See also: IRC log
<Stuart> Scribe: Jonathan Rees
<Norm> scribenick: norm
<Stuart> scribe: Norm Walsh
Agenda accepted.
Stuart: Propose we accept the minutes from last week's meeting
Accepted.
Next meeting: 16 Oct
For next week, regrets from Norm, Tim, Ashok
Dave agrees to scribe 16 Oct
Stuart: Thanks to all for
bringing them together.
... Propose we accept those as a record of our f2f meeting in
October
No objections, no abstentions.
<Ashok> http://cgi.w3.org/member-bin/irc/irc.cgi
Accepted.
Stuart: We should announce them, I'll do that.
Stuart: Norm was to review this and see if it was something we needed to take a look at.
<dorchard> Ah, and now via cgi
Norm: Dan moved it to be due next week, I'll endeavor to review it before then
Stuart: Dave, can you bring us up to date?
<DanC> I find TAG Finding passwordsInTheClear-52, October 08 2008
<DaveO> http://www.w3.org/2001/tag/doc/passwordsInTheClear-52
http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20080925
<DanC> this works for me: http://www.w3.org/2001/tag/doc/passwordsInTheClear-52
<DaveO> http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20081008.html
Dave: I made two major changes.
The first in section 2.
... Changed the good practice to read "Clear text passwords are
a serious security risk. Transmit passwords in the clear only
in interactions that do not need to be secure and do not lead
to the new vulnerabilities in other interactions."
... I added two sentences to the following paragraph to warn
against reusing passwords that are sent in the clear.
... The other thing I did was in 2.1.1
... I added a reference to the background on digest
authentication and salted hashes.
Stuart: Are there any TAG members who have re-read it recently and have comments?
Dan: Mostly I've been looking at
the first good practice note.
... But I've got no comments.
Ashok: Stuart, there were a couple of emails about this. One said that you should never transmit passwords in the clear.
Dan: None of the messages suggest improvements; you can't please everyone.
<Zakim> ht, you wanted to say "do it"
Henry: I think the GPNs now read in a good, escalating sequence. I find the second one slightly awkward after the comma, but I can live with it. I think we should take this forward.
Raman: I think it's time we published it. We aren't going to get any new insights from this. Mostly we've been wordsmithing.
Ashok: I agree.
Jonathan: So do I
Norm: I'm happy with it.
Dave: So we're going to publish this as an approved finding?
Henry: Yes
Dave: I've already fixed the small editorial issues.
<DanC> 1.26 Wed Oct 8 21:15:45 2008 UTC
Henry: It's not valid HTML.
<DanC> (I'd rather not use so much screenspace for previous versions.)
(Yes, the last three or so would be fine by me)
Stuart: I propose that the TAG publishes this as an approved finding, with some latitude to the editor to make the HTML valid and clean up the boilerplate.
Dave: I second.
<DanC> (pls get any changes confirmed by another set of eyeballs from 1.26 on)
Stuart: Objections?
... None.
<ht> There are also broken links -- see http://validator.w3.org/checklink?url=http://www.w3.org/2001/tag/doc/passwordsInTheClear-52-20081008
Stuart: Abstentions?
... None.
RESOLUTION: We will publish this as an approved finding.
Stuart: Henry has finished
ACTION-93, which leaves us with 176 and 177 on Noah, Dave, and
Stuart.
... There are more WDs out there, do we need to discuss
them?
Henry: There's been no reply to my message of last Thursday, I'll ping them again.
Stuart: No one has substantive discussion for this week? We can move on then.
Stuart: Meeting with other WGs. I
followed up with the HTML WG chair. I also saw on the TAG
mailing list, Raman forwarded some extract of an HTML WG
minutes that suggest that there may be some misunderstanding
there.
... I'm wondering if we need to clarify.
Raman: I think that would be useful. I think we should keep it focussed on making the spec more managable.
Henry: With respect, I think we need to cover both topics. We don't have to argue to get the other one in there because their initial response was to say taht we should look at the URI issue.
Raman: The demarkation issue is
different, I meant more about modularization wrt other W3C
specs, namespaces, etc.
... I don't want that to fall into the namespaces discussion
and get lost.
Stuart: I think they just don't know what we meant by "modularization of the spec".
Henry: I think we should clarify that.
Stuart: So I should send some
clarifaction to Mike and Chris saying that we've observed their
minutes and make it clear what our concerns are.
... With respect to the plenary day panel session, you all know
just as much as I do from the email.
... I think, at least from Noah's email, there was at least a
tentative suggestion that TAG participation in that panel would
amount to maybe Tim plus two other tag members.
... Noah indicated a willingness to participate, though he
wanted the TAG to make the choice.
... Do we have an guidance that we'd like to give Chris and
Noah about the session itself and also who would staff the
panel with?
Norm: Who all is going?
Stuart: Regrets from Stuart,
Jonathan, Henry, and Dave for Wednesday.
... Stuart, Jonathan, and Dave will be absent the whole
week.
Norm: I'm certainly willing to.
Stuart: Raman, Dan, Norm, Noah are going to be there.
Dan: I'm willing, but I don't think my perspective is different from Tim's.
Raman: I don't feel enough ownership of the WebArch document, so I'd rather not participate.
<Zakim> ht, you wanted to nominate Noah and Norm
Henry: It's clear how this is going: let's have Tim, Noah, and Norm
Stuart: Proposal: Tim, Noah, and Norm to participate in the panel
Raman: I think that's a good idea.
Accepted.
Ashok: Before we move on...
... We've gotten lots of mail about what meetings we're
supposed to participate in. What are they?
Stuart: There are only two, you
might have seen more mail, but there are only two at the
moment.
... Meeting with the Web Applications WG from 2-3p on
Monday
... And a meeting with the HTML WG between the morning break
and lunchtime on Thursday.
... There was a standing invitation from the WAI WG, but they
weren't specifically saying they have things they want to talk
about.
<Stuart> http://www.w3.org/2001/tag/group/track/actions/overdue
Stuart: There are a bunch of
overdue items, let's see if we can each clean them up.
... Either update the dates, request to have it withdrawn, or
note that it has been finished but that the action remains
incorrectly open.
<Stuart> http://www.w3.org/2001/tag/group/track/
<jar> I pushed ACTION-178 way out... it's going to take some work. I hope to get to it much sooner than the given date
<DanC> action-152?
<trackbot> ACTION-152 -- Jonathan Rees to review overlap between the HCLSI URI note and HT's w.r.t. contribution to TAG finding on UrnsAndRegistries -- due 2008-05-27 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/152
<DanC> close action-152
<trackbot> ACTION-152 Review overlap between the HCLSI URI note and HT's w.r.t. contribution to TAG finding on UrnsAndRegistries closed
Henry: Jonathan is helping out, but I'm happy to have that one closed.
action-142?
<trackbot> ACTION-142 -- Norman Walsh to review Raman's draft of webApplicationState-60 -- due 2008-06-04 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/142
Norm: Ok, I guess that one still stands.
action-146?
<trackbot> ACTION-146 -- Norman Walsh to review 2008-05-13 versioning draft -- due 2008-05-26 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/146
close action-146
<trackbot> ACTION-146 Review 2008-05-13 versioning draft closed
<DanC> action-175?
<trackbot> ACTION-175 -- Stuart Williams to collect input from TimBL and others and revise issue description -- due 2008-09-30 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/175
Stuart: We have an email thread
and I meant to confirm with the TAG that they're happy with the
change.
... I got a looks good to me response from Drummond Reese which
would basically end it.
<jar> Pushed ACTION-181 out 2 weeks... need to find out what I need from Dave O (sources, use case, etc.)
<jar> http://www.w3.org/2001/tag/group/track/actions/184 is relevant and truly overdue.
<DanC> (Dave, you have 6 actions related to XMLVersioning-41 ; wanna guestimate due dates?)
<DanC> action-133?
<trackbot> ACTION-133 -- David Orchard to ask raman what he thinks should be done wrt css versioning -- due 2008-04-17 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/133
<DanC> close action-133
<trackbot> ACTION-133 Ask raman what he thinks should be done wrt css versioning closed
<DanC> close action-159
<trackbot> ACTION-159 Update compatibility strategies document in response to f2f discussion closed
<DanC> action-182 due 23 Oct 2008
<trackbot> ACTION-182 Provide example for jar to work into the formalism due date now 23 Oct 2008
<DanC> DO: NVDL is now out of scope
<DanC> close action-16
<trackbot> ACTION-16 Incorporate the NVDL text into the findings. closed
<DanC> action-165 due 30 Oct 2008
<trackbot> ACTION-165 Formulate erratum text on versioning for the web architecture document due date now 30 Oct 2008
The TAG discussed and rearranged a variety of open actions
Dave: There's some web services work I'd like to discuss.
Raman: I think we're short
changing ourselves if we wait to hear about the panel.
... The browser and HTML groups are questioning a lot of that
document. Chris is trying to face this issue head on.
... I think Chris is trying to get that out in the open and to
note that it isn't cast in stone, we should be able to keep it
relevant.
... Let me play the cynics roll. If I say the WebArch document
is irrelevant, which parts would you defend?
... We need to go in with a good idea of what we think is still
true and which parts we think we'd bend on.
Dan: I gave a talk recently about interaction and the Google web cache.
Raman: Don't use GET when you are
sending data that's going to change. I think that's pretty
solid, but then you get to the edges.
... In some sense, if there are six people on the panel, let's
say that there are two sides, though I don't like to think of
it in those terms.
... I don't think an hour long panel will change the minds of
one side or the other. It's a means of getting everyone
understand what the issues are.
... What are the clear foundations, what may have been
missunderstood, and what is just wrong.
Norm: Good suggestions.
Dan: The things that have been
questions are error handling, versioning, mime types/content
sniffing, namespaces
... We've acknowledged that we have more or different things to
say about versioning.
... I'd like to have better error handling, I'd like to be able
to have a mode that shows me errors.
... But probably when you're browsing someone elses site...but
I dunno, it's still risky.
<DanC> (text in the REC is "Agents that recover from error by making a choice without the user's consent are not acting on the user's behalf." -- http://www.w3.org/TR/webarch/#error-handling )
Raman: Error handling has two
layers: error hadnling in the face of any implementation
breaking any spec whatever, then there's error recovery wrt
HTML/tagsoup.
... The third piece which always gets folded in is, if you have
a spec, it always happens that there are gaps. There's error
recovery in terms of how do you come out of that.
... Then there's error recovery in the face of someone
blatently violating a spec.
In the last case, I think there should be a mode to show errors because otherwise, bad money will drive out good.
Raman: Further down in the spec,
the stuff about following your nose to understand documents,
doesn't really work so I think we'd get lots of pushback on
that.
... I can show you an example of how broken this is by pointing
to the top level RSS feed at the BBC.
<raman> on http://www.bbc.co.uk/radio/ see rss link:
<raman> http://www.bbc.co.uk/radio/i/index.xml
<raman> classic example of an attempt sematnic web technology --- rdf:seq is empty
Stuart: Identify with URIs is germain to Dave's question about web services.
Raman: I don't think web services is going to come up on the panel.
Dan: Most of the arguments about follow-your-nose are that you don't need it to get your job done, but this isn't getting anyone's job done.
Raman: What I'm saying is that folks who see this say look at all this crud that didn't work, what works are visible hypertext links, so that's all we need.
Apparently it's a distinction between pages served to UK readers and readers in the rest of the world.
Raman: It's really bad
advertising for this technology, it's about 4k that doesn't say
anything.
... Some of these things are important and we should try to get
the audience to leave with that impression.
... So how are we going to decide which things are in which
buckets?
<scribe> ACTION: Norm to review the GPNs and try to put them in the buckets on an email thread. [recorded in http://www.w3.org/2008/10/09-tagmem-minutes.html#action01]
<trackbot> Sorry, couldn't find user - Norm
<scribe> ACTION: Norman to review the GPNs and try to put them in the buckets on an email thread. [recorded in http://www.w3.org/2008/10/09-tagmem-minutes.html#action02]
<trackbot> Created ACTION-185 - Review the GPNs and try to put them in the buckets on an email thread. [on Norman Walsh - due 2008-10-16].
<raman> need to leave
Stuart: We have a few minutes left, Dave you posted a weblog page.
Dave: Right, I think we needed to
say something about the charters.
... So how well do the web services specs, both those proposed
and written, integrate into the WebArch
... I think we've failed to integrate the web services
architecture into Web Architecture.
... So if they're not part of the web architecture, and the TAG
is about web architecture, then how is the TAG relevant to
them?
... The results are pretty stark.
... It seems to me that the TAG could say that it's fine work
but that the TAG does not anticipate that it will be reviewing
any of it because it's not about web architecture. We're not
going to review or endorse it.
Ashok: Dave, what are you recommending? Are you recommending that we object to the working group?
Dave: That's not what I
said.
... If you've got work coming out of W3C that's got nothing to
do with web architecture, then the TAG should recuse
itself.
Ashok: That sounds disengenuous. The TAG is the technical architecture group, how can opt out?
Dave: The core part of that work isn't part of the web architecture. The membership can do it if it wants, but they should know that it's not.
Dan: Ashok asked how and the
answer is probably something in the charter and possibly in the
SOTD that says "this doesn't follow web architecture and we
don't expect it to".
... Yes.
Ashok: I don't.
Norm: I think it's a really good idea, if it's a separate architecture, we should be willing to say that we're not going to review it.
Stuart: I think that it needs to be made as a proposal for a position that the TAG should take and see if teh TAG will adopt that position.
<jar> scribenick: jar
Adjourned.
"Norm: will construct the HTML minutes, jar"
This is scribe.perl Revision: 1.133 of Date: 2008/01/18 18:48:51 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/Changed/Dave: Changed/ Succeeded: s/digetst/digest/ Succeeded: s/fixed/already fixed/ Succeeded: s/publishes as an/publishes this as an/ Succeeded: s/Noah/Noah, Dave,/ Found Scribe: Jonathan Rees Found ScribeNick: norm Found Scribe: Norm Walsh Found ScribeNick: jar Scribes: Jonathan Rees, Norm Walsh ScribeNicks: norm, jar Default Present: Stuart, Ht, Norm, DanC, Raman, Ashok_Malhotra, +1.604.709.aaaa, DaveO, Jonathan_Rees Present: Stuart Henry Norm Dan Raman Ashok Dave WARNING: Replacing previous Regrets list. (Old list: Tim_Berners-Lee, Noah_Mendelsohn) Use 'Regrets+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Regrets+ Tim, Noah Regrets: Tim Noah Agenda: http://www.w3.org/2001/tag/2008/10/09-agenda Got date from IRC log name: 09 Oct 2008 Guessing minutes URL: http://www.w3.org/2008/10/09-tagmem-minutes.html People with action items: norm norman[End of scribe.perl diagnostic output]