W3C

TAG Weekly

23 Jan 2007

Agenda

Attendees

Present
Ht, Vincent, DanC, noah, Norm, Ed_Rice, TimBL (in part)
Regrets
TimBL, DaveO
Chair
VQ
Scribe
DanC

Contents


Convene, admin

VQ: late regrets from Tim and DaveO

TimBL: partial regrets due to RDFa discussion at SWD meeting at MIT

<DanC_> minutes 9 Jan

VQ: minutes 9 Jan ok by me. any reason not to approve?

Ed: remove DRAFT?

RESOLUTION: to approve 9 Jan minutes, (whether DRAFT removed or not)

VQ: agenda updates?

DanC: I have a question about IRIEverywhere

New telcon scheduling

PROPOSED: to meet 12:00 ET (17:00 UTC, 09:00 PT) Thursdays starting 1 Feb

VQ: there seems to be a critical mass around this proposal; I have seen some reservations...

<timbl> I can manage either of the two proposed time, the first with some rearrangemengt of medium pain

proposal doesn't carry due to a little new info and unknown input from others

DanC: ok, backing off from a long-term decision to next week...

HT: how about half an hour earlier next week so SKW can join? [that's 12:30 Boston time, yes, HT?]

<ht> yes DanC

NM: regrets 30 Jan due to travel

<Zakim> Norm, you wanted to say that I have to give regrets for Tuesday and Thursday of next week; I'll send a list of all my open slots and promise not to object to anything selected in

RESOLUTION: to meet Tue, 30 Jan 12:30pET

NDW: regrets 30 Jan

Issue passwordsInTheClear-52

<DanC_> Subject: RE: TAG - Password in clear text. Tue, 9 Jan 2007 13:20:10 -0600

^msg from Ed

VQ: Ed, any news from MEZ since that 9 Jan msg?

DanC: perhaps I should follow up with Thomas [WSC WG team contact] on whether MEZ [WSC WG chair] got the message or whatever

<scribe> ACTION: DanC to follow up on request for wording re "TAG - Password in clear text."

Ed: maybe there's not enough consensus to finish this after all?

DanC: indeed, John Cowan's msg emphasized a gap in positions, to me.

<noah> Me too, as I recall.

<noah> Haven't reread lately.

<ht> I have done my action, see http://lists.w3.org/Archives/Public/www-tag/2007Jan/0021.html

HT: I did raise the question about how user agent's can't know whether the password is in the clear due to javascript...

<noah> Yes, that's the concern I raised on the last call, that we are telling the browser to warn, but the Javascript may encrypt in a way the browser can't detect.

HT: and I got a response that confirms this is going on

Ed: it's not clear that these javascript techniques are secure

DanC: they look like traditional challenge/response authentication

Noah: some folks use passwords as "speed bumps" into their sites...
... their requirements are met by passwords in the clear
... how about "HTTP basic is not secure against the following..."?

DanC: that doesn't address my major concern, which is that web site operators are giving the impression that passwords are protected but not actually protecting the password across the net

Noah: [a pretty good story that the scribe got too far behind to record]

<noah> BTW: someone raised the question last week of what Yahoo! Mail is doing. From what I can tell going to their site, they are using HTTPS and also marking the input field as type="password"

Ed: it's not clear that we've got consensus on what's right and what's wrong

VQ: OK, so we've got DanC's new action an HT's action done...

Issue URNsAndRegistries-50

HT: no progress. :-/

DanC: does the URNs-and-registries finding touch on commercial motivation for DNS alternatives?

HT: no; do you have something solid to point to?

DanC: I think so.

<scribe> ACTION: DanC to look for an example of commercial motivation for alternatives to DNS

HT: please continue my action
... I still plan to work on this draft

<scribe> ACTION: HT to Update draft finding URNs, Namespaces and Registries. [CONTINUES]

Issue schemeProtocols-49

reviewing ACTION NM, accepted on 5 Dec 2005: Produce a new version of URI Schemes and Web Protocols.

NM: I had little confidence when I tried it at first; I have a little more confidence now, though it's not obvious what to write. Also, I did a bunch of TAG writing lately and used up some of that sort of energy; could use a break.
... so yeah, let's keep the issue open but withdraw the action.

DanC: yeah, until somebody is inspired...

<scribe> ACTION: NM to Produce a new version of URI Schemes and Web Protocols. [WITHDRAWN]

Issue IRIEverywhere-27

DanC: Congrats, Norm, on the XQuery REC. The F&O stuff reminds me of the IRIEverywhere issue, and some questions/axioms/formulas TimBL wrote up...

<DanC_> Mappings and identity in URIs and IRIs

issues list has 2 actions re http://www.w3.org/2001/tag/issues.html#IRIEverywhere-27

one on TBL and one on HT...

DanC: do we care about the XML Core action? withdraw?
... that was about XML Namespaces 1.1, which is done.

<scribe> ACTION: HT to with Norm report the Namespaces/URI/IRI discussion to XML Core. [DONE]

<scribe> ACTION: DanC to ask TimBL whether XQuery and XML Namespaces 1.1 address IRIEverywhere to his satisfaction, noting http://www.w3.org/2003/04/iri.html

ADJOURN.

Summary of Action Items

[NEW] ACTION: DanC to ask TimBL whether XQuery and XML Namespaces 1.1 address IRIEverywhere to his satisfaction, noting http://www.w3.org/2003/04/iri.html
[NEW] ACTION: DanC to follow up on request for wording re "TAG - Password in clear text."
[NEW] ACTION: DanC to look for an example of commercial motivation for alternatives to DNS
 
[PENDING] ACTION: HT to Update draft finding URNs, Namespaces and Registries.
 
[DONE] ACTION: HT to with Norm report the Namespaces/URI/IRI discussion to XML Core.
 
[DROPPED] ACTION: NM to Produce a new version of URI Schemes and Web Protocols.
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.127 (CVS log)
$Date: 2007/01/23 23:11:20 $