- From: Jonathan A Rees <rees@mumble.net>
- Date: Sun, 23 Sep 2012 11:52:59 -0400
- To: www-tag@w3.org, "Henry S. Thompson" <ht@inf.ed.ac.uk>
Draft minutes of 20 September 2012 TAG telcon available here:
http://www.w3.org/2001/tag/2012/09/20-minutes.html
and in plain text below.
I edited these minutes substantially in order to improve their
readability. Henry, I'd especially like for you to check what I did
with your IRC and audio comments made during the registerXXHandler
discussion.
I took the liberty of changing 'xxx' (adult content?) to 'xx' (beer?)
throughout, to help avoid spurious search engine hits.
Jonathan
[1]W3C
[1] http://www.w3.org/
- DRAFT -
This is version has not been approved as a true record of the
TAG's meeting and there is some risk that individual TAG
members have been misquoted. This transcript should typically
not be quoted, except as necessary to arrange for correction
and approval.
Technical Architecture Group Teleconference
20 Sep 2012
[2]Agenda
[2] http://www.w3.org/2001/tag/2012/09/20-agenda.html
See also: [3]IRC log
[3] http://www.w3.org/2012/09/20-tagmem-irc
Attendees
Present
Yves_Lafon, Peter_Linss, Ashok_Malhotra, Larry_Masinter,
Noah_Mendelsohn, Jonathan_Rees, Henry_S_Thompson
Regrets
Chair
Larry Masinter
Scribe
Jonathan Rees
Contents
* [4]Topics
1. [5]Administrative
2. [6]registerXXHandler features in HTML5
3. [7]Objectives matrix
4. [8]Governance framework
5. [9]Testing web performance and URLs
6. [10]IRI interoperability and scheme registration rules
7. [11]Publishing and Linking on the Web review
solicitation
8. [12]F2F planning - issues list
* [13]Summary of Action Items
__________________________________________________________
<scribe> scribenick: jar
<scribe> scribe: Jonathan Rees
Date: 20 Dep 2012
Administrative
<Larry> are there any minutes to approve?
<Yves>
[14]http://lists.w3.org/Archives/Public/www-tag/2012Sep/0019.ht
ml
[14] http://lists.w3.org/Archives/Public/www-tag/2012Sep/0019.html
Minutes of the 13th =
[15]http://www.w3.org/2001/tag/2012/09/13-minutes.html
[15] http://www.w3.org/2001/tag/2012/09/13-minutes.html
ashok: draft minutes of the 13th look OK
RESOLUTION: Draft minutes of the 13th approved as a record of
that meething by acclaim
<Larry> i will note that i personally blogged
[16]http://blogs.adobe.com/standards/2012/09/19/governance-and-
standards/
[16] http://blogs.adobe.com/standards/2012/09/19/governance-and-standards/
yves: Publishing & linking WD has been published and announced.
ashok: No comments yet, right?
<Larry> F2F meeting all set?
<Larry> logistical?
discussion of hotel
<Larry> everyone set on logistics for London F2F
<Larry> i have a couple of topics to talk about today
Review of agenda items added by chair
<Larry> new agenda items: web+ and registerXXHandler
<Larry> new agenda item: governanceFramework, and timely news
<Larry> new agenda item: testing the web and performance and
urls
<Larry> new agenda item: IRIs and URL
registerXXHandler features in HTML5
[In editing the minutes the scribe has reordered contributions
in an attempt to make the proceedings easier to reconstruct.
Much of the conversation was in IRC instead of voice due to
audio and scribing difficulties.]
<Larry> registerProtocolHandler
lm: gmail wants to say, when you see a mailto: URL, go to
gmail, passing the parameters
... this is supposed to change the [operating] system so that
from now on mailto: URLs are handled by gmail
... There was an issue in the HTML WG - they were concerned
about security.
... Some schemes would be bad to redefine. So, whitelist or
blacklist?
... A: We don't know... so we're going to have a whitelist...
... and in order to make the whitelist open-ended, include all
scheme names beginning web+
... There's a browser dialog [as a protection measure]
... There was a procedural question, how to have new URI
schemes, without registering with IETF?
<Larry>
[17]http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep
/
[17] http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep/
<Larry> looking at thread on "web+ and registerProtocolHandler"
subject thread
(looking up thread)
lm: This looks like the nail in the coffin of the [IANA]
registries [relating to the web]. The IANA URI scheme registry
would be killed by this move.
<Zakim> ht, you wanted to ask all? really?
lm: It's supposed to change the entire OS.
ht: The issue was in whatwg, are you sure it's an html5
feature/issue?
<Larry>
[18]http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep
/
[18] http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep/
<Larry>
[19]http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep
/0000.html
[19] http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep/0000.html
<Larry>
[20]http://lists.w3.org/Archives/Public/public-html/2012Aug/011
5.html
[20] http://lists.w3.org/Archives/Public/public-html/2012Aug/0115.html
ht: I can't find it in the HTML5 bug tracker.
<Larry> [21]http://www.w3.org/html/wg/tracker/issues/189
[21] http://www.w3.org/html/wg/tracker/issues/189
ht: OK
<noah> Should I be worried that [issue 189 is] closed?
<Larry> [See]
[22]http://dev.w3.org/html5/spec/system-state-and-capabilities.
html#custom-handlers
[22] http://dev.w3.org/html5/spec/system-state-and-capabilities.html#custom-handlers
lm: My conclusion is that web+ was a red herring... the real
issue is not 189, but section 6.5.1.2, see the link.
... register-content-handler has a blacklist only ...
... with an install security dialog
noah: I see this as attempting, in the API, a way to express an
intention.
... This seems to be in that spirit, where the application is
packaged as a web app
... just as photoshop might say, I think I'm a good handler for
media type M.
... so it's ok for the spec to not say much about this.
lm: Any application can install media type handlers.
... It's not appropriate; it's poorly defined and has the wrong
security model
... and reduces the motivation [to nil] for ever registering a
URI scheme.
<noah> Ah, OK, so you're not pushing hard against what they're
>trying< to do, just suggesting that it's either
under-specified and/or has an insufficient security story
am: Why [does it reduces the motivation for registering a URI
scheme]?
lm: There's lots of unregistered schemes and types anyway, but
[before this] there was hope [that they might eventually be
registered].
... But now the web site has the authority to modify the OS.
<noah> The browser routinely does this stuff for file types
that the browser handles directly, including at least HTML, but
also XML, or even JPG.
<noah> The difference here is that the browser will not handle
things with its own (somewhat trusted) code.
am: Are you nervous that someone could screw with my browser?
... [What are the] attacks?
lm: This changes security model: it used to be you could scan
for viruses, but with the new feature, you're trusting the site
dynamically into the future.
... In this workflow, the registry adds no value.
<Larry> My conclusion is this is the nail in the coffin for
IANA registries for URI schemes & media types.
<ht_home> I think there's nothing here [in the draft] about
scope -- temporal, or web/scope.
<ht_home> I.e. for how long? For which pages?
<noah> I infer it's sort of scoped to my desktop or phone or
tablet.
<noah> Is that what you mean?
<ht_home> Yes.
<ht_home> And what about conflict?
<ht_home> [What if] several sites all try to register a
handler?
<noah> I assume that's up to the OS (it can do what it wants),
but typically [it would last] until explicitly changed.
<noah> That's how setting handlers for JPG or e-mail typically
works.
<Larry> [In]
[23]http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep
/0033.html , Robin says: "this is intended to be system-wide"
[23] http://lists.w3.org/Archives/Public/public-ietf-w3c/2012Sep/0033.html
<ht_home> That's what it [?] does!
<ht_home> No, no no [scribe: HT was muted here due to audio
difficulties; not clear to what this was in reference]
am: Who is registering what?
<noah> I assume, the canonical use case is something like:
"GMail is my mail handler, Google Voice does my phone dialing,
etc."
<ht_home> Yes NM, but at least [in the pre-HTML5 status quo]
they installed the App.
lm: This is a call on the OS to register a scheme or media type
with the OS for the indefinite future.
<Larry> This belongs with an "install" security model and not a
"web" security model.
<Larry> Web sandboxing is inappropriate.
noah: The browser is supposed to act on the user's behalf...
except that maybe some users won't understand. But desktop apps
have the same problem.
lm: I'm not saying it's a horrible thing and it should go away;
it does need a better security, but that it will happen. I'm
just saying that this is the end of the registries.
<Larry> See
[24]http://www.w3.org/2012/05/sysapps-wg-charter.html .
[24] http://www.w3.org/2012/05/sysapps-wg-charter.html
<Larry> Sysapps have a different security model:
<Larry> "The Working Group will focus on those operating system
interactions that cannot be exposed safely to Web applications
executing in the traditional browser security model."
<noah> I'm not convinced that the registries in >this< space,
I.e. which desktop app showed show my photos, were ever a
realistic model.
lm: Let's look at the sysapps [draft] charter...
<noah> Hmm. I thought this [registerXXHandler] is for apps that
>are< in the traditional browser security model, and sysapps
are for ones that aren't.
lm: the wording in the charter applies
<ht_home> NONONO
<ht_home> Not a web app [scribe: in the sense of sysapps]!
<ht_home> All that happens is a [different] URI is fetched.
[due to substitution]
<noah> Right, but typically I register something with a lot of
Javascript that is a web app
ht: No web app, no installation, no javascript, just [URI]
substitution.
... Any javascript is going to be subject to [the usual]
cross-site constraints.
... I see no evidence in the spec that it's a request to the OS
to change what it does.
lm: The spec doesn't say, but as implemented this is how it
works.
<Larry> image/jpg is blacklisted, but image/jpeg2000 isn't
noah: Once the OS is modified, it's possible that when I click,
[the OS] might launch some web app, but that's subject to
sandboxing.
... so [there is no change in the security model.]
<noah> I'm not seeing why registering such an app changes the
security model. Does it say that registered apps have access to
eg. local files that regular web apps don't?
lm: Clicking will go to some site.
jar: Let's not dive [too deep] into security, LM wanted to talk
about what will happen to the registries.
<Larry> so why bother with IETF APPS area any more?
<noah> I can see why we would want this coordinated with the
SysApps stuff, I'm less clear why anyone thinks a registry
could work in this space, whether for webapps, native or both?
lm: [Because] if you want to do a new SIP, there's no point in
bothering with IETF any more, you just build an app and
register a protocol handler.
<noah> What would such a registry have, that GIMP is the
world's handler for JPEG and Photoshop isn't? :-)
<Larry> I was starting to understand Hannes's "death of
protocols" point.
<ht_home> I do want to get clarification on how they think the
HTML5 spec. can change the OS.
<ht_home> I think we do need to discuss this at the F2F.
lm: I wanted the TAG to reflect on the role of registries in a
world where registerXXHandler is common.
<noah> So what should we do about this, if anything?
lm: It's worth [at least] 1/2 hour at F2F [not to speculate how
much time it is likely to take].
<ht_home> web+ and registerXXHandler
<Larry> gather some URLs from the discussion to queue this up
as an issue
<noah> ACTION: Noah to schedule F2F discussion of XX handler
registration see discussion on 20 Sept. [recorded in
[25]http://www.w3.org/2012/09/20-tagmem-irc]
[25] http://www.w3.org/2012/09/20-tagmem-irc
<trackbot> Created ACTION-739 - Schedule F2F discussion of XX
handler registration see discussion on 20 Sept. [on Noah
Mendelsohn - due 2012-09-27].
Objectives matrix
<noah> ACTION-738?
<trackbot> ACTION-738 -- Noah Mendelsohn to schedule another
discussion of World Wide Web Objectives Matrix per ACTION-726
-- due 2012-09-20 -- OPEN
<trackbot>
[26]http://www.w3.org/2001/tag/group/track/actions/738
[26] http://www.w3.org/2001/tag/group/track/actions/738
<noah> [27]http://www.w3.org/2001/tag/2012/09/13-minutes
[27] http://www.w3.org/2001/tag/2012/09/13-minutes
<Larry> [28]http://www.w3.org/2001/tag/2012/09/action-726
[28] http://www.w3.org/2001/tag/2012/09/action-726
action-726 deferred pending receipt of input
<noah> ACTION-738?
<trackbot> ACTION-738 -- Noah Mendelsohn to only if there's
e-mail news: schedule another discussion of World Wide Web
Objectives Matrix per ACTION-726 -- due 2012-09-25 --
PENDINGREVIEW
<trackbot>
[29]http://www.w3.org/2001/tag/group/track/actions/738
[29] http://www.w3.org/2001/tag/group/track/actions/738
Governance framework
<Larry> action-728?
<trackbot> ACTION-728 -- Noah Mendelsohn to find editor for
copyright and linking after group reviews Ashok's proposals on
stronger messages -- due 2012-07-12 -- CLOSED
<trackbot>
[30]http://www.w3.org/2001/tag/group/track/actions/728
[30] http://www.w3.org/2001/tag/group/track/actions/728
lm: We published P&L, and I blogged about it.
<Larry>
[31]http://blogs.adobe.com/standards/2012/09/19/governance-and-
standards/
[31] http://blogs.adobe.com/standards/2012/09/19/governance-and-standards/
lm: I tried to give various people the elevator pitch about the
governance draft. The blog post is what I came up with up. This
is just a heads-up.
<Larry>
[32]http://www.w3.org/2001/tag/doc/governanceFramework-2012-07-
19.html
[32] http://www.w3.org/2001/tag/doc/governanceFramework-2012-07-19.html
<Larry> we talked about this one
<Larry>
[33]http://www.w3.org/2001/tag/doc/governanceFramework.html
[33] http://www.w3.org/2001/tag/doc/governanceFramework.html
lm: [clarifying] The feedback I got on the governance framework
document was negative. So I tried to explain what I was trying
to do. The outcome was the blog post. I plan to pull the new
introduction (from the blog post) back into a new version of
the framework document.
<Larry> i'll take an action to update in time for F2F
<noah> ACTION: Larry to update the governance frame for Oct F2F
discussion [recorded in
[34]http://www.w3.org/2012/09/20-tagmem-irc]
[34] http://www.w3.org/2012/09/20-tagmem-irc
<trackbot> Created ACTION-740 - Update the governance frame for
Oct F2F discussion [on Larry Masinter - due 2012-09-27].
<noah> ACTION-740?
<trackbot> ACTION-740 -- Larry Masinter to update the
governance frame for Oct F2F discussion -- due 2012-09-27 --
OPEN
<trackbot>
[35]http://www.w3.org/2001/tag/group/track/actions/740
[35] http://www.w3.org/2001/tag/group/track/actions/740
Testing web performance and URLs
Skipping due to time constraints.
IRI interoperability and scheme registration rules
<noah> What's the question on the table for this discussion?
lm: There is progress on URLs in the W3C webapps working group.
<Larry> [and that i'm inarticulate about it]
lm: Hasn't been checked in, but people are doing testing now,
to see what browsers actually do with IRIs.
<noah> So, this is interoperability, not performance (in the
speed sense)?
lm: They're asking, do browsers reverse query parameters or
not? etc.
... That's good. The procedural issue is how to coordinate IETF
and W3C specs better.
<noah> Seems like the topic title is misleading. Should be "IRI
Browser Interoperability"?
lm: The IETF WG has been really quiet. The browser implementors
aren't there.
... Concerned that any work on the scheme registry might be
moot. Will people really register vendor schemes?
noah: Are scheme names to be allowed to be nonascii?
lm: The aim of the registry work was to allow the part after
the scheme name to be defined according to their unicode
sequence rather than ASCII.
... ... this was about making scheme registration easier.
<Larry> making scheme registration easier was a whole theme and
subject of discussion
noah: What were you concerned about in specific?
lm: I wanted to figure out if this is a topic of interest.
<Larry> maybe this is just a heads up if you're interested
noah: (procedural options)
lm: This is a heads-up. We've talked about it a lot, I want to
note that there has been recent activity.
noah: Does this change anything that would be seen on the wire,
or does it only affect how what we see is documented?
lm: the latter... so maybe not as big a deal [as
registerXXHandler]
Publishing and Linking on the Web review solicitation
lm: The google response to the recent video [takedown request]
was a propos the p&l work.
... If we want feedback on p&l, pointing out its relevance to
topical issues would be a way to raise interest in it
noah: If we're going to do this, let's consider the timing -
push it into public light now, or later when we're more sure of
it?
... Your question is, should we solicit feedback, and if so,
from who?
scribe notes departure of HT and AM
<Larry> informally ask at FPWD for feedback, esp from people
who have given us feedback before
yves: We can send issues any time, no formal response required
until last call
<Yves> [There's no need for] no formal accounting until LC
lm: Now that we have a public document, we can start asking
people to review it
... I'm asking TAG members: If you've asked someone to review
it before, please ask them again now.
F2F planning - issues list
<noah> Jonathan, I think I want to ask you about:
<noah> ACTION-692?
<trackbot> ACTION-692 -- Noah Mendelsohn to consider JAR's
april request to discuss, for 10 mins, issues list at oct f2f
-- due 2012-09-10 -- OPEN
<trackbot>
[36]http://www.w3.org/2001/tag/group/track/actions/692
[36] http://www.w3.org/2001/tag/group/track/actions/692
<Larry> action-692?
<trackbot> ACTION-692 -- Noah Mendelsohn to consider JAR's
april request to discuss, for 10 mins, issues list at oct f2f
-- due 2012-09-10 -- OPEN
<trackbot>
[37]http://www.w3.org/2001/tag/group/track/actions/692
[37] http://www.w3.org/2001/tag/group/track/actions/692
<Larry> this sounds like it's subsumed by JAR's matrix
<noah> Well, this is about our formal issues list.
Adjourned.
Summary of Action Items
[NEW] ACTION: Larry to update the governance frame for Oct F2F
discussion [recorded in
[38]http://www.w3.org/2012/09/20-tagmem-irc]
[NEW] ACTION: Noah to schedule F2F discussion of XX handler
registration see discussion on 20 Sept. [recorded in
[39]http://www.w3.org/2012/09/20-tagmem-irc]
[38] http://www.w3.org/2012/09/20-tagmem-irc
[39] http://www.w3.org/2012/09/20-tagmem-irc
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [40]scribe.perl version
1.1 ([41]CVS log)
$Date: 2012/09/23 15:45:55 $
[40] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[41] http://dev.w3.org/cvsweb/2002/scribe/
Received on Sunday, 23 September 2012 15:53:27 UTC