W3C

- DRAFT -

TAG Weekly

2 Jan 2007

Agenda

See also: IRC log

Attendees

Present
Ed, Noah, Norm, Vincent, TimBL, Dave
Regrets
TV, Dan, Henry
Chair
Vincent
Scribe
Norm

Contents


Administrative

Approve minutes of last telcon?

Approved.

Next telcon? 9 Jan 2007

Norm gives regrets for 9 Jan and 16 Jan

TimBL gives probable regrets for 9 Jan

Henry proposed to scribe.

Ed volunteers to back him up.

Vincent proposes to invite Stuart to the 30 Jan telcon

Noah: I think it's appropriate to invite Stuart to begin participating as soon as he's ready.

Vincent: Let's invite him to the 23 Jan call then.

<scribe> ACTION: Vincent to invite Stuart to join us in January [recorded in http://www.w3.org/2007/01/02-tagmem-minutes.html#action01]

Accept this agenda?

Vincent: Noah wanted to discuss the upcoming Web Services workshop, let's do that at the end.

Accepted.

Update on recent actions

Vincent: Ed, you were supposed to get in touch with the Web Security Context WG

Ed: I sent a message this morning.
... No reply yet, nor has it come back from the tag@ list, so perhaps it's delayed.

Vincent reports that he has seen it now.

Vincent: Noah, you were going to update the status in metadataInURI

Noah: I sent a note on 20 Dec

-> http://lists.w3.org/Archives/Member/tag/2006Dec/0088.html

Noah: One reply, but not in the critical path.
... I think it's ready to go
... Two things that could be reviewed: preparation for publication could use review
... I updated the link to one RFC

<noah> Question, is http://www.w3.org/Protocols/rfc2616/rfc2616.html the right link?

Norm proposes: http://www.ietf.org/rfc/rfc2616

Norm: I suggest using tidy -asxml to clean it up for publication.

<scribe> ACTION: Noah to run it through tidy and republish for Vincent to announce. [recorded in http://www.w3.org/2007/01/02-tagmem-minutes.html#action02]

Vincent: Noah can you give us an update on WS for Enterprise Workshop?

Noah: It needs to be submitted by 10 Jan, so we'll have one more call before submission but there won't be much time for radical surgery.
... I'm going to get a draft out as quickly as possible, so please review as soon as you can.

Vincent: Sounds reasonable.
... Is there any particular topic you'd like to draw our attention to?

Noah: I can if you want to spend the time on it...

Noah: Tim had a concern that we make it clear that we're there to listen as much as to say what the right answers are

<noah> The TAG very much appreciates the opportunity to participate in this workshop. Although a few TAG members have direct experience building and supporting enterprise-grade networking systems, most of us have far deeper knowledge of the World Wide Web and of the technologies that have been used to build it. Accordingly, our primary interest in attending the workshop is to learn from the many participants who have greater experience in building and deploying enter

<noah> We also hope it will be useful to contribute some of the insights we've gained in designing and guiding the Web itself, and to participate in a constructive dialog regarding the tradeoffs to be made in coordinating Web services technologies with core World Wide Web technologies such as URIs and HTTP.

<noah> This white paper is intended to set out a few of the issues as we understand them, and to share some ideas about architectural tradeoffs. We do not attempt here to suggest what "the right answers" should be, but rather to offer some ideas that we hope will promote useful discussion. In keeping with the overall style of the workshop, we focus mainly on analyses motivated by use cases, but we start with a brief discussion of the background regarding integration

Noah: Dan encouraged me to try to keep it short.
... What I have right now focuses on three related use cases.
... Is it interesting to have something that's on the web and available through web services.
... First use case is a printer accessed and controlled through a traditional HTTP...no SOAP or Web Services.
... Second case is a printer that has a pure SOAP WS interface.
... Third use case is a printer that supports both at the same URI
... Maybe some discussion of other TAG issues like EPR vs. URI.
... I'm inclined to leave those out of the paper, but present them if I'm invited to speak.

Vincent: Thanks Noah. Any comments?

Norm: I'll try to read it as soon as possible, but I don't have any comments in advance of the paper.

Deprecate UTF-7?

Vincent: Should we put this on the agenda and consider it as a new issue?

Ed: Yes

Dave: Yes

<noah> I don't feel I have enough code-level experience on this one to have an informed opinion. So, I concur with whatever the rest of the TAG decides is appropriate.

TimBL: It's not UTF-7 that's really the problem, it's the browser sniffing of it.

Vincent: Roy suggests asking the browser vendors to stop supporting UTF-7

<timbl_> http://lists.w3.org/Archives/Public/www-tag/2006Dec/0034.html

<noah> By he way, Mary Ellen Zurko just confirmed to me that she got the note from Ed http://lists.w3.org/Archives/Member/tag/2007Jan/0001.html (Member only)

<timbl_> ""Servers" that do not declare the character encoding of the content they

<timbl_> serve, or that fail to ensure that the content matches the encoding they

<timbl_> do declare, are inherently vulnerable to attacks. All these servers have

Some discussion of the email thread

<timbl_> to do to prevent these UTF-7 based attacks is to declare the encoding in

<timbl_> the HTTP header or using some equivalent mechanism. The "servers" are

<timbl_> broken if they don't, not the browsers. Besides, none of the mainstream

<timbl_> browsers auto-detect UTF-7 in their latest versions, so there is hardly

<timbl_> any issue here."

<timbl_> http://lists.w3.org/Archives/Public/www-tag/2006Dec/thread.html#msg34

<noah> Paul Cotton also sent email at: http://lists.w3.org/Archives/Public/www-tag/2006Dec/0061.html

<noah> Linking to an explanation of the issue at: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0296.html

Ed notes that the rating service uses UTF-7

-> http://www.w3.org/TR/REC-PICS-services-961031

Ed: It may still not be a bad thing to deprecate utf-7, but we need to make sure the community gets enough lead time.

TimBL: The problem isn't really with utf-7 anyway.
... It's just another example of the issues associated with incorrect metadata: bad content type, bad encoding, etc.

TimBL: Let's open the issue.

Norm: I'm happy to open it.

Noah: I concur.

Vincent: Ok, then we'll open it, but we need to take care with the name and summary.

TimBL: We should have a link to Roy's message.

-> http://lists.w3.org/Archives/Public/www-tag/2006Dec/thread.html#msg34

Scribe elides the usual name wrangling.

Vincent: Proposed: open utf7Encoding-55: Security concerns with browsers sniffing unlabelled UTF7 encoding raised in <link to Roy's message>

Approved.

<scribe> ACTION: Vincent to create issue in list and announce it. [recorded in http://www.w3.org/2007/01/02-tagmem-minutes.html#action03]

Technical discussion postponed until we have a larger attendence.

Vincent: We might also want to discuss [IFLA-L] CERL and ECPA publish report that explains persistent identifier schemes

-> http://lists.w3.org/Archives/Public/www-tag/2006Dec/0060.html

Noah: Is there a political agenda behind this, do we know?

Ed: To sell copies of the report?

Norm: I think it's this:

-> http://www.knaw.nl/ecpa/publ/pdf/2732.pdf

Vincent: It's more than 50 pages so perhaps it's not something we can discuss now.

Norm: It seems like something we need to reply to, but personally I have less and less energy for the names-vs-address fight with each passing year.

TimBL: Perhaps we can resolve to send a short note pointing out at least that they're violating web arch?

Noah: This report takes as a starting point something that we disagree with.

Vincent: There is a section 9.6 which says that the authors don't recommend any specific scheme.
... There are many documents that say things that aren't completely right regarding web architecture. It would be a huge task to refute them all.

Ed: I'm not sure I want to give it any more credibility by responding to it.

Dave: I'm not a big fan of that argument with respect to web architecture. Communication is one of our mandates.
... A simple message that says we disagree with them from the very beginning might be the right thing to do.

Noah: I think it's also important to acknowledge that http: as commonly deployed does exhibit this problem.
... The question is, do you fix the issue by saying that http is inappropriate or by looking more subtly at the problem.

Ed: I don't think we should respond unless someone is willing to sit down and read the whole thing.

Vincent: I don't know how important this report is.

Norm: Maybe we should leave it for a week and see if there's someone else with a burning desire to persue it.

Vincent: Ok by me.

Any other business?

Adjourned.

Summary of Action Items

[NEW] ACTION: Noah to run it through tidy and republish for Vincent to announce. [recorded in http://www.w3.org/2007/01/02-tagmem-minutes.html#action02]
[NEW] ACTION: Vincent to create issue in list and announce it. [recorded in http://www.w3.org/2007/01/02-tagmem-minutes.html#action03]
[NEW] ACTION: Vincent to invite Stuart to join us in January [recorded in http://www.w3.org/2007/01/02-tagmem-minutes.html#action01]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.127 (CVS log)
$Date: 2007/01/03 15:10:33 $