IRC log of tagmem on 2003-09-15

Timestamps are in UTC.

18:47:57 [RRSAgent]
RRSAgent has joined #tagmem
18:48:01 [Zakim]
Zakim has joined #tagmem
18:50:09 [Ian_]
Ian_ has joined #tagmem
18:50:17 [ian__]
ian__ has joined #tagmem
18:50:49 [ian__]
ian__ has changed the topic to: Agenda:
18:53:38 [timbl]
timbl has joined #tagmem
18:53:56 [timbl]
Zakim, who is on the phone?
18:53:56 [Zakim]
sorry, timbl, I don't know what conference this is
18:53:57 [Zakim]
On IRC I see timbl, ian__, Zakim, RRSAgent, Stuart, DanC, Norm
18:54:02 [timbl]
Zakim, this is tag
18:54:02 [Zakim]
ok, timbl
18:58:55 [Zakim]
18:59:03 [Norm]
Zakim, who's on the phone?
18:59:03 [Zakim]
On the phone I see TimBL, Norm
18:59:16 [ian__]
zakim, call Ian-BOS
18:59:16 [Zakim]
ok, ian__; the call is being made
18:59:17 [Zakim]
19:00:10 [Zakim]
19:00:24 [Zakim]
19:00:26 [Stuart]
Zakim, ??P26 is me
19:00:26 [Zakim]
+Stuart; got it
19:01:53 [Stuart]
zakim, who is here
19:01:54 [Zakim]
Stuart, you need to end that query with '?'
19:01:55 [Zakim]
19:01:58 [Stuart]
zakim, who is here?
19:01:58 [Zakim]
On the phone I see TimBL, Norm, Ian, Stuart, DanC, Tim_Bray
19:01:59 [Zakim]
On IRC I see timbl, Ian, Zakim, RRSAgent, Stuart, DanC, Norm
19:02:20 [TBray]
TBray has joined #tagmem
19:02:29 [Ian]
Tim Bray, the RDDLer
19:02:33 [TBray]
19:04:32 [Zakim]
19:05:26 [Zakim]
19:05:55 [Ian]
Roll call: TB, TBL, SW, NW, DC, RF, IJ,
19:06:02 [Ian]
19:06:03 [Ian]
Regrets: CL
19:06:05 [Ian]
Missing: PC
19:06:24 [Ian]
Accept the minutes of the 8 Sep teleconf?
19:06:29 [Ian]
SW, DC, TB: Ok
19:06:32 [Ian]
Resolved to accept
19:06:37 [Ian]
Accept this agenda?
19:06:44 [Ian]
19:07:49 [Ian]
DC: I'm interested in talking about intro of arch doc
19:08:18 [DanC]
(shoot; where is charmod on our agenda? oh well)
19:08:28 [Ian]
Next meeting 22 Sep teleconf?
19:08:45 [Ian]
Regrets: SW, DO (likely)
19:09:07 [Ian]
SW: I will do a review of upcoming editor's draft by email, but can't attend mtg.
19:09:10 [Ian]
NW: I will chair 22 Sep.
19:09:47 [Ian]
NW: Reminder that people on last week's call agreed to review doc before 22 Sep.
19:10:45 [Ian]
19:10:57 [Ian]
QUestion from PC about meeting 10 nov.
19:11:51 [Ian]
Proposed: We will schedule call as normal, but understand if people absent due to travel.
19:11:58 [Ian]
So resolved.
19:12:02 [Ian]
(10 Nov teleconf)
19:12:04 [Ian]
19:12:40 [Ian]
SW: Anything going on in rdfURIMeaning-39? I urge TAG to sign up to relevant mailing list.
19:12:47 [Ian]
DC: 8-9 people have introduced themselves.
19:12:58 [Ian]
DC: There are a few considered mail messages per week, which is a good thing.
19:13:14 [Ian]
DC: No call scheduled yet, but progress.
19:13:17 [Ian]
19:13:29 [Ian]
Upcoming events:
19:14:56 [Ian]
IJ: Propose that two folks give ok to publish on TR page with some revision.
19:14:57 [Ian]
19:15:06 [Ian]
Status of work on namespaceDocument-8.
19:15:12 [Ian]
19:15:20 [Ian]
Completed action TB 2003/04/07: Prepare RDDL Note. Include in status section that there is TAG consensus that RDDL is a suitable format for representations of an XML namespace. Clean up messy section 4 of RDDL draft and investigate and publish a canonical mapping to RDF. From 21 July ftf meeting.
19:15:35 [Ian]
19:15:47 [Ian]
This Version: September 15, 2003
19:16:15 [Ian]
TBray: Produced status section. Haven't found canonical mapping to RDF yet.
19:16:33 [Ian]
TBray: So in effect I added a status section, cleanup had already been done, didn't add mapping.
19:17:23 [Ian]
DC: This action not done to my satisfaction until sent to www-tag.
19:17:39 [Norm]
timbl, i thought you commented on RDDL, but I can't find that comment. Am I mistaken? If not, where did you send it?
19:17:52 [Ian]
SW: What about statement about TAG consensus regarding suitability of RDDL as a format for ns docs?
19:19:00 [Ian]
[TB sends email to www-tag]
19:20:37 [Ian]
TBL: I think the TAG consensus part belongs in finding rather than in RDDL spec.
19:21:10 [Ian]
(i.e., the statement in the status section of the RDDL draft)
19:21:28 [Norm]
19:21:46 [Ian]
TBray: I promise to do canonical mapping this week.
19:21:57 [Ian]
TBL: Please put as a normative appendix in the RDDL spec.
19:22:15 [Ian]
TBray: If you want to use it, it needs to exist (at least) independently.
19:22:19 [Ian]
ack DanC
19:22:19 [Zakim]
DanC, you wanted to ask for help finding "hello world" example
19:22:46 [Ian]
TBray: Yes, DC asked for hello world example, and I agreed with him.
19:23:17 [Ian]
Action TB: Add hello world example to a new draft this week.
19:24:05 [Stuart]
19:24:33 [Ian]
NW to TB: Did you not also have to produce a DTD?
19:24:37 [Ian]
TBray: [Big sigh]
19:24:52 [Ian]
TBray: I'll do this after we're agreed to the content.
19:25:30 [Ian]
Action TB: Produce schemaware once TAG has consensus on the syntax.
19:25:51 [Ian]
SW: What about impact of RDDL on arch doc?
19:26:00 [Stuart]
ack Norm
19:26:09 [Ian]
TBray: PC is going to outline the finding. THat will include a sound bite for inclusion in arch doc.
19:26:17 [Ian]
Action SW: Ping PC on status of his action.
19:27:06 [Ian]
19:27:15 [Ian]
19:27:23 [Ian]
Completed action IJ 2003/07/21: Update Deep linking finding (i.e., create a new revision) with references to German court decision regarding deep linking. No additional review required since just an external reference. (Done)
19:27:35 [Ian]
19:28:16 [DanC]
policies section?
19:29:14 [Ian]
TBray: How about "Public policy actions" instead?
19:29:54 [Ian]
IJ: A summary blurb in English might also be useful.
19:31:08 [Ian]
Action TB: Ask Lauren Wood to review German text to see if applicable.
19:31:27 [Ian]
19:32:35 [Ian]
Action IJ: Take back to Comm Team publicity of this document.
19:32:46 [DanC]
I seem to remember that discussion of publicity around this finding.
19:33:03 [Ian]
19:33:12 [Ian]
whenToUseGet-7: 9 July 2003 draft of URIs, Addressability, and the use of HTTP GET and POST
19:33:12 [Ian]
* Action DO 2003/09/08: DO to send additional comments, due 12 Sep.
19:33:22 [Zakim]
19:33:22 [Ian]
19:33:31 [Zakim]
19:33:42 [Ian]
DO commetns:
19:35:42 [Ian]
TBray: WSDL WG aware of the finding, right?
19:35:48 [Ian]
DO: Yes. But they distinguish "GET" from safety.
19:36:04 [Ian]
DC: Support for GET seems too low-level.
19:36:36 [Ian]
DO: Customers are asking for a way to be able to mark an operation as safe.
19:36:57 [Ian]
DC: Yes, mark as "safe" and use the appropriate binding at the protocol level (i.e., depends on the protocol).
19:37:58 [Ian]
DC: Mark something at abstract level (e.g., "get stock quote") as safe; in protocol layer, it's bound to whatever the appropriate safe operations are.
19:39:05 [Ian]
19:39:42 [Ian]
TBray: In DO's note, are we still asking the WSDL WG to do something?
19:40:06 [Stuart]
ack DanC
19:40:26 [Ian]
DC: You can't currently say in WSDL that an operation is safe.
19:40:39 [Ian]
SW: I agree with DC that marking safe should take place at abstract layer.
19:40:53 [Ian]
TBray: We are also asking for buy-in from WS community that safe operations should be done with GET.
19:41:30 [Ian]
DO: WSDL WG has accepted as a MUST that they have to accept the SOAP 1.2 binding.
19:41:43 [Ian]
DO: But I didn't see the marking of operations as safe being required.
19:41:48 [Ian]
TBray: I'm fine with our finding.
19:42:22 [Ian]
TBray: I think we should ask the WS community to (1) investigate the possibility of building in a formalism to express the fact that an operation is safe and (2) encouraging, in specs, that developers implementing safe operations implement them with GET.
19:42:39 [Ian]
DO: I'm comfortable with (1).
19:42:44 [Ian]
19:45:02 [Ian]
TBray: I think we need to encourage people to use GET when they are using big globs of SOAP inefficiently.
19:45:30 [Ian]
TBray: We have agreed with strong consensus that safe operations should be done with GET.
19:45:39 [Ian]
TBray: If there are WGs that disagree, we need to explore this.
19:46:30 [Ian]
DO: I am happy with first para of 6 w.r.t. to comments from Noah.
19:47:24 [Ian]
TBray: In SOAP 1.1, I think it was wrong to only describe a POST binding and to ignore GET.
19:47:31 [Ian]
TBray: SOAP 1.2 gives equal treatment to GET/POST.
19:47:35 [DanC]
equal treatment? not for safe ops.
19:47:47 [Ian]
TBray: I think that there are still a nubmer of cases where, even if you have a safe operation, you still want to do with POST.
19:47:57 [Ian]
s/TB/DO for 3 previous assertions.
19:48:15 [Ian]
DO: I think it's moving too far to say "You should only do it this particular way...."
19:48:24 [Ian]
TBray: I agree with you for case of long URIs, etc.
19:48:30 [Stuart]
19:49:01 [Ian]
ack Stuart
19:49:17 [Ian]
SW: I think that we are haggling over this statement: "However, to represent safety in a more straightforward manner, it should be a property of operations themselves, not just a feature of bindings."
19:49:23 [Ian]
SW: SHould we give more rationale for our requset.
19:49:38 [Ian]
DO: I think our last sentence is fine. But I hear TB saying he wants something stronger.
19:50:31 [TBray]
19:50:36 [Stuart]
ack DanC
19:50:36 [Zakim]
DanC, you wanted to respond re "only" GET
19:51:02 [Ian]
DC: Our finding doesn't say "always use get"; it goes to great length. But the bottom line is it says "use get for safe operations". The SOAP spec doesn't give equal treatment for safe operations; it says use GET.
19:51:06 [DaveO]
DaveO has joined #tagmem
19:51:19 [Ian]
DC: Our position is pretty clear on this, it is "For safe operations, use GET.....except...."
19:51:33 [DanC]
(SOAP 1.2 to wit
19:51:42 [Ian]
Noah's comments since:
19:51:48 [Ian]
19:52:21 [Ian]
Suggested replacement text:
19:52:25 [Ian]
SSL can be used to protect information carried by either GET or POST
19:52:25 [Ian]
operations. In situations where use of SSL or other connection level
19:52:25 [Ian]
security is inappropriate, POST may be used to carry credentials or other
19:52:25 [Ian]
information needed to authenticate an otherwise safe retrieval. Note too
19:52:25 [Ian]
that access to an audited resource typically incurs an obligation, I.e. to
19:52:26 [Ian]
have the access logged, and thus must be performed using POST.
19:53:19 [Ian]
TBray: I'm inclined to accept this.
19:53:25 [Ian]
DC: I think that's cost-effective.
19:53:53 [Ian]
TBray: Add some of NM's language (e.g., when I need to authenticate all the way into some application)
19:54:06 [DanC]
cost effective... thought I wish for more time to think about it
19:55:14 [Ian]
Action IJ: Incorporate NM comments and publish revision. If nobody shouts "Stop!" then we consider the finding accepted by the TAG.
19:56:09 [Ian]
TBray: Back to other point - our position on use of GET is pretty strong, so if there are WGs that are moving in the opposite direction, we should interact with them.
19:56:20 [Ian]
DO: I monitor WSDL WG.
19:58:05 [Ian]
DO: I'd like to point out next draft of finding to WSDL WG and say "I don't see this in your reqs. If WG does not intend to satisfy this requirement, please let's chat."
19:58:15 [TBray]
19:58:34 [Ian]
SW: I think that the WSDL's statement of their requirement is a misstatement of what we are saying.
19:59:05 [Ian]
DO: First para of section 6 relates to SOAP 1.2.
20:00:04 [Ian]
DO: As a result of changes to SOAP 1.2, WSDL says "support SOAP 1.2". There's a piece missing in WSDL, which I want to ask them about (concerning second para of section 6 in finding). I think that their issue is more related to SOAP 1.2, not an additional req.
20:00:27 [Ian]
ack TBray
20:00:52 [timbl]
20:00:59 [Ian]
TBray: It would be great if someone gave us pointers into relevant specs where this issue is relevant.
20:01:17 [Ian]
Action DC: Provide TAG with pointers into WS specs where issue of safe operations is manifest.
20:01:21 [Stuart]
ack timbl
20:04:04 [Ian]
[Discussion of TAG / WS liaison]
20:06:00 [Ian]
DC: Have we told WSDL WG that we want their spec to look like this?
20:06:52 [Ian]
DO: There has been lots of dialog.
20:07:25 [Ian]
DO: This is a tough one since people have a certain mindset. I don't think that there's complete understanding of the issues on both sides yet.
20:08:40 [DaveO]
20:08:40 [DaveO]
InterfaceBindings SHOULD provide for mapping Message content to WSDLService location URIs. (From DO. Last discussed 22 Jan 2003.)
20:08:54 [DaveO]
20:09:13 [Zakim]
+ +1.949.679.aaaa
20:09:16 [Zakim]
20:09:56 [Ian]
Action DO: Ask WSDL WG to look at finding; ask them if marking operations as safe in WSDL is one of their requirements.
20:10:20 [DanC]
20:10:22 [DanC]
20:10:43 [Ian]
20:10:52 [Ian]
# contentTypeOverride-24: 9 July 2003 draft of Client handling of MIME headers
20:10:52 [Ian]
1. Comments from Roy on charset param
20:10:52 [Ian]
2. Comments from Philipp Hoschka about usability issues when user involved in error correction. Is there a new Voice spec out we can point to for example behavior?
20:10:52 [Ian]
3. Comments from Chris Lilley
20:10:53 [DanC]
(so issue 7 will go into pending state?)
20:10:54 [Ian]
4. Change "MIME headers" to "server metadata" in title?
20:10:58 [Ian]
20:11:05 [Ian]
Client handling of MIME headers
20:11:12 [Ian]
20:11:23 [Ian]
RF comments:
20:11:28 [Ian]
20:12:15 [Roy]
Roy has joined #tagmem
20:12:54 [Stuart]
20:13:14 [Ian]
IJ to RF: Could you suggest replacement text for your points?
20:13:56 [Roy]
I can suppy text
20:14:44 [Ian]
TB reply to RF:
20:15:18 [Ian]
TBray: I'm arguing that in the case of XML, it's actively harmful to provide a charset unless you are really certain you're right.
20:15:39 [Ian]
RF: My problem has to so with some XML variations, such as XHTML.
20:16:34 [Ian]
RF: E.g., if a system is set up to do a security check on content, they will tag it with appropriate charset for that document, whether they are certain whether the content in the document is really of that charset. Their instructions to the client is to ONLY use a particular charset.
20:17:02 [Ian]
TBray: In what scenario is it desirable to tell the client to only use one charset.
20:17:22 [Ian]
RF: There are security holes in some browsers that make them vulnerable when trying to do char code switching.
20:17:48 [Ian]
RF: Server tells browser "Only interpret this data in the following way..."
20:19:01 [Ian]
RF: Not all xml parsers are correct xml parsers.
20:19:14 [DanC]
client vulnerability, but our advice to servers might make it worse
20:19:35 [Ian]
TB summarizing:
20:19:40 [Ian]
- I send xhtml text to browser
20:19:54 [Ian]
- I send as text/html, so no problem sending charset.
20:20:03 [Ian]
- If I send as application/xhtml+xml ....
20:20:07 [Ian]
RF: No charset param.
20:20:12 [Ian]
TBray: Or does it per 3023?
20:20:45 [Ian]
TBray: If there's no charset param on application/xhtml+xml, then I'm fine.
20:21:46 [DanC]
20:21:52 [Ian]
[Diff is between sending charset for text/html and application application/xhtml+xml
20:21:54 [Ian]
20:22:27 [Ian]
TBray: I think we agree that sending xml as text/* is a likely source of difficulties.
20:22:42 [timbl]
20:22:47 [Ian]
TBray: I think we are saying that if we send as application/* that it's a bad idea to send charset.
20:23:07 [Stuart]
ack DanC
20:23:07 [Zakim]
DanC, you wanted to ask if we've told the WSDL WG what we want from them and to and to check if he understood Roy
20:23:11 [Ian]
RF: I am for removing charset parameter for application/*
20:23:21 [Ian]
RFC 3023 :
20:24:19 [Ian]
TBray: We could ask authors of 3023 to update it per the changes we are asking for.
20:24:32 [Ian]
TBray: Section 3.2 of 3023: optional charset param. "Strongly recommended"
20:25:20 [Ian]
RF: Ask on www-tag if we should remove charset from application/* types
20:25:56 [Ian]
RF: Meanwhile, don't require the server to make a judgment call on the content type. Server doesn't have a brain.
20:26:57 [Ian]
TBray: I note that in draft finding we already grumble about what 3023 says
20:27:43 [Ian]
RF: We can ask authors of 3023 on www-tag why those types have charset param.
20:28:09 [Ian]
Action TB: Draft a Note to authors of RFC 3023 cc'ing www-tag about concerns regarding charset asking about chances of getting this fixed.
20:28:23 [Ian]
20:29:19 [Ian]
IJ: How does this affect this sentence: "For this reason, servers should only supply a character encoding
20:29:19 [Ian]
header when there is complete certainty as to the encoding in use.
20:29:19 [Ian]
20:30:07 [Ian]
RF: If you keep the sentence, it should say that server software should only supply charset when there's complete certainty about the character encoding used within the body.
20:31:04 [Ian]
Action RF: Propose alternative text to other points in RF's original email.
20:31:13 [Ian]
RF: I'll do this today.
20:31:23 [Ian]
20:31:25 [Zakim]
20:31:26 [Zakim]
20:31:26 [Zakim]
20:31:27 [Ian]
RRSAgent, stop