See also: IRC log
<trackbot-ng> Date: 06 February 2008
<anne> Zakim. who is om the phone?
<anne> Zakim. who is on the phone?
<anne> ArtB, k
<scribe> Scribe: Art
<scribe> ScribeNick: ArtB
AB: we will skip #2 and #3 since there were no comments on those agenda items
AB: Anne, what's the status?
AvK: pending some comments
... integrated in the ED now
AB: who are you waiting for comments from?
AvK: everyone i.e. no one in
particular
... Jonas had some comments
JS: not much we can do to tweak
this
... not sure we can do what Mark wants
... I think the current spec is as secure as it can be made
AvK: Google says its important as well as the REST guys
AB: does this proposal address the issues the REST guys made
AvK: yes, I think so
JS: but they haven't responded as such
DO: I found it hard to follow;
not sure how it all works together
... may be waiting for it to be integrated in the spec
AvK: I've also added examples to
the spec
... I think I've addressed their concerns
... If 10 posts, need to do 12 requests total and that's not
too bad
JS: would still like to get some more feedback from them
AvK: I agree explicit consent would be better
JS: there a couple of minor
details I still want to change but they aren't behavioral
... e.g. some stuff with the slashes
AvK: must start with a slash but doesn't have to end with one
JS: if I have the foo dir is /foo
or /foo/?
... not clear where to put the policy
... it would be good to get some more feedback on the URI
syntax
AvK: agree but that would be relatively easy to change
AB: agree we need more review and "explicit consent"; how do we get that?
DO: typically would publish a new WD
AvK: could you send an email to Mark, Tyler, and others?
DO: Stuart and I also raised related concerns
<MikeSmith> Tyler is Tyler Close
AvK: would like to get quick feedback
DO: the reqs seem to be settling but this is a big change thus a new WD seems like the right way to go
AvK: I suppose a new WD would be
OK but prefer a LC
... we could publish a WD and then in a few weeks go to LC
DO: I think the changes are too substantial to go directly to LC
AvK: there is a precedence to publish a FPWD and LC at the same time
AB: any objections to an immediate new WD?
AvK: don't want it to delay LC
AB: Mike, what is the Team's
position?
... on WD and LC?
MS: I think there have been too
many objections to this work item to publish this as an LC
under the current charter and its extension
... this isn't a final decision by the Team but that's where we
stand now
AvK: are these objections from the Team or Members? Where is the archive?
MS: some on the public archive; some based on internal discussions
AvK: I think we've addressed the issues raised
MS: there is a question about
whether this spec is within the group's charter
... The charter is a bit broad
... I think the group did this work in good faith
... If people didn't pay attention, that's not this group's
fault
... I don't think anyone tried to "sneak in this work"
<dorchard> I'm not sure what this means for the group publishing another Working Draft though...
TR: I don't have much to add to
what Mike said
... There should not be a LC going out under the current
charter
MS: that is true i.e. that's the Team's consensus
AvK: the Selectors spec in the
Web API WG was able to go to LC
... despite going out of charter
TR: I don't know the specifics of that case
JS: one reason this group started this work is because this mechanism is needed by XBL2
AB: I agree and have argued that
point
... Seems like the problem is that we are now in this "limbo"
state
<anne> http://www.w3.org/TR/selectors-api/ is the precedent I was talking about
MS: not clear how long it will
take for the new charter to get approved
... we have a combination of the "limbo" state but also not
clear where this is going to end up in the next charters
DO: we should be able to publish
a new WD, right?
... or is that not allowed?
AB: yes, what is the answer Mike?
MS: I can't make a decision now
AvK: when will you know?
TR: based on my recollection -
there will be no LC pub; I do not recall a decsion on the WD
question
... If the WG wants to publish a "normal" WD then the Team can
discuss this
AvK: we want not just a new WD but also a LC
DO: I think we should publish a WD and not a LC regardless of precedence
AvK: again, I'm OK with a WD now but then want a LC two weeks later
AB: perhaps we can consensus to publish a WD now and then ask the Team to consider us publishing a LC during the extension period
AvK: I think there is indeed a precedence for us to publish a LC during the extension period
AB: I propose we publish a new WD
ASAP
... any objections?
[none heard]
AB: any changes you want to make Anne?
AvK: just a few changes
DO: and I have a couple of quick changes I'd like to get in
MS: once we are ready, we should be able to get it published quickly
RESOLUTION: publish a new WD as soon as Anne is ready
DO: let's set a deadline for comments
AB: OK
AvK: let's set the target for next Tuesday
<scribe> ACTION: Mike determine the Team's position on us publishing a LC version during this extension period [recorded in http://www.w3.org/2008/02/06-waf-minutes.html#action01]
<trackbot-ng> Sorry, amibiguous username (more than one match) - Mike
<trackbot-ng> Try using a different identifier, such as family name or username (eg. mamend, mike)
<MikeSmith> ACTION: Michael(tm) to determine the Team's position on us publishing a LC version during this extension perioad [recorded in http://www.w3.org/2008/02/06-waf-minutes.html#action02]
<trackbot-ng> Created ACTION-167 - Determine the Team's position on us publishing a LC version during this extension perioad [on Michael(tm) Smith - due 2008-02-13].
<tlr> I have no good sense when charter review will happen.
AB: Mike, when do you expect the charter to go out for formal AC review?
MS: I will push this and hope to get it out next week
AB: ok, great
<tlr> MS: I will report back to the group when I have a clearer idea; can't do that today, though
<MikeSmith> tlr - thanks
AB: are there any gaps or holes
that need to be filled?
... the latest ED contains a lot of info to address this
issue
JS: we used to have a description
about what can currently be done regarding XSS but it was
removed
... would like to know why it was removed because it seems like
that info is relevant for the Security Model
AvK: I think we just changed the
Intro; it's bit more abstract now
... we still mention the Same Origin Policy
AB: Jonas, can you identify the text you'd like to get added?
JS: yes, I can submit something
<scribe> ACTION: Jonas submit an input that will result in closing Issue #21 [recorded in http://www.w3.org/2008/02/06-waf-minutes.html#action03]
<trackbot-ng> Created ACTION-168 - Submit an input that will result in closing Issue #21 [on Jonas Sicking - due 2008-02-13].
<MikeSmith> action-155?
<trackbot-ng> ACTION-155 -- Jonas Sicking to send a request for comments regarding the policy decision questions and issues -- due 2008-01-30 -- CLOSED
<trackbot-ng> http://www.w3.org/2005/06/tracker/waf/actions/155
<MikeSmith> issue-21?
<trackbot-ng> ISSUE-21 -- What is the Security Model for the access-control spec? -- RAISED
<trackbot-ng> http://www.w3.org/2005/06/tracker/waf/issues/21
AB: have a detailed discussion on
the mail list
... we've had inputs from Thomas, Tyler, Jonas and maybe
others
... Jonas:
http://lists.w3.org/Archives/Public/public-appformats/2008Feb/0007.html
... just want to discuss how to get consensus and keep the
technical discussion on the mail list
JS: need to have some policy enforcement in the client
AvK: I want to close
DO: I'm still concerned about
this issue
... we've been discussing this issue internally
... I'm not prepared to close it now
JS: but we need feedback on this issue
DO: I understand; it's been hard
to get the right people in BEA involved
... I've been talking to other people too; I'm active on it
JS: currently client PEP adds
complexity
... wonder if we have added to many features
... but I'll post my comments on the mail list
[ some discussion missing ... ]
<anne> sicking:
<anne> sicking, so dropping method whitelisting?
<sicking> anne, yes
AB: what should we do with this?
<anne> seems fine to me... less text :)
DO: I thought the Hixie and Anne proposal addressed it
AvK: yes I agree
DO: I think we should resolve it as closed
<scribe> ACTION: Orchard close issue #22 [recorded in http://www.w3.org/2008/02/06-waf-minutes.html#action04]
<trackbot-ng> Created ACTION-169 - Close issue #22 [on David Orchard - due 2008-02-13].
AB: do we want to have a call next week?
AvK: I'm fine either way
DO: hopefully we should have just published a WD and may not have much to talk about
AB: I tend to agree
AvK: what about two week?
AB: sounds good and hopefull Mike will have an answer from tthe Team regarding LC by then
JS: Mozilla is going to do a
security review next Tuesday
... it is open to the public and anyone can dial in
... I will post details to the mail list
AB: listen mode only OK?
JS: absolutely
MS: yes, two weeks should be enough time
AB: no call next week; next call
on Feb 20
... meeting adjourned
This is scribe.perl Revision: 1.133 of Date: 2008/01/18 18:48:51 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/no such sense/no good sense when charter review will happen/ Found Scribe: Art Found ScribeNick: ArtB Default Present: MikeSmith, ArtB, Dave_Orchard, Sicking, anne, Thomas, billyjack WARNING: Replacing previous Present list. (Old list: Art, Jonas, David, Mike, Anne, Thomas_(IRC)) Use 'Present+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Present+ Art, Anne, Mike, Jonas, David, Thomas Present: Art Anne Mike Jonas David Thomas Agenda: http://lists.w3.org/Archives/Public/public-appformats/2008Feb/0027.html Found Date: 06 Feb 2008 Guessing minutes URL: http://www.w3.org/2008/02/06-waf-minutes.html People with action items: jonas michael mike orchard tm[End of scribe.perl diagnostic output]