16:05:10 RRSAgent has joined #tagmem 16:05:10 logging to http://www.w3.org/2006/10/04-tagmem-irc 16:05:46 agenda + Convene, take roll, review agenda 16:05:51 Zakim has joined #tagmem 16:05:53 agenda + Convene, take roll, review agenda 16:05:57 ht has joined #tagmem 16:06:03 Making our calls more efficient 16:06:10 agenda + Making our calls more efficient 16:06:31 Noah has joined #tagmem 16:06:33 scribe: ht 16:06:40 scribe: Henry S Thompson 16:06:46 scribenick: ht 16:08:32 zakim, take up agenda 1 16:08:32 agendum 1. "Convene, take roll, review agenda" taken up [from DanC_lap] 16:09:30 Scribe duty: HST Wed a.m.; DC Wed p.m.; NDW Thu a.m.; NM Thu p.m. 16:09:49 Minutes from last telcon approved 16:10:05 timbl has joined #tagmem 16:10:22 Next telcon 10 October 16:10:36 TV Raman regrets for 17 October 16:10:51 D Orchard probable regrets 17 October 16:12:07 VQ: Add to agenda, Nov AC Meeting report and discussion 16:12:45 ... We will come to this later in the meeting 16:13:02 ... HST, TBL, VQ and NM will be there, others not 16:13:33 VQ: Next f2f December 11--13 in Boston 16:13:55 NDW: Pbly not available all three days. . . 16:15:37 TBL: There's a Web Services Transfer submission which is relevant. . . 16:16:02 ... Could we have a short slot in the agenda to at least raise an issue 16:16:05 VQ: Will do 16:16:22 Zakim, next agendum 16:16:22 agendum 2. "Making our calls more efficient" taken up [from DanC_lap] 16:16:31 (booted the meeting and did admin in 16 minutes flat. well done, VQ) 16:17:57 VQ: TV asked for a discussion about this -- DC has sent email on this, let's read that and discuss in breaks etc., but not spend official f2f time 16:18:05 Vincent has joined #tagmem 16:18:20 (on meeting efficiency http://lists.w3.org/Archives/Member/tag/2006Oct/0011.html ) 16:18:21 topic: metadataInURI-31 16:18:38 VQ: We've approved publication, but there have been recent comments 16:19:23 NM: We decided in June to publish subject to ER review. He said "Go ahead", but raised an issue wrt file extensions, DC agreed 16:19:32 New draft of metadata in URI: http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061001.html 16:19:44 New section is main change: http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061001.html#malicious 16:20:07 ... Added new section, URI above, plus small changes per input from Stuart 16:20:31 ... There's been some feedback, both pos. and neg 16:20:40 (+1 license to fix that email address without discussion) 16:20:51 ... ER is now happy, there are some editorial fixes I'll do w/o discussion 16:21:44 ... The most substantive issue is whether we have the new section at all -- Mark Baker says the old version said the truth, now we've got this extra bit 16:21:44 q+ 16:21:52 q+ to suggest switching to saving foo.jpeg 16:22:44 TBL: This is not the story I would have picked, it's backwards from the classic pblm case 16:23:21 (tbl makes my point exactly. it's the mangling of metadata when you save it that is the classic case.) 16:23:29 ack timbl 16:24:29 ack DanC 16:24:29 DanC_lap, you wanted to suggest switching to saving foo.jpeg 16:24:32 ... Content-Disposition: foo.jpg.exe, so even if image/jpg and URI is foo.jpg, the saved file has lost its mime type 16:24:48 q+ 16:24:53 Or, simpler, there's an image, user saves it w/o ever noticing its URI, which was .exe 16:27:07 TV, DC: Don't think the Content-Disposition thing actually happens 16:29:16 NM: ER raised this, I need to be sure this is the right example 16:29:46 ack Noah 16:29:48 ack norm 16:31:07 ack Norm 16:31:07 TBL: I think Ian Hixon has mime-type tests which explore this 16:31:26 (security considerations of MIME is a whole RFC http://www.faqs.org/rfcs/rfc2046.html ) 16:31:56 NDW: I think you've covered ER's case, not necessarily even .exe, just a disconnect between filename and media type 16:33:07 ... Consider just bigstar.foo, served as image/jpg, works in browser, but if saved to disk, won't work anymore. 16:33:20 DC: But it's the security case that really needs to be told 16:34:01 NM: So you want the 'saved as exe' case 16:34:04 DC: Yes 16:34:14 EdR has joined #tagmem 16:36:31 NM: What I'm hearing most is rewrite this the other way around 16:36:32 ... that is, served as image/jpg, saved as .exe 16:38:42 dorchard has joined #tagmem 16:39:46 VQ: Three options: remove, keep, rewrite 16:40:03 HST: I have a slight preference to _adding_ the new story 16:41:14 NM: I'm a bit concerned that the bug in the new story is the mime type, so it's not a metadata-in-uri issue at all 16:42:04 Ed, you should say that on the record rather than in /me 16:42:06 q+ to note our obligation to write up this exe/jpeg security issue was present in the authoritative metadata finding too, and to see what we did in that case 16:42:29 TVR: TBL summarised it well: At the browser level, you're trusting the mime type, but once saved, the OS is trusing the metadata, and the conflict can get you in trouble 16:42:38 ok, for the record.. I'd rather keep the section because I think its an important addition. 16:42:50 ack DanC 16:42:50 DanC_lap, you wanted to note our obligation to write up this exe/jpeg security issue was present in the authoritative metadata finding too, and to see what we did in that case 16:42:54 DC: I think we already wrote this up -- see section 4.4 of Authoritative Metadata 16:43:38 See also: 16:43:41 http://www.w3.org/2001/tag/doc/mime-respect-20060412#consent 16:44:17 HST: So we could leave the section as it is, and add a cross-reference to the AM 4.4 story 16:44:57 NM: But MB has trouble with the example as written 16:45:10 http://ln.hixie.ch/?start=1154950069&count=1 "However, it seems that these real world concerns are not a factor in the TAG's findings, since the day after I posted the aforementioned blog post, they published a document describing how browsers must always follow Content-Type headers, how specifications must never require browsers to ignore such headers, and how authors must all go and correct their mis-configured servers. (I only recently became aware of this d 16:45:20 DC: Just octet-stream doesn't get it run 16:45:30 ... that depends on the extentsion 16:45:39 s/extentsion/extension/ 16:46:45 See http://www.hixie.ch/tests/adhoc/http/content-type/ 16:48:29 I am happy hat Safari donloads http://www.hixie.ch/tests/adhoc/http/content-type/007.dmg.gz which has as 007/dmg.gz.txt 16:48:40 as it has content type text/plain 16:49:19 Tim, link 1 in your test page http://www.hixie.ch/tests/adhoc/http/content-type/001.txt runs in IE. Good example. 16:53:19 this is what I see.. 16:53:20 This is NOT a text file. You should have been told it was an application/x-hixie-test file. If you were offered this file as if it was a text file, or if you were told the MIME type was text/plain, then this test has FAILED. 16:53:54 q+ 16:56:45 [The group experiments with several of the Hixie tests and various browsers, but w/o hitting any security issues] 16:56:56 q- 16:57:45 NM: So it looks like what I wrote is just wrong -- application/octet-stream is not sufficient to cause a browser to try to run anything 16:58:28 ... So what I think I should do is xref AM 17:00:01 The issue in my mind is can the user trust what he sees in his email/web page. If he sees .png is a a .png file or something else. 17:00:04 TBL: Conclusion is that the browsers should stick to WebArch, and that we should give a thumbs-up to saving with filenames consistent with actual metadata, i.e. mime type, as safari does 17:02:44 +1 s/identity/URI/g 17:02:51 TBL, HST: The word 'identity' is used for what is just its name 17:03:31 ... this should be fixed where it needs to be 17:04:27 NM: So this all nets out -- remove current new chapter, add new chapter about a) misleading users, b) encourages preserving definitive media type information in OS-specific ways 17:05:07 (indeed, I concur with the advice as NM played it back.) 17:05:52 NM: Also xref AM 4.4 17:06:54 See GPN http://www.w3.org/2001/tag/doc/metaDataInURI-31-20061001.html#guessing 17:07:46 NM: I'd like to kill this, the text above it tells the full story OK 17:08:21 DO: I sort of like this 17:08:45 NM: It's tautological -- it says don't do risky things unless you are prepared to take the risk 17:10:23 q+ to suggest: constraint: Parties that guess information from the URI beyond standards and stated policies accept the risks for any resulting failures. 17:10:35 HST: No it's not, it conveys the risk which may not otherwise have been understood 17:10:39 ack danc 17:10:39 DanC_lap, you wanted to suggest: constraint: Parties that guess information from the URI beyond standards and stated policies accept the risks for any resulting failures. 17:11:55 Suggest Dan's text as GPN. 17:12:53 [General argument about whether DC's text can be a constraint -- we can't tell people what they must take responsiblity for] 17:13:16 TBL: I think there are problems going in that direction 17:13:30 DO: I find it readable and helpful 17:13:38 NM: I'm inclined to drop it 17:14:01 DC: I can't live with keeping it 17:14:02 [we can tell people what they are responsible for.] 17:15:42 HST: "Don't get cheesed of if guessing doesn't work" 17:15:53 DC: That's not a Good Practice 17:16:02 HST: True -- it's not a Constraint either 17:16:16 DO, HST: Can live without it 17:16:35 DO: But I'm sorry to lose a GPN here altogether 17:17:14 Guessing information from URIs can be a valuable way of exploring the Web, but it brings the risk that .... 17:17:25 Resolved: Remove the GPN at the end of section 2.2 in its in current form 17:18:10 NM: Pull back from claiming this is out the door, but we should focus feedback on changes, not untouched stuff 17:18:20 ... Will try to have a new draft in two weeks 17:19:24 Ed and DanC to review it 17:19:44 so Noah, if you get it out on Weds or Thu before a Tuesday telcon, that's optimal for me. 17:19:44 VQ: End of this topic, short break 17:38:58 topic: GenericResouces-53 17:39:17 http://www.w3.org/2001/tag/doc/alternatives-discovery.html 17:39:44 +1 ship it http://www.w3.org/2001/tag/doc/alternatives-discovery.html Oct 2, 2006 11:24:06 AM 17:39:46 VQ: We agreed that once the figure was added, we could publish, and the figure has been added 17:40:51 ... Are we ready to go? 17:41:49 TVR: Stuart raised some questions wrt representation vs. resource -- I think it's OK as is. . . 17:43:13 q+ to raise a few points 17:44:00 VQ: Not sure about the dotted lines -- they appear to connect only the corners, but they're supposed to start at the middle and go out 17:44:25 TVR: No, they are there to show that links don't have to go through the generic 17:44:32 ack ht 17:44:32 ht_vancouver, you wanted to raise a few points 17:44:37 2.1.1 -- Make sure "http://example.com/ubiquity/resource" is identified as the "canonical URI". 17:45:16 3 -- "Contrast these findings with the metadata in URIs and state 17:45:16 finding which each enumerate use cases where it is advisable not to 17:45:16 encapsulate user context in URIs." I find this opaque at best, not 17:45:16 well-prepared, no actual references. . . 17:45:16 TV: ok, I'll change canonical URI to generic resource there. good point, HT 17:46:55 TVR: This was added after the June meeting, to deal with TBL's example of bank accounts 17:46:57 q+ 17:47:14 ... I'll improve that 17:47:19 ... and add real references 17:47:22 (hmm.. this is the 2nd case of overlap between findings today... makes me think we're starting to turn the corner between where separate findings are more efficient and where a composite volume is better.) 17:47:41 ack timbl 17:48:35 TBL: Abstract -- add representations using different content type and different versions 17:49:54 ... Intro -- 3 goals, what happened to ensuring the specific resources are not individually indexed? 17:51:13 HST: That means there needs to be a way to get reliably from the specific to the generic, _knowing_ it's generic 17:51:57 TBL: So you need to have the metadata 17:52:20 HST: Including the specific info that _this_ link is the one to follow to get to the generic resource 17:52:42 TVR: So, should we recommend role='generic', or some such? 17:53:20 TBL: Yes, but that's weak -- I'm worried we'll end up with a mixture of different ways of doing things 17:53:57 TVR: How do we go about owning role='generic'? 17:54:02 (timbl's ontology http://www.w3.org/DesignIssues/Generic ) 17:54:22 DC: Use appropriate GRDDL pointer at the top 17:54:34 ... StandardFieldValues-51 17:54:59 ... Use, and say see also SFV-51 17:56:17 TBL: I should be able to bookmark the japanese version 17:56:24 HST: Sure, but Google shouldn't index it 17:56:56 (timbl's ontology suffers from http://esw.w3.org/topic/HasPropertyOf . I think timbl would agree it should use http://esw.w3.org/topic/RoleNoun ) 17:57:11 TVR: There's a bug wrt pagerank here 17:57:38 TBL: So clearly the metadata would help, but it needs to be consistently interpretable. . . 17:58:50 TVR: So do I write rel='generic' or not? 17:58:57 DC suggests that anything about rel="generic" should note issue http://www.w3.org/2001/tag/issues.html#standardizedFieldValues-51 in the same breath. 17:59:05 http://www.w3.org/DesignIssues/Generic.html has an ontology 18:00:26 HST: We could just be brutally frank, and say that to solve the pagerank pblm, more work needs to be done, perhaps folk could try rel='generic' and if it works, standardise it 18:00:40 ... rel='nofollow' is a precedent 18:00:58 DC: Not a great precedent, didn't go through channels 18:01:03 +1 the tom sawyer approach... sketch rel="generic", note issue 51, note "more work needs to be done, and a TAG finding isn't really the place. If you want to work on it, sign up here ___ ." 18:01:46 ack danc 18:02:21 TBL: not just rel='generic', but rel='lang-specific' and . . . 18:02:27 in timbl's ontology http://www.w3.org/DesignIssues/Generic , the terms are u:isLanguageSpecficVersionOf etc. 18:02:45 ... I produced an ontology with relations and classes 18:04:17 DC: I mean there should be an explicit reference to TBL's paper, URL above 18:05:03 dorchard has joined #tagmem 18:05:47 [re 3-place predicates, timbl has written that up too. http://www.w3.org/DesignIssues/InterpretationProperties ] 18:06:25 DC: We could point to it as is, or we could actually send TBL and DC off to work on this 18:06:55 TVR: I think we do people a disservice if we point to something we're not working on 18:07:49 HST: I'd prefer the opposite, that is, "Here's an example of the kind of thing we mean", more work still needed 18:08:43 DC: By "sign up here" I did mean something as explicit as a WBS form. . . 18:09:40 tvraman has joined #tagmem 18:10:12 HT: I think yes, there should be a 4th point about search. 18:10:16 TV: yes, OK. 18:10:21 HST: So I think you should add a goal, and add a section to address it 18:10:51 TBL: Example URI changes from /newspaper to /ubiquity -- should be consistent 18:11:20 ... Also, needs to end with / so conneg will work 18:11:35 ... and explain why it needs to be there 18:12:49 ... which is, so that the base URI for foo/index.html is foo/ 18:13:16 302 Found ... 10.3.3 http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.3 18:13:19 TBL: Is gloss for 302 correct -- should be 302 found 18:13:43 ... Why encourage redirection over conneg? 18:14:23 TVR: I originally only wanted to do one of these -- added the other as a result of www-tag feedback 18:14:45 TBL: They're not equivalent -- redirection is more expensive 18:15:18 TVR: So "redirection requires an extra roundtrip, and may have significant impact for mobile devices" 18:15:35 (I'm happy that timbl can read this sort of thing with fresh eyes. I can only see what I already know, most of the time.) 18:17:23 TBL: frozen in, in 2.1.1 bullet 4 18:17:39 ... Not bookmarked, just base URI, right? 18:17:52 TVR: So I agree this text is a bit misleading 18:18:45 TBL: The impact on resolving relative URIs certainly could be discussed 18:18:58 Noah has joined #tagmem 18:20:38 ... Once the specific content has been returned, the links within it may be fully-explicit, to save repeated redirects. 18:23:25 TBL: Channeling Stuart Williams, suggest replacing most/all uses of 'representation' with 'specific resource' 18:24:49 (I'm content with the fact that a representation, like everything else, is a resource, so it doesn't do too much harm to discuss URIs for representations.) 18:26:03 (though I'm happy that HT seems to be persuading TV that "specific resource" is better.) 18:26:39 HST, TBL, NM: To and fro wrt whether multiple URIs imply multiple resources 18:26:58 TVR: I guess I like the change, because it makes the contrast with generic resource better 18:27:33 TBL: The other reason is that it's media type variation which goes with different representations 18:29:02 NM: So do we add a separate story for media type? 18:29:04 (Noah, we haven't decided *anything* today. The chair hasn't put any questions. You can ask the editor what advice he's most likely to follow, but please don't speak as though we've decided anything.) 18:29:33 TVR: Not sure about how far I'm going with that, no 18:30:30 NM: I'm not clear it's the right message to send that there _should_ be three URIs, one generic, one for jpg and one for gif ? 18:30:47 ... Can't really be the same, since there's no metadata in them, so they can't crosslink 18:31:07 TBL: The header can link back 18:31:08 Link: rel=generic 18:31:13 Link: rel=meta 18:31:26 timbl, those are HTML headers, no? 18:32:01 fbow? 18:32:10 for better or worse 18:32:15 :) 18:32:16 w 18:32:22 imho 18:32:24 imo 18:33:33 ________________________________ 18:34:24 $ curl -I http://www.w3.org/Icons/w3c_home 18:34:24 HTTP/1.1 200 OK 18:34:24 Date: Wed, 04 Oct 2006 18:33:03 GMT 18:34:25 Server: Apache/1.3.37 (Unix) PHP/4.4.3 18:34:25 Content-Location: w3c_home.png 18:34:25 Vary: negotiate,accept 18:34:27 TCN: choice 18:34:29 P3P: policyref="http://www.w3.org/2001/05/P3P/p3p.xml" 18:34:31 Cache-Control: max-age=2592000 18:34:33 Expires: Fri, 03 Nov 2006 18:33:03 GMT 18:34:35 Last-Modified: Mon, 24 Jul 2006 14:58:33 GMT 18:34:37 ETag: "44c4e019;44c5b30b" 18:34:39 Accept-Ranges: bytes 18:34:41 Content-Length: 1936 18:34:43 Content-Type: image/png; qs=0.7 18:34:45 ______________________________ 18:36:32 DC, NM: Discussion of basic conneg example, around the question of whether the normal case requires at least three retrievable URIs, e.g. one for the undifferentiated image, one for each of png and jpg 18:37:15 TVR: Can't I negotiate for resolution, where synthesis on the fly is much more likely 18:38:41 NM: Back to the finding --- is media type on the same level as natural language, user agent, etc. ? 18:39:09 ... Extending the Good Practice to that axis is not straightforward 18:39:28 ... In particular because there is no place for metadata 18:39:43 DC: That's why it's a 'should', not a 'must' 18:40:14 DC: But yes, I think that's the advice, that's the best outcome 18:41:10 TBL: Yes, best if we could include Link rel='generic' in the response, plus more info about the overall graph of relations 18:41:50 NM: OK, I didn't understand WebArch to require the separate URIs for the gif and the png 18:42:08 DC: Not 'require', it's a 'should', not a 'must' 18:42:49 TBL: There is a difference, certainly -- language difference is out front, media type is behind the scenes 18:43:11 NDW: Being able to name the individual ones can be v. useful 18:44:31 DC: Can TBL look at TV's next set of edits until convergence? 18:44:40 TV: End of October before I get back to this 18:47:42 NM: I've sent editorial comments by email, for TV's use 18:47:49 Zakim, this is tag 18:47:49 sorry, DanC_lap, I do not see a conference named 'tag' in progress or scheduled at this time 18:48:27 VQ: TBL to review, then we'll put it on the agenda 18:49:06 TVR: Update Abstract, add item about search, address the rel='generic' question, deal with the media type issue as just discussed 18:49:54 VQ: Adjourned for lunch, PW in the clear after lunch, then most of the afternoon on Versioning 18:50:20 ... Most of morning tomorrow on that as well 18:52:29 adned = adjourned sine die 20:14:08 tvraman has joined #tagmem 20:19:17 Noah has joined #tagmem 20:23:17 Scribe: Dan Connolly 20:23:21 ScribeNick: DanC_lap 20:23:35 Topic: Issue passwordsInTheClear-52 20:23:49 -> http://www.w3.org/2001/tag/doc/passwordsInTheClear-52 draft 26 Sep 20:24:03 ER: so I was aiming for front-side-of-one-page... 20:24:43 ... I got some good feedback.. editorial stuff from DanC, SOAP stuff from Paul Cotton, ... 20:25:33 ... these edits are in a draft I have sent to VQ... 20:25:45 VQ: shall I commit that rev? 20:26:09 (edits Ed has made recently are not in v 1.01 2006/09/26 19:23:58 ) 20:26:40 Ed: so is it way too small? 20:26:48 q+ 20:26:49 HT: size is good. 20:27:14 DC: yeah. 20:27:52 HT: I sent some editorial stuff... but on the border between editorial and substantive... the yankee group claim seemed a little out of place. 20:28:13 Latest version of Ed's draft: http://www.w3.org/2001/tag/doc/passwordsInTheClear-52.html 20:28:17 timbl has joined #tagmem 20:28:23 timbl_ has joined #tagmem 20:28:55 HT: on "there are now many authorities for private key"... I think "for certificates" is what we mean... 20:29:16 q+ 20:30:43 dorchard has joined #tagmem 20:31:17 I'd prefer to see, if anything, "A variety of commercial and non-commercial systems are available for administering security credentials such as public key certificates. References are available on the Web." 20:32:03 TBL: re verisign... (a) I don't want to endorse the existing centralized certificate infrastructure, and (b) it's not vendor neutral to mention one vendor without the others 20:33:09 q? 20:33:19 noah 20:33:44 Current: 20:33:45 Therefore its imperative that any corporation who wishes to safeguard its customers data 20:34:02 Proposed: Therefore its imperative that any organization that wishes to safeguard its data 20:34:15 Proposed: Therefore it's imperative that any organization that wishes to safeguard its data 20:34:17 v 1.01 2006/10/04 12:23:58 http://www.w3.org/2001/tag/doc/passwordsInTheClear-52.html 20:34:26 ack noah 20:35:12 NM: re "corporations", I think any organization is relevant, not just corportations 20:36:43 NM: also, re "A password MUST NOT be transmitted in clear text.", how about "over the public Internet" or something. 20:36:59 q+ to ask that we swap in the IETF docs on this 20:37:20 q+ to support not watering down the advice 20:39:10 ack timbl 20:39:10 ack timbl 20:39:40 TBL: re "The password is available in browsing history." really? how? 20:40:15 Ed: if it's visible in a form, and you go back, you'll see it again. 20:40:33 Current: The password is available in browsing history. 20:40:56 Proposed: Passwords entered into forms are sometimes retained in the browsing history. 20:41:44 TBL: what does that have to do with passwords over the wire? 20:41:57 Ed: ah.. yes... should be moved to the section on password display 20:42:26 TBL: the good practice note... who is it aimed at? I suggest server administrators, and browsers. 20:42:46 +1 20:43:17 TBL: browsers should refuse to send passwords in the clear. so that's 2 good practice notes 20:43:26 DO: you don't mean server software designers? 20:43:35 TBL: no, I mean the publisher, the site administrator 20:45:11 q+ to note "SSL is a protocol developed for trasmitting private documents" is off by a bit. 20:48:26 TBL: you can avoid passwords in the clear without using the certificate hierarchy 20:49:31 TV: right; contrast SSL with SSH. SSH works without a hierarchy 20:49:33 q+ 20:49:45 acl DanC 20:49:51 ack DanC 20:49:51 DanC_lap, you wanted to ask that we swap in the IETF docs on this and to note "SSL is a protocol developed for trasmitting private documents" is off by a bit. and to 20:51:04 http://ietfreport.isoc.org/all-ids/draft-iab-auth-mech-05.txt 20:51:44 (the IETF doc I remember is older than draft-iab-auth-mech-05 ) 20:52:55 RFC3552, particularly section 4.1? 20:53:14 ftp://ftp.rfc-editor.org/in-notes/rfc3365.txt Strong Security Requirements for Internet Engineering Task Force Standard Protocols 20:53:50 http://www.ietf.org/rfc/rfc3552.txt 20:54:28 ack dorchard 20:54:28 dorchard, you wanted to support not watering down the advice 20:54:52 TV: the finding should perhaps talk about TSL in addition to or instead of SSL 20:55:36 DO: let's not water it down. keep the "MUST NOT do passwords in the clear" as is 20:57:18 Ed: so ... in sum... make SSL vendor stuff vendor neutral, [missed], separate "browsers should not...", look into SSL vs TSL... 20:57:50 ACTION Ed: revise "passwords in the clear" in light of Vancouver discussion. 20:58:03 Ed: I'm interested to turn this around tonight. 20:58:49 . 20:58:49 . 20:58:53 Topic: Issue XMLVersioning-41 20:59:17 VQ: new draft 29 Sep... 20:59:35 VQ: there's also a new WD from the XML Schema WG on versioning in XML Schema 1.1 21:01:24 DO: starting with the schema 1.1. versioning stuff... 21:01:43 -> http://www.w3.org/TR/2006/WD-xmlschema-guide2versioning-20060928/ Guide to Versioning XML Languages using XML Schema 1.1 21:02:00 DO: so this new WD in the Schema WG covers much of the same ground as part 2 of the TAG finding 21:03:01 TV: so the "acid" test... meta excercise... can you express the versioning story from XML Schema 1.0 to XML Schema 1.1 according to this guide? 21:03:21 NM: well, some of the changes are not in the markup but in the rules for [what matches what] 21:04:05 DO: let's look at the intro... "Weak wildcards - permits wildcards adjacent to optional elements" 21:04:12 ... these new mechanisms are worth note. 21:04:31 ... "2. Updated All Group - wildcards within All Group" "3. Negative wildcard - exclude specific namespaces and names" 21:05:10 q+ to ask about validating XHTML 1.0 documents against XHTML 1.1 schema. are there XML Schemas for XHTML? 21:05:15 ack 21:05:38 ack danc 21:05:38 DanC_lap, you wanted to ask about validating XHTML 1.0 documents against XHTML 1.1 schema. are there XML Schemas for XHTML? 21:07:22 DanC: does the XHTML 1.1 schema match XHTML 1.0 documents? is it supposed to? 21:07:26 HT: I'm not sure. 21:09:50 NM: there are some different approaches... start with a tight schema and loosen it, or the other way around. Plus, you can add new validation modes. 21:12:23 HT: I have stepped back a bit from this design, because the main use cases don't look so much like validation to me, but type assignment, i.e. databinding. 21:15:02 TBL: [... schemas and namespaces... scribe followed it, but then it leaked out before he got it recorded. sigh.] 21:16:14 TBL: suppose I'm doing schemas for composing SVG with XHTML, and the XHTML schema is immutable, say, because that WG is defunct... 21:16:43 HT: the XHTML modularization spec has cookbook examples for how to add forign-namespace elements anywhere? 21:17:08 TBL: so what would I put in an RDF schema to composing it with XHTML? 21:17:52 HT: the XHTML modularization spec has extension points... a group with no members [or something involving choices]... 21:19:22 HT: then, to add RDF, I make a new driver that points to the old driver plus adds RDF 21:20:08 q+ to as HT about extension elements and various writings on it. 21:20:51 TBL: how about doing it without a driver? i.e. by allowing the RDF schema to say "this is one of the things that are allowed in the XHTML head"? 21:21:12 HT: no, XHTML modularization isn't set up that way, and I _think_ that's the right decision 21:21:14 q+ 21:22:16 NM: you can use lax/strict... but these look down, not up 21:25:15 [discussion of who controls which parts of the schema that the scribe is too interested in to record...] 21:25:27 q+ to note http://www.w3.org/XML/2000/04schema-hacking/ 21:27:22 TBL: the XHTML schema could have types like: context free data, block, string/span 21:28:23 HT: so yes, you are talking about CDF... classes of semantic impact... yes, not unreasonable. 21:29:54 TV: yes, we [DSR and TV?] tried to make [this?] a completely extensible language... but we didn't manage to get a critical mass of support 21:30:28 s/[this?]/MathML 21:31:03 http://www.w3.org/XML/2000/04schema-hacking/ 21:33:59 DC: I convinced myself XML Schema met the composability requirements timbl is laying out back in 2000/04. So I gather that yes, CDF is chartered to do that, but unfortunately we didn't design XHTML modularization that way. 21:34:28 TBL: yes, substitution groups; that sounds like what i'm after all. 21:38:24 q? 21:38:31 You want NVDL 21:39:36 TBL: so this what I'd like the W3C validator to do: parse it, (fix XML WF-ness), check the schemas, and report what your document has, e.g.: XHTML, SVG, and department of health diagramming component 12 22:18:10 . 22:18:10 . 22:18:10 . 22:18:19 ack dorchard 22:18:19 dorchard, you wanted to as HT about extension elements and various writings on it. 22:20:08 DO: on part I... 22:20:31 ... I worked on the terminology section... I worked over input from Mark D., ... 22:20:49 ... most of the changes are in the terminology sections... I worked over a bunch of stuff from Noah... 22:21:17 ... e.g. "text" vs "document" ... 22:22:12 Noah has joined #tagmem 22:22:35 I note that the version of the versioning finding linked from the findings page is the old version. See: http://www.w3.org/2001/tag/doc/versioning.html 22:23:09 The version that's named dangerously similarly http://www.w3.org/2001/tag/doc/versioning (note the clever omission of the .html) is up to date. 22:23:32 I believe the correct version in date space is: http://www.w3.org/2001/tag/doc/versioning-20060929.html 22:23:52 DO fixes ACL on http://www.w3.org/2001/tag/doc/ext-vers-generic-uml-v5.png ... 22:24:40 DO: note arrows from Language to Syntax, to [... missed] 22:25:25