W3C

TAG Weekly

14 Nov 2006

Agenda

See also: IRC log

Attendees

Present
noah, Raman, Dave_Orchard, Vincent, DanC, Ht, Norm, Ed_Rice, TimBL
Regrets
Chair
VQ
Scribe
DanC

Contents


Convene, admin

<scribe> Scribe: DanC

PROPOSED: to met 21 Nov

NM: regrets 21 Nov

HT: regrets 21 Nov. backplane meeting

PROPOSED: to meet 21 Nov, Ed to scribe
... to accept http://www.w3.org/2001/tag/2006/11/07-minutes.html as a true record
... to accept http://www.w3.org/2001/tag/2006/11/07-minutes.html as a true record, after making the ammendment Noah requested

<timbl> ok by me

RESOLUTION: to accept http://www.w3.org/2001/tag/2006/11/07-minutes.html as a true record, after making the ammendment Noah requested

(minutes Nov 7 are dated 2006/11/14 18:09:46 )

RESOLUTION: to meet 21 Nov, Ed to scribe

"Face-to-face meeting, 11-13 Dec. 2006, Cambridge, MA, USA, hosted by MIT" -- http://www.w3.org/2001/tag/

TV: I'm at risk for the Dec ftf

<Norm> My current plan is to attend 12, 13 in person and on 11 by phone, if possible

Issue metadataInURI-31

VQ: so we have a draft of 7 Nov, and action on DanC and Ed to review

NM: section 2.8 was rewritten

VQ: I note discussion of dates in W3C URIs

NM: I saw review comments from Ed...
... about strengthening the story from save-as to running it. [?]

[odd... I see 2 URIs. ./malicious.exe and ./moviestar.jpg ]

<DanC_> The use of Metadata in URIs DRAFT TAG Finding 07 November 2006

DC: I see 2 URIs... ./malicious.exe and ./moviestar.jpg

NM: that's the 2nd example; look at the 1st

DC: what's the URI in the 1st example?

NM: there isn't a specific URI in the 1st example

DC: then it's too abstract already for somebody, like me, who isn't reading all that carefully

<dorchard> this is section 2.8?

<timbl> ... <img src="./moviestar.exe"/>

<timbl> ... <img src="./moviestar.exe"/> served as image/jpeg

NM: so I see 2 ways to mitigate the risk:
... (1) what safari does, use the mime type to make a filename of moviestar.exe.jpeg
... (2) warn that saving as .exe won't preserve the mime type

Ed: just recently I saw a link to an RSS feed that came up as text.

TimBL: what was the media type?

Ed: text

TimBL: then the browser was doing it right; if that's not what the author meant, he should have used a different media type; see webarch and/or "authoritative metadata" finding

<timbl> 1. The URI ends in .exe

<timbl> 2. The contrn typ eis image/jpeg

<timbl> 3. So the image works ina browser

<timbl> 4. the server saves it

TV: so I see (1) and (2); it's better to advise one over the other, no?

<timbl> 4. The users saves it with "save image to desktop"

<timbl> 5. the user clicks on it in the desktop and the thing runs as a file

NM: so is the GPN OK?

DC: it's too complicated; just say "when saving to filesystems that use extensions to represent media types, user agents must choose an extension that is constistent with the media type from the representation"

Ed: is that a rfc2119:MUST ?

DanC: yes

TimBL: most operating systems let you rename it
... if you accept that your warrantee is void

DanC: well, that's separate

<scribe> ACTION: NM to rework metadataInURI 1st example to be more explicit as per Tim's suggestion above, and update GPN per Dan's suggestion [recorded in http://www.w3.org/2006/11/14-tagmem-irc]

<DanC_> (did he say keep the 2nd example? I haven't looked at it.)

NM: I have gotten comments on other parts of the document...
... ok to change "create" to "assign"?

TBL: where is that comment?

NM: Stuart has advised against "authority" all over the document; I think he's accepted that different editors would say it differently

<noah> Note from Ed Davies:

<noah> http://lists.w3.org/Archives/Public/www-tag/2006Nov/0048.html

NM: Ed Davies 8 Nov wrote about a UK court case
... which we have previously discussed

DanC: I think we treated this in the deep linking finding

HT: no, this is a different case
... we don't have very good sources about this case; we're still awaiting the official record

<Zakim> DanC, you wanted to answer TV's question: (1) is better and to ask if it wasn't the deep linking finding, what did happen to this court case when we last discussed it?

<scribe> ACTION: HT to seek a copy of the official court record of the UK case on ../../ etc. [recorded in http://www.w3.org/2006/11/14-tagmem-irc]

HT: I intended to get a copy before, so yes, let's track it as an action now

TimBL: I don't see this metadata in URI finding saying anything terribly relevant to the UK case

<scribe> DONE: Review security section on risks of serving executables as .jpeg to metadataInURI draft.

<scribe> ACTION: Ed to Review security section on risks of serving executables as .jpeg to metadataInURI draft. [DONE] [recorded in http://www.w3.org/2006/11/14-tagmem-irc]

NM: I don't see much opportunity to make progress until ftf prep; ETA 4 Dec

<scribe> ACTION: DanC to Review security section on risks of serving executables as .jpeg to metadataInURI draft. [CONTINUES] [recorded in http://www.w3.org/2006/11/14-tagmem-irc]

<ht> http://www.ltg.ed.ac.uk/~ht/malicious.html illustrates the case Noah describes in http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061107.html

<ht> Firefox's treatment is actually sub-optimal

Issue namespaceDocument-8

<scribe> ACTION: NW, accepted on 12 Jul 2005: follow up on Noah's message on ns name. Reconfirmed on 10 Jan 2006. [WITHDRAWN] [recorded in http://www.w3.org/2006/11/14-tagmem-irc]

<scribe> ACTION: NW to propose to Jonathan Borden that he changes to using a file of Natures. [CONTINUES] [recorded in http://www.w3.org/2006/11/14-tagmem-irc]

<Zakim> DanC, you wanted to ask a fairly meaty question about GRDDL and namespaces and media types that I sent to www-tag

<DanC_> follow your nose from XML documents to namespace documents? xmlFunctions-34, nsMediaType-3, RDFinXHTML-35

<noah> ScribeNick: noah

DC: Shows a document containing RDF but served application/xml
... The RDF gives a privacy policy
... Has the author issued a privacy policy, or just said "look at these tags"?
... I think I like the former, in part because there's a lot of stuff already deployed that way.

<timbl> I vote (1)

DC: excerpt from XML Media Type spec:

An XML document labeled as text/xml or application/xml might contain

namespace declarations, stylesheet-linking processing instructions

(PIs), schema information, or other declarations that might be used

to suggest how the document is to be processed.

For example, a

document might have the XHTML namespace and a reference to a CSS

stylesheet. Such a document might be handled by applications that

would use this information to dispatch the document for appropriate

processing.

<Zakim> DanC, you wanted to bring up another case, http://www.w3.org/2001/sw/grddl-wg/td/testlist3#xslt_literal_result

<DanC> looking at http://www.w3.org/2001/sw/grddl-wg/td/litres.xml

<DanC> Content-Type: application/xml; qs=0.9

<ht> Windows has the following information about this MIME type. This page will help you find software needed to open your file.

<ht> MIME Type: application/rdf xml

<timbl> Content-Location: testlist3.rdf

<timbl> Vary: negotiate,accept

NW: What's your question?

DC: How many triples are here?
... RDF parser is unhappy with this.

TBL: If the parser supported XML functions would it be unhappy?

DC: What does that mean?

TBL: When you get to a subtree you don't recognize, you look up namespace to get specs.

NW: Tim, you'd like it to work that way, but there's no spec for that.

<timbl> <t:Test r:about="#loop">

<Norm> We're looking at this: http://www.w3.org/2001/sw/grddl-wg/td/litres.xml

<timbl> http://www.w3.org/2001/sw/grddl-wg/td/testlist3

TBL: I did a curl -i on it and it said it was RDF.

DC: OK
... There are two tests in there.
... this won't parse due to last dc:description.
... if you knew to run XSLT first, you'd "win", but there don't seem to be enough keys to make that happen

NW: insteresting question which processing should happen first.

DC: It's a mixin?

HT: It is and it isn't.

<Norm> q_

HT: That use of XML breaks compositionality. It's in that sense outside the rules, and the fact that it causes problems is not surprising.
... In this case, the function of the whole is not the sum of the meaning of the parts. Not context free in the usual way.
... To understand the meaning of the document by working bottom up.

TBL: Bottom up.

DC: If it's compositional, it works either way.

<DanC> (he said, glibly, before wondering if he was right)

<noah_> (Noah thinks that in general top down provides the context for the inner parts, as in <dontTrust><x>...</x></dontTrust>

TBL: If it were anything other than RDF, I would propose that when the RDF parser gets down to the dc:description,it would look up the namespace, e.g. to embed an encrypted piece. Works "fine" for other XML dialects.

<Norm> I was going to say that xsl:version wasn't designed as a mixin; it was designed to tell the XSLT processor what to do, not to imply that you could or should send it to an XSLT processor. But I'm not sure that distinction is relevant on further consideration.

<DanC> (wow... tim is blowing my mind, taking the side of "XSLT is working here; RDF is not doing the clean thing.")

TBL: Problem is that RDF claims to tell you the semantics of anything you put in there. There's no extensibility in that sense.

HT: Here's an example where it's different.
... XSTL stylesheets themselves break compositionality, and we've known that for years.
... You write things like <P> knowing that the contents are not the contents of a paragraph. They are result elements. XSLT is a meta lanuage that has implicit quoting all over the place.

<DanC> ("my functional xml paper" ... pointer, ht?)

<DanC> (I find http://www.idealliance.org/xmlusa/05/call/xmlpapers/243.198/.243.html Functional XML: A preliminary sketch HT )

TBL: Nothing wrong with that, because you start from the top.

<noah_> (Noah notes that what Tim is saying is precisely why Noah said above that top down is the only right way to look at it.)

TVR: In XSLT, everything but the XSLT namespace is implicitly quoted.

HT: But there are lots of XSLT elements that can contain either quoted or non-quoted things. Not clear it's entirely equivalent to backquoting.

NW: There are <xsl:element>, <xsl:attribute> and you could use them everywhere. Arguably that's what <p>

DC: So I'm hearing first case leaves things looking reasonably clean as far as sniffing for RDF, but the 2nd case still seems to have dragons lurking.

<ht> [FYI, both Protege 3.1 and SWOOP 2.3 throw exceptions when given Dan's second URI. . .

DC: If I put a "parse type"(? scribe's not sure about this) we'd incorrectly blow past the XSL.

<DanC> (well, we'd blow past; whether correct or not is the issue.)

<Norm> If we put "parseType='XMLLiteral'" is what Dan meant

Tim: [missed]

HT: Xinclude is another example.

<DanC> (no smiley required, Norm; in the GRDDL WG, we've got an open action to make a test case of using an XML Pipeline in place of an XSLT transformation.)

<DanC> (it's becoming reasonably clear that people do consider that this xmlFunctions-34 does cover this discussion, so I don't need nsMediaType-3 re-opened)

<DanC> ScribeNick: DanC

<scribe> ACTION: HT to track progress of #int bug 1974 in the XML Schema namespace document in the XML Schema WG. [CONTINUES] [recorded in http://www.w3.org/2006/11/14-tagmem-irc]


. TBL, accepted on 5 Oct 2006: with Norm, draft semantic web architecture stories and such.

<scribe> ACTION: NDW to draft semantic web architecture stories and such [recorded in http://www.w3.org/2006/11/14-tagmem-irc]

NDW: I hope to have something for the ftf, but it's risky

<scribe> (new version of which? I have fallen behind)

(which finding, NDW?)

Issue passwordsInTheClear-52

VQ: looks like we'll postpone passwordsInTheClear-52 to next time

<timbl> passwords in the clear ok where?

<DanC_> e.g. on local networks

<DanC_> it's hard to get the scope of passwordsInTheClear clear while keeping it front-side-of-one-page

Summary of Action Items

[NEW] ACTION: HT to seek a copy of the official court record of the UK case on ../../ etc. [recorded in http://www.w3.org/2006/11/14-tagmem-irc]
[NEW] ACTION: NDW to draft semantic web architecture stories and such [recorded in http://www.w3.org/2006/11/14-tagmem-irc]
[NEW] ACTION: NM to rework metadataInURI 1st example to be more explicit as per Tim's suggestion above, and update GPN per Dan's suggestion [recorded in http://www.w3.org/2006/11/14-tagmem-irc]
 
[PENDING] ACTION: DanC to Review security section on risks of serving executables as .jpeg to metadataInURI draft. [recorded in http://www.w3.org/2006/11/14-tagmem-irc]
[PENDING] ACTION: HT to track progress of #int bug 1974 in the XML Schema namespace document in the XML Schema WG. [recorded in http://www.w3.org/2006/11/14-tagmem-irc]
[PENDING] ACTION: NW to propose to Jonathan Borden that he changes to using a file of Natures. [recorded in http://www.w3.org/2006/11/14-tagmem-irc]
 
[DONE] ACTION: Ed to Review security section on risks of serving executables as .jpeg to metadataInURI draft. [recorded in http://www.w3.org/2006/11/14-tagmem-irc]
 
[DROPPED] ACTION: NW, accepted on 12 Jul 2005: follow up on Noah's message on ns name. Reconfirmed on 10 Jan 2006. [recorded in http://www.w3.org/2006/11/14-tagmem-irc]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.127 (CVS log)
$Date: 2006/11/15 14:30:52 $