable answer on giving permission per site/app etc [self-assigned] -- due 2011-12-06 -- OPEN <trackbot> [38]http://www.w3.org/2001/tag/group/track/actions/501 <noah> ACTION-633? <trackbot> ACTION-633 -- Ashok Malhotra to drive TAG review of Geolocation last call Due 2011-12-06 -- due 2011-12-06 -- OPEN <trackbot> [39]http://www.w3.org/2001/tag/group/track/actions/633 NM: It really matters that Product pages really need to tell the truth about when substantial documents will be forthcoming AM: I think these are done, I sent email about them, saying the spec. looked OK to me and no action was required <noah> NM: Right, we need that especially as input to the F2F...otherwise we will burn time there editing the product pages to reflect earlier decision <Larry> +1 <noah> close ACTION-501 <trackbot> ACTION-501 Follow up on whether GeoLocation finds reasonable answer on giving permission per site/app etc [self-assigned] closed <noah> close ACTION-633 <trackbot> ACTION-633 Drive TAG review of Geolocation last call Due 2011-12-06 closed AM: I've done my half of ACTION-634 <noah> ACTION-634? <trackbot> ACTION-634 -- Noah Mendelsohn to with help from Noah to publish [40]http://www.w3.org/2001/tag/doc/IdentifyingApplicationState-20111130 as a TAG Finding -- due 2011-12-20 -- OPEN <trackbot> [41]http://www.w3.org/2001/tag/group/track/actions/634 AM: Waiting on NM for the other half <Larry> I will bump the dates on my open actions <noah> ACTION-632? <trackbot> ACTION-632 -- Ashok Malhotra to frame issues around client-side storage work Due 2011-12-06 -- due 2011-12-06 -- OPEN <trackbot> [42]http://www.w3.org/2001/tag/group/track/actions/632 NM: I do want to talk about this at the f2f, so need it before then <noah> ACTION-632 Due 2012-01-02 <trackbot> ACTION-632 Frame issues around client-side storage work Due 2011-12-06 due date now 2012-01-02 LM: I have been working on xxx, and would welcome review from everyone <Larry> i've been making good progress, i'm ready for 1-1 review of the document i'm working on, but not in a mode where you read something and give me feedback days later... NM: Adjourned <Larry> i posted a couple of "uncool URLs must change" links <Larry> and HTTP status cats as a new registry <ht> +1 for HTTP status cats Summary of Action Items [NEW] ACTION: Jeni with help from Larry to make plan of action for getting "follow your nose" for (at least) microdata and RDFA from HTML5 Due: 2 January 2012 [recorded in [43]http://www.w3.org/2001/tag/2011/12/15-minutes.html#action02] [NEW] ACTION: Noah to try and find list of review issues relating to HTML5 from earlier discussions [recorded in [44]http://www.w3.org/2001/tag/2011/12/15-minutes.html#action01] __________________________________________________________________ Minutes formatted by David Booth's [45]scribe.perl version 1.135 ([46]CVS log) $Date: 2011/12/20 10:55:19 $ References 1. http://www.w3.org/ 2. http://www.w3.org/2001/tag/2011/12/15-agenda.html 3. http://www.w3.org/2011/12/15-tagmem-irc 4. http://www.w3.org/2001/tag/2011/12/15-minutes.html#agenda 5. http://www.w3.org/2001/tag/2011/12/15-minutes.html#item01 6. http://www.w3.org/2001/tag/2011/12/15-minutes.html#item02 7. http://www.w3.org/2001/tag/2011/12/15-minutes.html#item03 8. http://www.w3.org/2001/tag/2011/12/15-minutes.html#item04 9. http://www.w3.org/2001/tag/2011/12/15-minutes.html#item05 10. http://www.w3.org/2001/tag/2011/12/15-minutes.html#item06 11. http://www.w3.org/2001/tag/2011/12/15-minutes.html#item07 12. http://www.w3.org/2001/tag/2011/12/15-minutes.html#item08 13. http://www.w3.org/2001/tag/2011/12/15-minutes.html#item09 14. http://www.w3.org/2001/tag/2011/12/15-minutes.html#ActionSummary 15. http://www.w3.org/2001/tag/2011/12/08-minutes 16. https://lists.w3.org/Archives/Member/tag/2011Dec/0004.html 17. http://www.w3.org/2001/tag/2012/01/04-agenda 18. http://www.w3.org/2001/tag/group/track/actions/637 19. http://www.w3.org/wiki/HTML/next 20. http://security.sys-con.com/node/1544072 21. http://www.enisa.europa.eu/act/application-security/web-security/a-security-analysis-of-next-generation-web-standards 22. http://www.w3.org/2001/tag/2011/12/15-minutes.html#action01 23. http://www.w3.org/2001/tag/2012/01/04-agenda.html#agendaInProgress 24. http://lists.w3.org/Archives/Public/www-tag/2011Dec/0077.html 25. http://lists.w3.org/Archives/Public/www-tag/2011Dec/0026.html 26. http://www.w3.org/2001/tag/group/track/actions/631 27. http://www.w3.org/2001/tag/2011/12/15-minutes.html#action02 28. http://www.w3.org/2001/tag/group/track/actions/614 29. http://www.w3.org/2001/tag/group/track/actions/pendingreview 30. http://www.w3.org/2001/tag/group/track/actions/528 31. http://www.w3.org/2001/tag/group/track/actions/588 32. http://www.w3.org/wiki/HttpRange14Options 33. http://www.w3.org/2001/tag/group/track/actions/625 34. http://www.w3.org/2001/tag/group/track/actions/639 35. http://www.w3.org/2001/tag/group/track/actions/560 36. http://www.w3.org/2001/tag/group/track/actions/635 37. http://www.w3.org/2001/tag/group/track/actions/overdue?sort=owner 38. http://www.w3.org/2001/tag/group/track/actions/501 39. http://www.w3.org/2001/tag/group/track/actions/633 40. http://www.w3.org/2001/tag/doc/IdentifyingApplicationState-20111130 41. http://www.w3.org/2001/tag/group/track/actions/634 42. http://www.w3.org/2001/tag/group/track/actions/632 43. http://www.w3.org/2001/tag/2011/12/15-minutes.html#action02 44. http://www.w3.org/2001/tag/2011/12/15-minutes.html#action01 45. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm 46. http://dev.w3.org/cvsweb/2002/scribe/ -- Henry S. Thompson, School of Informatics, University of Edinburgh 10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440 Fax: (44) 131 650-4587, e-mail: ht@inf.ed.ac.uk URL: http://www.ltg.ed.ac.uk/~ht/ [mail from me _always_ has a .sig like this -- mail without it is forged spam]
Received on Tuesday, 20 December 2011 11:36:14 UTC