See also: IRC log
<DanC> trackbot, start meeting
<trackbot> Date: 27 May 2010
<masinter> scribe: Larry Masinter
<masinter> scribenick: masinter
<DanC> (changed the stylesheets on http://www.w3.org/2001/tag/2010/05/20-minutes Date: 2010/05/27 17:02:37 )
<DKA> +1
<DanC> +1 approve 20-minutes
RESOLUTION: Minutes of 20 May (http://www.w3.org/2001/tag/2010/05/20-minutes ) are approved
noah: F2F agenda looks stable
jar: HT to organize talk about domain name persistence?
noah: waiting to get info from people to finalize agenda, e.g., info from HT
... inclined to cancel next week telcon
larry: likely to regret next week
<DanC> . action-xxx due tuesday
ht: hasn't gotten in touch with everyone needed; hoping to have that by next tuesday
<DanC> action-414 due tuesday
<trackbot> ACTION-414 Prepare a draft agenda, including goals and means, for a proposed afternoon session with invited guests, and circulate for discussion prior to a decision, on the subject of addressing the persistence of domain names due date now tuesday
action-433?
<trackbot> ACTION-433 -- Dan Connolly to help Tim get in touch with staff etc. re XML/HTML unification -- due 2010-05-28 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/433
dc: nothing to say at this time, but due tomorrow
action-424?
<trackbot> ACTION-424 -- Larry Masinter to start discussion on www-tag about additional finding/web architecture around MIME types in web architecture, updating existing findings -- due 2010-06-07 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/424
action-425?
<trackbot> ACTION-425 -- Larry Masinter to draft updated MIME finding(s), with help from DanA, based on www-tag discussion -- due 2010-05-31 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/425
<DanC> 424 is done to my satisfaction
<DanC> . action-425 due wednesday
<noah> LM: ACTION-424 is to start discussion, ACTION-425 is wrap up
close action-245
<trackbot> ACTION-245 Noah to respond to TPAC survey saying TAG will meet Monday and Friday (half days) closed
close action-424
<trackbot> ACTION-424 Start discussion on www-tag about additional finding/web architecture around MIME types in web architecture, updating existing findings closed
<DanC> (ah... 425 already has a due date in the future)
<DanC> . ACTION Yves: review Larry's summary on mime types
action-340?
<trackbot> ACTION-340 -- John Kemp to summarize recent discussion around XHR and UMP -- due 2010-05-13 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/340
<DanC> (very nice go at the summary, JK; I do hope we can get it to the point where all the parties agree to it)
JK: sent a summary, and got some feedback. What I plan to do is incorporate comments and write up difference between two positions.
<noah> I found it very helpful too.
<DanC> 0048
<DanC> http://lists.w3.org/Archives/Public/www-tag/2010May/0048.html
DanC: There's a sentence about one proposal satisfying a use case that the other doesn't, could there be an example?
JK: UMP satisfies use cases that don't require a pre-flight request, simple GET is supported, but PUT POST DELETE are not, they intend to write a separate spec.
DanC: A 'simple get request' -- what does this have to do with either of them?
<Yves> disclosing information to a malicious site can be done using "simple GET" anyway, like appending information after a ';'
<DanC> ("some site"... fedex? for example? ah! photo/print... NOW we're talking my language)
JK: Basically, the model proposed in CORS relies on an actual requestor, a web site returns content which contains an XMLHTTPRequest
... two web sites, client with web browser, using those two web sites. First site makes a request, gets something from a Photo web site (first site), and sends a XMLHTTPRequest to a print site (second web site).
... deal with current restriction on web browsers that content can only make requests back to its origin site.
... if you were to make an update to the 2nd site, e.g., to update the print queue, that required a POST, that would be supported by UMP but not CORS.
CORS has a model that uses the Origin header, like Referer, and also uses cookies. If you go to a photos site, photos can make a request to print, which would essentially log the user into the print website. If you were to make a request that involved per-user data, e.g., a per-user queue, you would be using a logged-in .... (lost about 3rd party) ...
Noah: in this, the photo site has stored cookies, and the print site has stored cookies. (Discussion: cookies are still per-site).
... the use case should include the prior interaction of the user with the print site.
JK: instance that is current is the Facebook "Like" button
<DanC> (hmm... but the facebook "like" button works without CORS and without UMP... so only partly relevant)
JK: The button communicates with the Facebook site
... problem is malicious site causing 3rd party site to do something that the user didn't actually authorized. Proposal is that All XMLHTTPRequest are uniform, they do not send shared cookies or user credentials.
Larry: ack
Ashok: there is a spec called Web Storage which lets you actually store cookies for a session and lets you store cookies and data, even if the site is offline, ... there are a bunch of these...
JK: not sure of relationship with CORS, unlikely to use UMP
Asok: some of those specs actually help web sites share data...
JK: My overall summary: essentially we have this model of using origin to prevent cross-site. CORS builds on that model, but doesn't actually solve the problem: someone could make a cross-site unauthorized request. I looked at it and agree, and will include this in my write-up. Any origin + cookies approach will still allow malicious cross-site requests.
<DKA> +1 to it being worth-while
noah: scheduled discussion at F2F, JK will not be there.
JK: preparing a write-up which will be ready at F2F
Larry: is there more to talk about?
Noah: John's preparing, Ashok wants more discussion
... short session on this. Ashok suggests 30 minutes
JK: Some would say CORS conflicts with web arch. In my opinion it doesn't encourage good use of web architecture.
<jar> sunk cost
noah: push-back is that UMP is less functional? CORS supports some use cases, but UMP doesn't necessarily support the same use cases?
(CORS supports .. was JK)
JK: CORS doesn't solve the problem it was intended to solve, in my opinion. Something else is needed.
JAR: will ask Tyler about Ashok's question. Web Storage is a fancy version of cookies. All the same issues should arise.
Noah: browsers already send cookies, do they also connect to data (??)
action-340?
<trackbot> ACTION-340 -- John Kemp to summarize recent discussion around XHR and UMP -- due 2010-05-13 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/340
<jar> ACTION: jar to Consult Tyler Close regarding UMP-informed web storage vulnerability analysis [recorded in http://www.w3.org/2010/05/27-tagmem-minutes.html#action01]
<trackbot> Created ACTION-435 - Consult Tyler Close regarding UMP-informed web storage vulnerability analysis [on Jonathan Rees - due 2010-06-03].
<DanC> action-340: ...
<trackbot> ACTION-340 summarize recent discussion around XHR and UMP notes added
<DanC> action-340: reopened for reasons that JK just told NM he'd make a note about
<trackbot> ACTION-340 summarize recent discussion around XHR and UMP notes added
action-379?
<trackbot> ACTION-379 -- Larry Masinter to check whether HTML language reference has been published -- due 2010-03-24 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/379
<DanC> scribenick: DanC
LMM: so yes, "HTML: The Markup Language" has been published as a WD
(had the authoring guide gone to WD?)
<masinter> http://dev.w3.org/html5/spec-author-view/
<masinter> isn't a WD
LMM: there's also this authoring guide in progress
<Zakim> DanC, you wanted to ask if now is a good time for JAR to summarize discussion of UMP/CORS going to last call (ACTION-344)
<masinter> http://dev.w3.org/html5/markup/ makes reference to author view
<Ashok> jar, from the Web Storage spec -- Each top-level browsing context has a unique set of session storage areas, one for each origin.
LMM: the authoring guide hasn't become a WD and isn't one of the 8 to be published in the upcoming round of WDs
<masinter> noah: would like to see us follow up with this
<masinter> noah: I'm pretty sure there was a discussion about how the authoring view was a significant part of the solution to our problem. I took it as implicit that this would be progressed.
<masinter> DanC: there's also an authoring guide?
http://www.w3.org/TR/html5/ has the "hide UA text" option
<scribe> scribenick: masinter
Larry: I was confused. Working Draft now has interactive "Hide UA Text" !
noah: it may be the button does more than 'hiding UA text'
danc: on the question of whether it is maintained: I reviewed the document, found something that was wrong, and it got fixed right away, so it's actively maintained.
<DanC> (in particular, the boundary between "UA text" and other)
noah: We had a discussion in 2008 where I had some expectations that things like front matter would also be appropriate...
Larry: there are some documents. Whether they meet TAG requirements are unclear to me. I think everyone knows what the documents are.
polling
DanA: I don't have an opinion
DanC: we need to decide
... I accept the current course and speed.
JAR: I haven't reviewed the authoring guide or whether it qualifies as a language reference. Don't have much of an opinion.
... acceptable to me.
Noah: I think the minimum bar the TAG should set is that we reach the point where we know what they are commited to progress.
... Not sure we know what they are doing.
Ashok: I will vote +1 meaning there's nothing specific we want to do.
<DanC> (re Noah's comment, I'm looking at the issues list to see if anything relevant lives there http://www.w3.org/html/wg/tracker/issues )
<DanC> (found it: http://www.w3.org/html/wg/tracker/issues/59 )
<noah> I don't entirely buy Larry's claim that you can infer commitments from the current heartbeats. The fact that there's a hide/show UA in the current view doesn't seem to me to answer one way or the other whether they're committed to maintaining it on a Rec track long term.
<noah> Henry, dan is trying to poll you.
<noah> As soon as Larry is done.
<noah> LM: I want a schema.
<noah> LM: Might be supportive of work on polyglot.
Larry: I'd like there to be a schema. I think a schema might be more relevant for polyglot files, though.
<timbl> not up to speed on auth doc
<noah> DC: They have their issue 59 normative lang reference. Must have made some decision
"It seems to be agreed that publishing a non-normative reference document would be appropriate and sufficient."
http://lists.w3.org/Archives/Public/public-html/2010Jan/0470.html
"The TAG seems satisfied with our course of action"
"while reserving the right
to raise further objections depending on how things go."
<jar> "publishing a non-normative reference document would be appropriate and sufficient."
I'm pretty sure that's Mike Smith's document H:TML
<jar> link?
http://dev.w3.org/html5/markup/
This document is what I believe they have offered as a response to the TAG
Noah: That document is useful, but I don't think it is sufficient as a language reference.
<noah> I think schemas are useful for generators as much as for parsers, and that's for both text/html as polyglot
<DanC> LMM: (a) a schema might be quite useful with polyglot documents
(b) http://dev.w3.org/html5/markup/ is rec track
it contains a reference to http://dev.w3.org/html5/spec-author-view/
but the latter isn't rec track
http://lists.w3.org/Archives/Public/public-html/2010May/0297.html
<jar> Let me see if I understand... (in case I have to consult these minutes in the future...) http://dev.w3.org/html5/markup/, HTML: The Markup Language (a.k.a. H:TML), is rec track but is to be non-normative
lists 8 documents being published as 'heartbeat' or FPWD
<noah> NM: I'd like to see a commitment that http://dev.w3.org/html5/spec-author-view/ is rec track
<noah> Henry?
<DanC> action-379: spec-author-view clarification seems in order
<trackbot> ACTION-379 Check whether HTML language reference has been published notes added
<DanC> action-379?
<trackbot> ACTION-379 -- Noah Mendelsohn to check whether HTML language reference has been published -- due 2010-03-24 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/379
<DanC> action-379?
<trackbot> ACTION-379 -- Noah Mendelsohn to check whether HTML language reference has been published -- due 2010-03-24 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/379
<DanC> (schemas for the polyglot use case is something I hadn't given much thought.)
<DanC> LMM: a schema might be quite useful with polyglot documents
Larry: Pushing on schemas for polyglot and the ability to do schema-based processing as one of the justifications of XML/HTML unification
DanC: EPub also seems to be relevant these days. EPub went to XHTML 1.1 or 1.2, I think (tracking down)
<noah> I'd like to be sure we'er minuting that we're talking about ACTION-403, which is to respond to Murata Makoto's request for RelaxNG schemas for XHTML
action-403?
<trackbot> ACTION-403 -- Noah Mendelsohn to ensure that TAG responds to Murata Makoto's request for RelaxNG Schemas for XHTML (self-assigned) -- due 2010-05-11 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/403
<noah> Murata-san writes:
<noah> Is it possible for W3C to publish RELAX NG schemas for XHTML modules?
<noah> Such schemas were created by James Clark, but have not been published
<noah> by any standardization organization.
<DanC> What I’d change about ePub
<DanC> "Support any valid form of XHTML"
<noah> LM: We're looking at HTML/XML unification; I think schema-based processing is an advantage we should pursue
ashok: danger is that Murata will spend a month on it and working group will just throw it away
<noah> AM: Danger is Murata-san will spend time and it won't then move forward
<DanC> HT sent email... XProc just went to REC with non-normative DTDs, XML Schemas, Relax-NG schemas...
<DanC> ... none of them is claimed to be exactly right, but they're useful.
<DanC> "Michael Smith, HTML Activity Lead" -- http://www.w3.org/MarkUp/Activity
noah: will respond to Murata-san, suggesting (1) work with HTML WG and (2) TAG is interested in XML/HTML unification
<DanC> ACTION: Connolly bring "Schemas for XHTML" inquiry to the attention of Michael Smith, HTML Activity Lead [recorded in http://www.w3.org/2010/05/27-tagmem-minutes.html#action02]
<trackbot> Created ACTION-436 - Bring "Schemas for XHTML" inquiry to the attention of Michael Smith, HTML Activity Lead [on Dan Connolly - due 2010-06-03].
http://dev.w3.org/html5/html-xhtml-author-guide/html-xhtml-authoring-guide.html
<DanC> (good point; I'd like to see Murata-san's take on the polyglot spec.)
<DanC> action-403?
<trackbot> ACTION-403 -- Noah Mendelsohn to ensure that TAG responds to Murata Makoto's request for RelaxNG Schemas for XHTML (self-assigned) -- due 2010-06-02 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/403
action-411?
<trackbot> ACTION-411 -- Larry Masinter to take the next step on announcing IRIEverywhere -- due 2010-04-13 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/411
<noah> scribenick: noah
<DanC> LMM: HTML WG issue 59 is still open... status is unclear to me...
<scribe> scribenick: DanC
UNKNOWN SPEAKER: I wrote a change proposal; there's a couter-proposal... the outcome isn't clear...
... so that part of the plan... that the HTML spec would reference the new IRI spec... looks likely, though the details aren't nailed down
LMM: the XML Core WG asked for a clarification "should we really [look at? point to?] the ??iri? document?" and I said yes, and I don't think they have finished with [that review]
... then there's the question of updating W3C XML specs that wouldn't be covered by the XML Core update...
<jar> curious, why might xml core care about IRIs? namespace prefix definitions, or xsd:anyURI, or what? ...
LMM: [details missed] which suggests we shouldn't close [i.e. should re-open] this IRIEverywhere issue
<masinter> XML defined 'LEIRI' and had a separate spec
<masinter> Request is to get people to reference http://tools.ietf.org/html/draft-ietf-iri-3987bis
<masinter> or its update
<masinter> http://tools.ietf.org/wg/iri/charters meeting in late July