14:19:43 RRSAgent has joined #tagmem 14:19:43 logging to http://www.w3.org/2008/12/10-tagmem-irc 14:19:51 Zakim has joined #tagmem 14:19:53 DanC_lap has joined #tagmem 14:20:14 ht has joined #tagmem 14:20:38 RRSAgent, pointer? 14:20:38 See http://www.w3.org/2008/12/10-tagmem-irc#T14-20-38 14:20:41 Zakim, agenda? 14:20:41 I see nothing on the agenda 14:20:52 scribenick: noah 14:21:01 scribe: Noah Mendelsohn 14:21:24 meeting: W3C Technical Architecture Group Face to Face - 10 Dec 2008 (Morning) 14:21:31 date: 10 Decemeber 2008 (morning) 14:21:45 chair: Stuart Williams 14:21:46 http://lists.w3.org/Archives/Public/www-tag/2008Dec/0059.html 14:21:58 topic: URNsAndRegistries-50 14:22:21 agenda + placeholder 1 14:22:23 agenda + placeholder 2 14:22:24 agenda + placeholder 3 14:22:28 agenda + URNsAndRegistries-50 (ISSUE-50) 14:22:34 agenda -1 14:22:35 agenda -2 14:22:36 agenda -3 14:23:34 -> http://lists.w3.org/Archives/Public/www-tag/2008Dec/0059.html # Next steps (at the f2f, I hope) for URNsAndRegistries-50 Henry S. Thompson (Saturday, 6 December) 14:24:10 http://www.w3.org/2001/tag/doc/URNsAndRegistries-50.html 14:24:20 ht: We had an earlier draft, http://www.w3.org/2001/tag/doc/URNsAndRegistries-50.html 14:24:38 v 1.13 2006/08/17 19:23:58 dorchard Exp URNsAndRegistries-50.html 14:25:12 ht: In an email http://lists.w3.org/Archives/Public/www-tag/2008Dec/0059.html I announced a new approach embodied in new draft at: http://www.w3.org/2001/tag/doc/namingSchemes.html 14:25:30 ht: First, I tried to clarify the analysis of requirements. Are they complete? Comprehensible? 14:26:41 ht: Earlier document was perceived as not sufficiently helpful to intended audience. Consider for example Secretary of State of New Zealand who are considering the need for a new URN subscheme for their documents. Goal: those readers should recognize that this document is meant for them. 14:27:26 q+ to say yes, it speaks to, e.g., nz govt agency IT decision-makers, provided the legal terms (e.g. consortium) are readable worldwide 14:27:50 ht: Then I explore why doing this name assignment can be hard, and I think that's the interesting part of what I've written. 14:29:42 ht: Need to decide how to draw this to a conclusion, and what is it when it's finished? 14:30:20 ht: So far, we've been at this 3 years, and have produced two documents, both unfinished. So we need to decide where to go? 14:30:30 q+ to say the thesis of this document should be: naming is hard, and using http/dns well is hard, but http/dns meets the requirements [for naming grounded in administrative hierarchies] and is the best choice for now and the forseeable future (10 to 20 years, at least) 14:30:52 am: you mentioned an academic paper, are you going to write an academic paper? I'm concerned that this will be brief and skip details. What will it point to? 14:30:57 q? 14:31:00 ht: Yes, and perhaps that's inescapable. 14:31:00 ack danc 14:31:00 DanC_lap, you wanted to say yes, it speaks to, e.g., nz govt agency IT decision-makers, provided the legal terms (e.g. consortium) are readable worldwide and to say the thesis of 14:31:03 ... this document should be: naming is hard, and using http/dns well is hard, but http/dns meets the requirements [for naming grounded in administrative hierarchies] and is the 14:31:06 ... best choice for now and the forseeable future (10 to 20 years, at least) 14:31:44 dc: Regarding target audience (e.g. New Zealand Secretary of State). My feeling is yes mostly it works, but we need to watch a few terms like "consortium" which may or may not work for all. 14:32:15 (leasehold and freehold) 14:32:45 "But Domain Names are not really owned, only leased" 14:32:45 tbl: There is potential confusion over terms like "leasing", which may have different connotations. 14:33:26 dc: I don't want to stipulate that domain names can only be leased. Gandi claims to sell you ownership? 14:33:35 ht: How do they do it? 14:33:58 q? 14:34:18 tbl: Gandi could stay in business past ICANN, in principle. You haven't paid for perpetual care, but insurance companies could try to support that. 14:34:46 q+ to say the thesis of this document should be: naming is hard, and using http/dns well is hard, but http/dns meets the requirements [for naming grounded in administrative hierarchies] and is the best choice for now and the forseeable future (10 to 20 years, at least) 14:35:28 tbl: I have discussed the possibility of a Top Level Domain in which names would be owned, and backed by insurance, maintained in perpetuity. 14:35:48 ack danc 14:35:48 DanC_lap, you wanted to say the thesis of this document should be: naming is hard, and using http/dns well is hard, but http/dns meets the requirements [for naming grounded in 14:35:52 ... administrative hierarchies] and is the best choice for now and the forseeable future (10 to 20 years, at least) 14:35:57 q+ to make a few comments 14:36:37 dc: I think the theses should be: naming is hard; using http + DNS to meet the requirements can be hard; using http + DNS is the recommended approach; ??? 14:36:48 "In what follows we'll explore the requirements space and the solution space, and conclude that in a large number of cases both Dirk and Nadia are wrong, because http-scheme URIs provide the best available solution." 14:38:32 TBL: At the point where it says "So who's right?" I'm worried. You need to then say: "...or are they both wrong?" We need to avoid implication that one or the other is generally right. 14:38:59 q? 14:39:09 ack noah 14:39:09 noah, you wanted to make a few comments 14:39:11 DC: or offer a 3rd character that advocates http/dns 14:39:48 NM: I made a note on my copy... "isolate the highlights and put the rest in the appendix" ... 14:40:17 HT: ... section 2 is, fortunately, short ... 14:40:47 NM: under "identifyable", "in the scheme", the choice of 'scheme' conflates terms... 14:41:03 some brainstorming: system, strategy, ... 14:41:30 NM: one role of findings is to teach terminology, so... 14:41:36 HT: yes, I'll give it a think 14:42:16 NM: perhaps "distinguishable" rather than conflate 'identify' under "identifyable" 14:42:30 HST: perhaps "branded"? that's what I hear people use in conversation 14:42:52 NM: hmm... too much commercial overtone? [reads with "distinguishable"...] 14:44:00 NM: under "resource identification". risk of collision under centralized? counter-intuitive to me 14:44:30 q? 14:44:35 HST: suppose all the names share a domain name... 14:45:15 NM: suggest "if people do distributed allocation ..." 14:45:48 q? 14:46:50 JR: Many of the points, especially toward the end could use examples and/or elaboration. Presumably you're looking for validation from us that you're on the right overall path? 14:46:51 (serialized novels came up at dinner last night... wouldn't it be fun to do this that way? even a radio programme...) 14:46:55 HT: Yes, that's what I wanted. 14:48:25 AM: I thought the beginning read very well, then the end sort of Peter'd out. 14:48:37 HT: Yes, any suggestions welcome. 14:49:30 JR: I think this shows lingering signs of earlier defensiveness. Some of the audience includes people who will not approach this with negative preconceptions about our recommendations. 14:49:53 q? 14:50:02 q+ to say must convince skeptics 14:50:20 q+ to suggest tracing just one path thru the requirements, rather than all of them 14:50:27 HT: There is an editorial note in the margin on the screen. Do we need to make explicit. 14:52:26 ack noah 14:52:26 noah, you wanted to say must convince skeptics 14:52:30 q? 14:52:31 ack danc 14:52:32 DanC_lap, you wanted to suggest tracing just one path thru the requirements, rather than all of them 14:52:40 NM: Yes, target those who aren't expert in the nuances, but do the presentation carefully enough that even skeptics will find it convincing and careful as far as it goes. 14:52:48 DC: Are you doing all possible paths through requirements? 14:53:53 HT: No, and I think it's a mistake to try and do all combinations of requirements. Have to figure out what to do. 14:54:48 DC: You can at least do a specific solution for Dirk and Nadia 14:55:26 NM: You could have a section at the end briefly indicating some of the sorts of needs that are legitimate for some users, but that are beyond what's dealt with in this note. 14:55:36 TBL: We can see that solving this is a problem for Web science. 14:55:48 DC: I don't want to say that. In practice on the Web, this is a solved problem. We do name allocations. 14:56:01 TBL: Yes, but not always well enough. The challenge is to do it better. 14:57:22 HT: Yes, I remember Ray Denenberg standing up awhile ago and pointing out that from the point of view of people who do name allocations for, e.g. the US Library of Congress, some of the approaches we advocate in the TAG can seem naive at times. 14:58:27 Zakim, remind us in 10 minutes that ht said max 10 min 14:58:27 ok, DanC_lap 14:59:36 HT: Another issue that Noah raised with me privately: naming vs identifying 15:01:19 NM: I believe I've heard people claim the difference is interesting, and you say words to the effect of "the URI names X". Are we happy with that? 15:02:09 HT: Well, if we're going to be pedandic, it would probably have to be "denote", but I'd rather not go there. 15:02:18 s/HT/TBL/ 15:02:32 NM: Fine with me, I was just checking and trying to learn something. 15:03:38 q+ to mention a 'taxonomy' from Brian McBride: 15:03:50 q? 15:03:55 identifiers: 15:03:55 a = b => a and b denote the same thing 15:03:55 a <> b => a and b denote different things 15:03:55 names: 15:03:55 a = b => inconclusive 15:03:56 a <> b => a and b denote different things 15:03:57 JR: Well, I'm fine leaving things as they are, but if we were trying to be super careful, my preference would be to have the terms not be used interchangeably. 15:03:58 labels: 15:04:01 a = b => inconclusive 15:04:02 a <> b => inconclusive 15:04:28 TBL: We do commonly say things like "he can be identified by his email address", I.e. inverse functional properties. 15:04:42 no, stuart, identifiers can be synonyms too. 15:04:56 to wit, URIs 15:05:32 and names are, by design, not ambiguous in their intended scope 15:05:34 well... those are 3 labelled sets of properties that one could attribute to name like things - we could quibble about the lables 15:05:43 s/lables/labels 15:06:01 q? 15:06:08 ok, yes, you could introduce terms like that, but it seems better to stick with established terms: unambiguous, etc. 15:06:25 HT: Regarding the view that the terms are distinct: a question. Is it the case that either a) a given thing can't have more than one name or b) a given thing can't have more than one identifier. 15:06:28 JR: No to both. 15:06:51 HT: But both tend to have inverse functional properties within a given scope? 15:06:53 JR: Yes. 15:06:56 Well... in some environments they make the Unique Name Assumption. 15:08:12 TBL: You can imagine alternate approaches involving graphs of bnodes with typed links, but I think for our purposes the direction with explicit names/identifiers is a better way to look at it (scribe isn't 100% sure he got the nuance of what Tim said.) 15:08:15 (oops; that reminds me... SCUDs are in last call, and at a glance, they don't clearly meet requirements we requested of them. I think that's in the someday part of our agenda and should be on the dated part) 15:08:20 ack Stuart 15:08:20 Stuart, you wanted to mention a 'taxonomy' from Brian McBride: 15:08:27 DanC_lap, you asked to be reminded at this time that ht said max 10 min 15:08:34 HT: I think that not making the distinction is appropriate at least with respect to the use in the document. 15:09:34 SW: I was having a discussion with ??? that involved comparision semantics. Proposal: for identifiers, if two are the same they definitely denote the same thing; for names that's not true. For labels you can't say much at all. 15:09:59 s/???/Brian McBride/ 15:10:46 (oops; I missed that context... that the terminology came from a discussion with Brian, Stuart) 15:10:52 AM: Which one is unique? 15:11:00 SW: Identifiers 15:11:30 q? 15:11:36 NM: Well, in the sense that the same ID necessarily denotes the same thing; it seems unquestioned that a given object can be identified by more than one identifier. 15:11:49 (historical note: owl:FunctionalProperty and owl:InverseFunctionalProperty were called, in previous drafts, UniqueProperty and UnambiguousProperty) 15:13:52 JR: I've been working with Alan Ruttenberg on a case study that I think is interesting. Science commons focusses on communication, which means I needed things that people will share. Common practice in the community is {DatabaseID, RecordInDB} 15:14:04 NM: Are the DatabaseIDs globally scoped? 15:15:08 JR: Not necessarily, but in practice in this community, yes. There are a limited number (say 50) of these databases and people tend to agree on the names. 15:15:31 JR: This is at this point informal. They're called DBXrefs. 15:15:45 DC: Reminds me of how URIs came into existence. We had ftp, mailto, etc. 15:15:51 TBL: Well, URI schemes. 15:15:52 DC: Yes. 15:17:08 JR: We needed a URI-based solution, and we're getting a committee together, and we have acquired a domain name, and will be working together to decide the resolution semantics. The trick is to get real agreement and buyin. Have identified technical principles of 6 or 8 projects that put xrefs in their databases. 15:17:40 JR: The lesson is how hard this has been. 15:17:48 NM: What sort of problems are you hitting? 15:17:51 q+ 15:19:01 JR: Partly social: we need to get people to talk to each other and to believe that this is important. Trust can be an issue if you need to get people to actually get people to use these things. We're for the moment not incorporating. 15:19:03 q+ to ask about a relevant TLA 15:19:22 JR: We're trying to get a prototype done. 15:19:27 HT: Of what? 15:19:36 JR: Some of these URIs will resolve to 303s. 15:20:05 s/Some/Of a resolver. All/ 15:20:27 NM: Is it assumed that, if you recognized the URI, that you could avoid doing the dereference? 15:20:33 JR: Yes. 15:20:47 q? 15:20:49 http://neurocommons.org/page/Common_Naming_Project 15:20:51 HT: I would like to understand how what you've hit line up with what I've set out as Dirk and Nadia's requirements. 15:21:21 JR: Well, there's at least one that's questionnable. We required a particular kind of openness, I.e. that mirrors can be made of the metadata. 15:21:39 ack ashok 15:21:58 AM: These will link across databases? 15:22:24 HST notes that a lot of variation can be concealed behind the word 'mirror'. . . 15:22:27 JR: If they DB providers, who are organizationally separate from this effort, adopt this, then yes. But we have no expectation of that. This is really primarily for third parties to cite the database. 15:22:45 AM: If I have in a database, multiple records about a person, then... 15:23:04 JR: We're not talking of "about" yet; these things are, for the moment, just identifying "records". 15:23:37 HT: Are you using records in the narrow sense of "row in table", or do you mean in the colloquial higher level sense (a record of this mouse's kidney) 15:24:02 JR: We assume keys, but not a physical structure. 15:24:09 NM: An abstract dictionary? 15:24:13 JR: Yes. 15:24:22 AM: If I have the kidney record, how I do it. 15:24:55 JR: At a higher level. Either the publisher or a 3rd party can say these two records combine to form a mouse record. 15:26:09 HST: Wrt some collection of RDB tables, doesn't matter how many are involved wrt some particular entity, we assume the primary key in one of those tables is "the record identifier" in our sense 15:26:32 s/Wrt/I hear JR saying that wrt/ 15:27:08 NM: So, it's not specifically relational. There is a collection of databases. Each database is an abstract dictionary. If you give it a key, it will give you some data back. Not much is said about a) what the substructure of that data is or b) how these stores full of key-identified data are used for, e.g. storing resumes, mouse kidney records, etc. 15:28:34 ack ht 15:28:34 ht, you wanted to ask about a relevant TLA 15:32:04 HT: What's the significance, for our discussion, of DOIs? 15:32:44 JR: It's an existing non-URI naming system, that has been embedded in URI-space in at least two ways: info:doi and http://dx.doi.org 15:33:37 HT: I think Jonathan also said that naming schemes based on http to satisfy the needs is difficult, but doi shows that alternate approaches are not necessarily easier. The problems tend to pop up however you do it. 15:34:30 JR: So all the issues raised in the Dirk and Nadia doc't arise when a publisher moves an identifier out of pure DOI space into the http://dx.doi.org/... space 15:37:46 SW: Next steps? 15:37:56 action-33? 15:37:57 ACTION-33 -- Henry S. Thompson to revise URNsAndRegistries-50 finding in response to F2F discussion -- due 2008-12-13 -- PENDINGREVIEW 15:37:57 http://www.w3.org/2001/tag/group/track/actions/33 15:38:04 HT: I got some good advice, I would like to take this forward, and would like an action under which to do it. 15:38:11 action-121? 15:38:11 ACTION-121 -- Henry S. Thompson to hT to draft TAG input to review of draft ARK RFC -- due 2008-12-05 -- OPEN 15:38:11 http://www.w3.org/2001/tag/group/track/actions/121 15:38:24 SW: You have ACTION-33 and ACTION-121. 15:38:34 HT: Yes, I have to find the time to do the Ark work someday. 15:38:50 action-33 due 1 Feb 2009 15:38:50 ACTION-33 revise URNsAndRegistries-50 finding in response to F2F discussion due date now 1 Feb 2009 15:38:58 HT: OK, let's do it under ACTION-33. I.e. we'll interpret the term "finding" broadly. 15:39:29 DC: Is there a last call pending on the RFC? Is it an RFC? 15:40:10 HT: It's a draft. I think John is working on it when he can. 15:41:00 DC: So, not urgent, but we shouldn't drop it. 15:41:10 action-121 due 1 March 2009 15:41:10 ACTION-121 HT to draft TAG input to review of draft ARK RFC due date now 1 March 2009 15:41:13 HT: Ping around 1 March. 15:41:41 NM: Clarification, have we saided what is currently headed toward a finding at this point? 15:41:57 action-33? 15:41:58 ACTION-33 -- Henry S. Thompson to revise naming challenges story in response to Dec 2008 F2F discussion -- due 2009-02-01 -- PENDINGREVIEW 15:41:58 http://www.w3.org/2001/tag/group/track/actions/33 15:42:38 HT: The original charge was to make a document that would be a finding. First document stalled. This may get there someday, but not prejudging for now whether it will be labeled as finding. 15:42:55 break to 11:00 ET 15:42:58 FYI drafrt-kunze-ark-15 has expired https://datatracker.ietf.org/drafts/draft-kunze-ark/ 15:43:02 Stuart has joined #tagmem 16:05:54 Uniform access to metadata aka issue-57 16:06:06 HttpRedirections-57 16:06:42 issue-57? 16:06:42 ISSUE-57 -- The use of HTTP Redirection -- OPEN 16:06:42 http://www.w3.org/2001/tag/group/track/issues/57 16:06:52 topic: HttpRedirections-57 and Uniform Access to Metadata (ISSUE-57) 16:09:10 http://www.w3.org/2001/tag/doc/more-uniform-access.html 16:09:19 Discussing: http://www.w3.org/2001/tag/doc/more-uniform-access.html 16:09:23 Draft for discussion at TAG F2F (Dec 2008), 25 November 2008. 16:09:52 JR: The objective is, from the draft, to "Establish a uniform, generally applicable method for a user agent to obtain information about a resource, given a URI that names the resource. " 16:10:06 JR: So, we're looking for a follow your nose approach that works uniformly. 16:10:47 http://ashby.csail.mit.edu/tmp/get-descriptor-URI.pdf = graffle 16:11:11 timbl has joined #tagmem 16:11:46 (for the meeting record, Somebody Should mail a copy to www-archive; I'm not inspired just now) 16:13:21 issue-36? 16:13:21 ISSUE-36 -- Web site metadata improving on robots.txt, w3c/p3p and favicon etc. -- OPEN 16:13:21 http://www.w3.org/2001/tag/group/track/issues/36 16:14:20 JR: Discussing http://ashby.csail.mit.edu/tmp/get-descriptor-URI.pdf 16:14:48 JR: There is a proposal for a site meta-file. 16:15:15 (timbl's point obliges me to an action to confirm that the POWDER WG knows about this site-meta spec; ah... JR says the archer is in contact with mnot) 16:16:34 JR: The overall story from Mark, Eran, Phil and me is that you can get this metadata in any of a number of different ways. The choice may be application-dependent. Ways include site metatdata, which has it's own RFC, link header will have it's own RFC, and also link element. 16:16:42 (what's the discussion forum of choice for the /site-meta spec?) 16:16:44 AM: You'll get the same information in all cases? 16:16:48 JR: Probably a strong SHOULD. 16:16:59 q+ to as jar whether there is a way to state what realtion is applied in site-meta rules 16:17:09 q+ to ask what determines what way is used - server or client ? Is there a single result of this algo? 16:17:09 JR: Orientation is not so much getting you the metadata itself, but rather getting you a document that holds the metadata. 16:19:34 q? 16:20:31 q+ to ask to swap in an enumeration of the specific customers and their scenarios 16:20:43 q+ 16:21:15 ack me 16:21:15 Stuart, you wanted to as jar whether there is a way to state what realtion is applied in site-meta rules 16:21:40 SW: In that sample metafile, that's in the PDF, will you be able to know the relationship between the resources. 16:23:03 s/to know/to state/ 16:23:05 q 16:23:19 q+ to ask what's the discussion forum of choice for /site-meta 16:23:34 ack timb 16:23:34 timbl, you wanted to ask what determines what way is used - server or client ? Is there a single result of this algo? 16:23:36 JR: Yes, you should. It's implicit 16:23:36 16:23:37 http://example.org/{path} 16:23:37 http://example.org/{path},about 16:23:37 16:23:38 16:23:51 DC: It's one GRDDL transform away. 16:24:37 NM: Ah, so knowning meta/descriptor-uri-rule/from/...your URI template here... allows GRDDL to infer thing described by for all URIs matching the template. 16:24:59 TBL: Do you get the same information in all modes? 16:25:11 JR: Well, some people have access to write site metadata and some don't 16:25:16 DC: So, "no". 16:25:58 q+ to remind (?) us that there can be more than one 'describedby' target 16:27:57 tim described a protocol optimization that motivates invariants between the options 16:28:07 acn danc 16:28:11 ack next 16:28:12 DanC_lap, you wanted to ask to swap in an enumeration of the specific customers and their scenarios and to ask what's the discussion forum of choice for /site-meta 16:28:14 The intent (Eran's I think) is that if one path works, then you don't have to follow the other one. (path 1 = site metadata + rule, path 2 = link header) 16:30:35 JAR: POWDER timeline isn't all that comfortable 16:31:25 JR: The powder marketplace is not happy until this solved. 16:31:37 s/JR/DC/ 16:31:49 DC: So, there's a timing problem? 16:31:50 jar... wrt to Eran's intent, I assume that either path is ok as the one to try first. 16:33:28 JR: Not sure. 16:33:43 DC: I'm not hearing that every ATOM feed reader is going to change. 16:33:47 JR: Right. 16:33:55 DC: Regarding Mobile Web, POWDER, etc. 16:34:28 DC: Are there mobile folks involved in discussions with Mark N. et. al? 16:34:39 JR: Not that I'm aware. 16:34:51 DC: Mobile is why W3C did POWDER. 16:36:22 (jar, thanks for http://www.w3.org/2001/tag/doc/uniform-access.html ; very useful for me as team contact trying to coordinate all this stuff) 16:36:25 TBL: POWDER and http-link headers are both examples of things that are pieces of the puzzle potentially for many things, but haven't been quite worth being the inspiration for brand new working groups. 16:37:12 q? 16:37:21 DC: Is there a public discussion form for the site metadata? 16:37:25 JR: www-talk, I think. 16:37:59 Here is a thread: http://lists.w3.org/Archives/Public/www-talk/2008NovDec/thread.html 16:38:28 q+ jar to talk about Eran's use cases 16:40:48 DC: Do you who Eran Hammer-Lahav works for? 16:41:00 JR: I think it's Yahoo. 16:43:25 Eran's blog: http://www.hueniverse.com/hueniverse/ 16:47:33 DC: Jonathan, do you trust yourself to evaluate solutions on behalf of this community. 16:47:44 JR: Well, I try to listen to them carefully. 16:48:13 dorchard has joined #tagmem 16:48:17 DC: So, there is an outstanding worry about whether the mobile community is well enough connected. Does Mark N. have particular schedule goals? 16:48:33 JR: I think both Eran and Mark are doing this because they need it for particular reasons. 16:48:41 q? 16:48:46 ack ashok 16:49:59 AM: I'm trying to think through the possible content of a TAG finding. Seems like it would be: "Here are specific ways of getting metadata, but you can try other ways to. What you get back may more may not be the same in all cases, and the formats may vary." Doesn't feel like a very sharp finding. 16:50:12 s/ways to/ways too/ 16:50:40 q+ 16:50:54 q+ to speak to the finding genre vs specs vs tag working papers 16:51:22 NM: Is there a shared underlying. 16:51:58 q? 16:52:23 Can you folks dial into zakim? 16:52:32 JR: No 16:54:43 q+ 16:55:28 "point me to info about X" might be a good title 16:55:34 JR: The commonality is answering the question: "what do you know about X" 16:56:12 Zakim, this is tagf2f 16:56:12 ok, DanC_lap; that matches TAG_f2f()9:00AM 16:56:20 Zakim, code? 16:56:20 the conference code is 824323 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), DanC_lap 16:57:20 q? 16:57:28 NM: We could define idioms to be used by those who wish to do so. E.g. if your wish is that your description be integrated into the semantic web, you must tell us how to map your description to triples. 16:57:34 ack ht 16:57:34 ht, you wanted to remind (?) us that there can be more than one 'describedby' target 16:57:49 ack Ashok 16:58:04 + +1.617.253.aabb 16:58:13 Zakim, aabb is MITStar 16:58:13 +MITStar; got it 16:58:54 Zakim, MITStar holds ht, timbl, Ashok, danc, jar, noah, Stuart 16:58:54 +ht, timbl, Ashok, danc, jar, noah, Stuart; got it 17:00:08 HT: There is more than one thing that something can be described by. It's not functional. It's thus OK to get different descriptions by different. 17:00:29 (I just realized: rel="describedBy" would probably be better as rev="describes" or rev="description") 17:01:04 (and I think Mnot just added rev back into the -3 draft) 17:01:37 TBL: The design could be that when you get a link header with described by, it points to THE site metadata file. 17:01:55 HT: So, I conclude that in general it's OK to have multiple link headers with same relation. 17:01:55 q? 17:02:23 TBL: In general, http headers and RDF statements both have the characteristic that they can be thrown in and interpreted relatively independent of each other. 17:02:47 TBL: Thus, restricting to only one would be counter to the architecture. 17:03:19 HT: I came to same conclusion for different reason: requiring only one would require agreement on packaging format, which likely isn't going to happen. 17:03:21 q? 17:03:31 q? 17:03:37 ack jar 17:03:37 jar, you wanted to talk about Eran's use cases 17:04:16 JR: But for some specific relations, multiple may be inappropriate. 17:04:24 HT: Yes, but I think Tim and I agree not in this case. 17:05:03 s/not/multiple _is_ appropriate/ 17:07:14 JR: There is an XRDS spec being developed, and attempts to build discovery protocols. Eran took task of coming up with discovery protocol, and the two-branch choice of site metadata and link metadata as described in the PDF referenced above seems to be the direction he's leaning towards. 17:07:22 JR: There is also a mailto use case. 17:07:26 Several: Mailto? 17:07:36 q+ to ask about XRDS and identity space specs (openid) and relate to RDF/FOAF and the upcoming W3C workshop on social somethingorother 17:07:59 JR: There's a move afoot from those who think that some individuals can't conveniently get http-scheme URIs assigned for themselves, so the question is how to get metadata for them. 17:08:48 DO: Yes, and, I need to declare things like "I own a site and xxxx@example.com is a valid email address at example.com, but spammer@example.com isn't." 17:09:42 q? 17:09:48 ack danc 17:09:48 DanC_lap, you wanted to speak to the finding genre vs specs vs tag working papers and to ask about XRDS and identity space specs (openid) and relate to RDF/FOAF and the upcoming 17:09:49 ack danc 17:09:51 ... W3C workshop on social somethingorother 17:10:23 zakim, mute daveo 17:10:23 sorry, Stuart, I do not know which phone connection belongs to daveo 17:10:31 zakim, mute dorchard 17:10:31 sorry, Stuart, I do not know which phone connection belongs to dorchard 17:10:46 issue-36? 17:10:46 ISSUE-36 -- Web site metadata improving on robots.txt, w3c/p3p and favicon etc. -- OPEN 17:10:46 http://www.w3.org/2001/tag/group/track/issues/36 17:10:59 DC: I'm not yet concerned whether this results in a finding. I have an ISSUE-36 and working on this is useful whether we hatch findings or not. 17:11:39 DC: I asked whether XRDS is one of these identity-related specs (scribe isn't quite sure what Dan meant - I think he meant whether the community interested in identity cares about it a lot) 17:11:53 FYI: http://groups.google.com/group/metadata-discovery 17:13:04 timbl: Has anyone GRDDL'd XRDS to get RDF? 17:13:16 DO: A lot of the discussions in the XRI community have been focussed on integrating with RDF. Haven't heard a lot from them about XRDS one way or the other, but I sense a lot of RDF focus. 17:13:47 DC: the reason I asked whether XRDS was one of these identity specs (along with openid and cardspace) to recall the relationship with FOAF and RDF 17:13:55 s/RDF focus/positive sentiment about RDF/ 17:14:30 NM: Are they really not interested in XRDS, I thought it was in their spec? 17:14:35 q? 17:14:38 q+ to note the upcoming W3C workshop on social networking http://www.w3.org/2008/09/msnws/ 17:14:40 ack danc 17:14:40 DanC_lap, you wanted to note the upcoming W3C workshop on social networking http://www.w3.org/2008/09/msnws/ 17:15:10 DO: No you misunderstood me. They obviously are interested in XRDS, I'm reporting what seems to be positive interest in RDF, not sure I heard a clear story on the two together. 17:15:19 -- 17:15:20 W3C Workshop on the Future of Social Networking 17:15:20 Call for Participation 15-16 January 2009, Barcelona 17:15:20 -- 17:15:39 They are definitely interested in XRDS, I was only speaking about the relationship between XRI and RDF. ! ((XRI and XRDS) or (XRDS and RDF)). 17:16:25 Oshani, student at CSAIL, is first author on position paper for the workshop. 17:16:31 It has beensubmitted. 17:16:44 TBL: Oshani, student at CSAIL, is first author on position paper for the workshop. 17:16:49 XRDS spec = XRDS schema spec + XRD discovery protocol (not being factored out by Eran) 17:17:26 Re: XRDS and RDF... this is what I found http://wiki.oasis-open.org/xdi/XdiRdfModel 17:17:34 SW: Regarding XRDS and RDF I found http://wiki.oasis-open.org/xdi/XdiRdfModel 17:17:44 SW: XDI is the group doing the data formats that go with XRI 17:18:24 http://www.oasis-open.org/committees/download.php/29748/xdi-rdf-model-v11.pdf 17:18:52 sigh... a new ascii-level syntax in http://wiki.oasis-open.org/xdi/X3Format 17:18:54 DC: The X3format appears not to be N3, XML, JSON, etc. 17:19:33 I note with interest that there's a new draft of Cool URIs for the SemWeb: http://www.w3.org/TR/2008/NOTE-cooluris-20081203/ 17:19:34 JR: Can I please get some guidance in the remaining 10 minutes? 17:19:37 SW: Where do you think you are? 17:20:24 Oh, forget it: "The only change from the previous version of this document is the addition of a link to an errata page. " 17:20:27 JR: I'm a bit confused about what best scope would be. I might go one direction to satisfy myself, might go another to get maximum buyin. I guess I'm tempted to go in the middle, but what I really need are clear requirements, either wrt/ use cases or who needs to be happy. 17:21:44 JR: The site metatdata with URI rewriting seemed appealing, in minimizing round trips by allowing the work to be done on the client. 17:22:48 Zakim, who's making noise? 17:23:01 DanC_lap, listening for 10 seconds I heard sound from the following: +1.604.709.aaaa (35%), MITStar (98%) 17:23:12 Zakim, aaaa is dorchard 17:23:13 +dorchard; got it 17:23:26 Zakim, mute dorchard temporarily 17:23:26 dorchard should now be muted 17:23:42 dorchard should now be unmuted again 17:24:32 TBL: There are downsides to proliferation of "see alsos". If you get back "see all of Wikipedia" when asking about Jonathan, things like tabulator don't get good value. Better to say: for this type of information, do it this way. 17:25:09 Tim: A good spec says "if we all do this, then we will have ths benefit". 17:25:20 JAR: (that advice about seeAlso is news to me...) 17:25:50 Tim: It is good ten to profile the sorts of metadata whcih are made availabel, and formats etc until you have a set of clients which use a given algorithm and achieve a given level of functionality as a result. 17:26:17 JR: Another approach is "just use site metadata, and if you can't influence it, chose another hosting service." 17:26:24 (note to scribe: the topic/TOC label for this discussion please include issue-36 aka siteData-36 ) 17:26:34 SW: Some other alternatives seem to allow more direct "ask a question, get an answer" 17:26:39 An example is that hte tabulator has an algorithm which allows people to link to more data using rdfs:seeAlso, and this can work really well if respected and used reponsibly. 17:26:41 q+ 17:27:43 q+ to ask about any predisposition toward WKL's (cf siteData-36) 17:28:44 q? 17:28:56 ack Danc 17:29:12 q+ to ask site metadata discovery plans 17:30:07 NM: I think we need more exploration. E.g. is ability to control the site metatadata something that any reasonable hosting provider can do, or are there good reasons that either (a) some can't or (b) even if they could, there would be other problems with that approach. 17:30:22 q+ 17:30:25 q+ skw2 to suggest that jar also mention the metadata-discovery googlegroup 17:30:37 DC: I think you could continue in your role as advocate for the semweb use case and advise the TAG informed on what your peers are doing. 17:30:45 ack next 17:30:47 Stuart, you wanted to ask about any predisposition toward WKL's (cf siteData-36) 17:32:45 (is /site-meta likely to take on leading-edge /robots.txt ideas? mnot's involvement suggests "yes" to me) 17:33:01 SW: With robots.txt there has been a squatting issue because it's giving a reserved interpretation to that name. Same thing with site metadata 17:33:50 NM: Could this, at least in principle, be the only one. You could say in the site metadata file "robots.txt has special meaning because I say so in the site metadata file, or in information you can find from it." 17:35:08 ack next 17:35:09 ht, you wanted to ask site metadata discovery plans 17:35:17 q+ to review actions before we break for lunch 17:35:27 JR: I would like this to be (something isomorphic to) ARK 17:36:18 zakim, please close the queue 17:36:18 ok, Stuart, the speaker queue is closed 17:37:32 q? 17:37:55 HT: One of the advantages of the approach is that it offers the opportunity to do something of an end run around site administrators. If the discovery algorith were analagous to the .htaccess one, I.e. you look up the hierarchy in the URI, then by definition the same people who can post Web pages can put up site metadata files. 17:37:55 ack next 17:38:45 ack dorchard 17:38:51 DO: I think the TAG could talk about the issue with Authority. Eran has asked me and Jonthan to think about whether the TAG has anything to say about whether a file like this can speak >authoritatively< for, e.g. a mailto: URI. 17:38:59 HT acknowledges that his suggestion has a huge problem in the legacy/name squatting 17:39:03 ack next 17:39:04 skw2, you wanted to suggest that jar also mention the metadata-discovery googlegroup 17:39:05 JR: Don't think I want to. 17:39:22 SW: Should we point out the Google Group? 17:39:28 s/in the/wrt/ 17:39:30 (if you want to speak authoritatively for a mailto: URI, you have to be the SMTP server. or edit the SMTP standard) 17:40:00 JR: I want to encourage people to encourage the metadata discovery google group at http://groups.google.com/group/metadata-discovery 17:40:22 DC: Is there any crossposting and or shared participation with www-talk? 17:40:28 also... http://groups.google.com/group/metadata-discovery/browse_thread/thread/b4f60d20896ad7c5?hl=en 17:40:43 q+ to get Jonathan's 3rd-hand comment about competence on the record 17:40:44 JR: Some shared participation, don't think much cross posting, some difference of emphasis subject-wise 17:40:44 for 17:40:44 Discovery Coordination Report, Dec 5th 2008 Options 17:40:50 q? 17:42:06 ack DanC 17:42:06 DanC_lap, you wanted to review actions before we break for lunch 17:42:12 HT: I believe the information sciences / library sciences community doesn't believe that, in general, the authors of a document can authoritatively provide the metadata for it. 17:42:33 When I mentioned this metadata discovery issue to a library scientist, they said: Why on earth would anyone ask the publisher? They're not qualified to provide this kind of information. 17:42:39 Ashok has joined #tagmem 17:43:06 SW: We 17:43:15 SW: We'll do review of related issues after lunch 17:43:26 SW: ADJOURNED FOR LUNCH 17:43:47 -dorchard 17:46:44 timbl has joined #tagmem 18:20:32 jar has joined #tagmem 18:30:58 raman has joined #tagmem 18:37:21 zakim, who is on the phone? 18:37:21 On the phone I see MITStar 18:37:22 MITStar has ht, timbl, Ashok, danc, jar, noah, Stuart 18:39:12 timbl has joined #tagmem 18:39:29 +??P4 18:39:33 action-178? 18:39:33 ACTION-178 -- Jonathan Rees to prepare initial draft of finding on uniform access to metadata. -- due 2008-11-25 -- PENDINGREVIEW 18:39:33 http://www.w3.org/2001/tag/group/track/actions/178 18:39:59 Zakim, ??P4 is dorchard 18:39:59 +dorchard; got it 18:39:59 zakim, ??p4 is dorchard 18:40:00 DC: On ACTION-178, you did an initial draft. Do we close the action or do a next step? 184 is still there. 18:40:00 I already had ??P4 as dorchard, Stuart 18:41:05 DC: Two use cases both relating to UAM: 1) XRD Discovery .... 18:41:23 DC: Consider adding the XRD use case to UAM 18:41:49 AM: Any downsides to doing nothing? 18:41:51 I note the tabulator has implemented HTTP link: header with rel=meta 18:42:08 JR: I am going to do something. Science commons needs it, among others. 18:44:20 JR: Potential action revise "Uniform Access to Metadata" (needs title change) to add XRD use case 18:44:42 The document is at http://www.w3.org/2001/tag/doc/uniform-access.html 18:44:58 q+ to solicit reviewers of mnot's /site-meta draft 18:45:21 zakim, please open the queue 18:45:21 ok, Stuart, the speaker queue is open 18:45:40 q+ to solicit reviewers of mnot's /site-meta draft 18:45:48 ACTION: revise "Uniform Access to Metadata" (needs title change) to add XRD use case 18:45:48 Sorry, couldn't find user - revise 18:45:59 ACTION: jar revise "Uniform Access to Metadata" (needs title change) to add XRD use case 18:45:59 Created ACTION-200 - Revise \"Uniform Access to Metadata\" (needs title change) to add XRD use case [on Jonathan Rees - due 2008-12-17]. 18:46:01 trackbot, status 18:46:18 Ashok has joined #tagmem 18:46:25 ACTION 1- 18:46:25 Sorry, bad ACTION syntax 18:46:29 ACTION -1 18:46:29 Sorry, bad ACTION syntax 18:47:55 Zakim, who's on the phone? 18:47:55 On the phone I see MITStar, dorchard 18:47:56 MITStar has ht, timbl, Ashok, danc, jar, noah, Stuart 18:47:56 JR: There are two things: 1) do we have anything to say about site metadata and 2) building on it. That's useful, but not clear whether TAG or SemWeb. 18:48:00 Zakim, mute dorchard 18:48:00 dorchard should now be muted 18:48:19 JR: I guess I'd like to let a bit of time go by, think about it, maybe take it up in a month? 18:48:37 action-178 due 2 Feb 2009 18:48:38 ACTION-178 Prepare initial draft of finding on uniform access to metadata. due date now 2 Feb 2009 18:49:18 action-116? 18:49:19 ACTION-116 -- Tim Berners-Lee to align the tabulator internal vocabulary with the vocabulary in the rules http://esw.w3.org/topic/AwwswDboothsRules, getting changes to either as needed. -- due 2008-12-09 -- OPEN 18:49:19 http://www.w3.org/2001/tag/group/track/actions/116 18:49:31 SW: Tim, is action 116 one we should retain? 18:49:36 TBL: Yes. 18:49:42 SW: Revise due date? 18:51:39 DC: Some concern about whether the Booth ontology is quite right. 18:51:59 TBL: I will realign tabulator internal vocabulary, informed by reading of Booth ontology? 18:52:09 DC: How related to link header? 18:52:25 TBL: Broadly, they're both related to the question: with a URI in hand, what triples can I get. 18:52:26 action-116 due 7 Feb 2009? 18:52:26 ACTION-116 Align the tabulator internal vocabulary with the vocabulary in the rules http://esw.w3.org/topic/AwwswDboothsRules, getting changes to either as needed. due date now 7 Feb 2009? 18:52:55 action-184? 18:52:55 ACTION-184 -- Jonathan Rees to contact Lisa D of IESG, cc www-tag, to explain about 303, with cool URIs and webarch as references. -- due 2008-12-31 -- OPEN 18:52:55 http://www.w3.org/2001/tag/group/track/actions/184 18:53:05 SW: Action 184 is not due yet. 18:53:16 DC: I think awwsw should report back to TAG. 18:53:32 JR: Won't have a consensus view, but I can report back tomorrow if you like. 18:53:42 ACTION jar: report on status of AWWSW discussions 18:53:42 Created ACTION-201 - Report on status of AWWSW discussions [on Jonathan Rees - due 2008-12-17]. 18:53:44 ack danc 18:53:44 DanC_lap, you wanted to solicit reviewers of mnot's /site-meta draft 18:53:44 DC: Even knowing whether you're likely to do anything is a useful bit. 18:53:47 ack next 18:54:05 DC: One of us should look closely at Mark Nottingham's site metadata draft. 18:54:11 AM: I can do that. 18:54:46 action-201 due 11 Dec 2009 18:54:46 ACTION-201 Report on status of AWWSW discussions due date now 11 Dec 2009 18:55:10 http://tools.ietf.org/html/draft-nottingham-http-link-header-03 = Site metadata RFC draft 18:55:13 action-201 due 11 Dec 2008 18:55:13 ACTION-201 Report on status of AWWSW discussions due date now 11 Dec 2008 18:56:48 ACTION: ashok to review http://tools.ietf.org/html/draft-nottingham-http-link-header-03 due 10 January 2009 18:56:48 Created ACTION-202 - Review http://tools.ietf.org/html/draft-nottingham-http-link-header-03 due 10 January 2009 [on Ashok Malhotra - due 2008-12-17]. 18:56:59 action-202 due 10 Jan 2008 18:56:59 ACTION-202 Review http://tools.ietf.org/html/draft-nottingham-http-link-header-03 due 10 January 2009 due date now 10 Jan 2008 18:57:03 Jonathan, I note the tabulator follows currently link rel= {alternate|seeAlso|meta} preferring 'meta' -- why did you document use 'description'? 18:57:28 the link relation is 'describedby' and in this I follow POWDER. 18:57:33 SW: Ashok, is there anything else on this you feel that we've missed. 18:57:42 scribenick: Ashok 18:57:48 scribenick: Ashok 18:57:49 scribe: Ashok Malhotra 18:58:00 (ah, powder) 18:58:12 yes, timbl, good question; it should be in the POWDER issues list; I started searching but didn't really get to the bottom of it 18:58:21 Topic: 6 Web Application security and Safe JavaScript 18:58:25 POWDER is in last call, note. 18:58:43 topic: Web Application security and Safe JavaScript 18:58:53 Tim, I had a hard time finding any 'normative' spec for 'meta'. The only one I found was in RDFa, and it's pretty weak (x meta y if y is metadata for x) 19:03:30 reviewing... http://www.w3.org/QA/2008/12/web_applications_security_requ.html 19:03:32 FOAF spec maybe sepcs it as pointer fromhome page? 19:03:48 "Use the browser as part of the trusted computing base? Are you kidding?" 19:03:51 no more kidding. 19:04:34 On the other hand, after wrestling with the patchwork of javascript security policies in browsers in the past few weeks, the capability approach in adsafe looks simple and elegant by comparison. Is there any chance we can move the state-of-the-art that far? And what do we do in the mean time? Crockford's Jan 2008 post is quite critical of W3C's current work: 19:06:00 ... there are multiple interests involved in a web application. We have here the interests of the user, of the site, and of the advertiser. If we have a mashup, there can be many more interests. 19:08:30 projected http://erights.org/elib/capability/ode/overview.html 19:10:44 JAR notes KeyOS circa '70s 19:11:01 Capability security has a long history ... back to Butlet Lampson 19:11:15 (I wonder if this history is told in wikipedia) 19:11:15 s/Butlet/Butler/ 19:11:24 q? 19:11:27 Many implementations 19:12:35 Tim: Describes some capability examples 19:13:14 Tim: E.g. you can use this to access my salary 19:13:53 Noah: I would mint a new pointer with special capabilities 19:15:06 Tim: Any social constriant can be repsented in the capability 19:15:31 jar: Any technical constraints ... not constraints that courts must enforce 19:17:28 jar: Object capabilities and web keys are very different 19:19:13 The capability system you wd have within yr browser would give you complete control of where the pointers go 19:20:23 careful protocol between hosts .... hosts must have certain amount of trust 19:20:49 (for reference, "webkey" is the subject of Tyler Close's Mashing with permission from the agenda) 19:21:23 Noah: These are not pointers ... refernces more abstract 19:22:14 e and webkeys are diferent systems with different properties 19:22:19 Jonathan: In E, there is Mandatory Access Control: Something which has a capabilaity can be made UNABLE to pass the cabability to something else. By contrast, any system which encodes capabilities with strings (like webkeys) cannot stop an object from cloning the string and passing it to anything else. 19:22:31 projecting http://blog.360.yahoo.com/blog-TBPekxc1dLNy5DOloPfzVvFIVOWMB0li?p=706 19:25:00 "this" is a problem is javascript 19:25:18 Caja lets you use "this" in limited situations 19:27:06 Norm has joined #tagmem 19:27:08 Tim: Calling it Access Control" is misleading. It's about privacy 19:28:19 HT: My javascript is littered with "this" 19:30:06 Zakim, what's the passcode? 19:30:07 the conference code is 824323 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), Norm 19:30:08 HT: Its abt permission policy 19:30:32 +Norm 19:30:36 RPPA - Resource Permission Policy Assertions 19:31:01 ACTION DanC: discuss Access Control misnomer with Interaction Domain staff 19:31:01 Created ACTION-203 - Discuss Access Control misnomer with Interaction Domain staff [on Dan Connolly - due 2008-12-17]. 19:31:44 20 percent of my lines in Javascript use "this" 19:32:08 Norm: I use jquery ... it may use "this" behind the scenes 19:33:43 Crockford says add a switch in Firefox to disable non-adSafe ads 19:33:57 projected is http://www.w3.org/QA/2008/12/web_applications_security_requ.html 19:36:09 Norm_ has joined #tagmem 19:37:00 JSONRequest does not allow the server to abdicate its responsibility of deciding if the data should be delivered to the browser. Therefore, no policy language is needed. JSONRequest requires explicit authorization. Cookies and other tokens of ambient authority are neither sent nor delivered. 19:37:29 For server read 'site' 19:38:00 Often, of course the 'site' is complicated as there is the SSN site, the[ syndicated] blogger, the commenter all may provide content 19:38:39 Pick a s site ... ticketmaster 19:41:07 Skw: You can put credentials in as parameters 19:43:06 jar: capability systems require capabilities for everu requesy, session-based systems let you establish your rights at the start of the session 19:43:08 HST tries to repeat his understanding of JAR's summary: a capability-based system requires a token of capability as a part of every request/transaction 19:43:54 dan: Use ambient rather than session 19:44:01 q+ skw 19:44:02 "ambient" authority is authority that is just there, and gets used as needed by any request 19:44:09 ... whereas an ambient approach, which is what we're mostly used to, establishes an umbrella and then all subsequent operations are allowed (or not, as the case maybe) by that umbrella 19:44:16 a capability must be "exercised" = passed as a parameter 19:44:17 ack next 19:45:52 capability security = no authority without designation (of the particular authority being exercised) 19:46:42 http://www.w3.org/TR/access-control/#design-decision-faq 19:48:05 requirement #5 from ref'd doc: "The solution must be applicable to arbitrary media types. It must be deployable without requiring special packaging of resources, or changes to resources' content. " 19:50:23 Back to the agenda 19:50:26 http://www.w3.org/2001/tag/2008/12/09-f2f-agenda#safeJavaScript 19:50:41 Norm, do you know mark S. Miller? 19:50:47 Norm: Don't think so 19:53:02 Dan: We have 8 minutes ... I suggest go for 20 minutes 19:53:10 Zakim, remind us in 20 minutes to move on 19:53:10 ok, DanC_lap 19:54:10 Dan: Suart you have the floor 19:54:53 skw: I did not find item 1 in the list satisfactory 19:55:09 not connected with capabilities 19:55:43 jar: What wd you like to know? 19:56:05 Dan: Shd this stay in the TAG 'someday' pile 19:56:28 q+ to ask whether the scope of the WSC-WG is relevant to this discussion. 19:57:06 Noah: Yes... and possibly bring up sooner 19:58:00 jar: It's hard for me to be impartial ... the first cgi script I wrote was abt capabilities 19:58:52 q+ to note recent origin header discussion in the HTML WG 19:59:01 This solution seems so obvious 19:59:28 People are not making the connection ... it's defensive programming 20:00:57 q+ timbl 20:00:58 ack timbl 20:01:32 Tim: I have not seen a completeness theorem for this .... need some examples 20:01:44 jar: See e in a walnut 20:02:01 q+ 20:02:52 projecting: http://wiki.erights.org/wiki/Walnut 20:03:40 Tim: Having programming in Ajax I feel I've been working with a capability system 20:04:12 Norm has joined #tagmem 20:05:57 jar: What could be the outcome? Even a carefully guarded statement may be useful here. 20:07:27 AM: I've been a fan of capabilities since the early '90s when I found a capability system in IBM; it's a beautiful system... 20:07:59 ... it had hardware support... 20:08:38 ... I wonder if it can be hacked. 20:08:52 JAR: research results, related to garbage collection, are pretty solid 20:10:37 Ashok: What do we do to encourage this direction? 20:10:57 jar: There are 2 proposals: AdSafe, Caja. 20:11:47 Tim: Shd we have little tutorials on these things: JSON Request, AdSafe 20:12:04 q+ timbl to ack about jsonrequest and adsafe 20:12:19 ack ashok 20:13:11 DanC_lap, you asked to be reminded at this time to move on 20:13:30 Tim: This is a really interesteing and timely bit of technology. Nailing it know wd do the world a lot of good. 20:13:36 (I presume I can use 5 or 10 more minutes... or should I check orally? hmm.) 20:14:15 It wd also make programming the stull easier. It wd be wiling to push to change the computing environment 20:16:16 ht: Colored by personal experience. WACL is a hard spec to read but wd solve our problem 20:16:46 My dept changed to using Kerberos and it made my life hell 20:17:10 Disagreement with whether Kerberos is capability-based 20:17:35 (nice job minuting, Ashok.) 20:17:54 Don't see how AdSafe has anything to do w/capabilities 20:18:45 (irc poll: (a) continue this discussion for another hour after a break today (b) schedule it tomorrow (c) action skw to schedule it for a telcon (d) other [pls specify how you're volunteering]) 20:19:06 How can we get there from here? We are using the browser as distributed app dev platform 20:19:21 And it doen't do it terribly well 20:19:49 It may be intrisically unfixable 20:20:31 Even if there is a solution, can we get there from here? 20:20:44 potential action: what does silverlight do? noah 20:20:47 What does Silverlight do abt this? 20:20:50 Noah: Same as Flash 20:21:22 dorchard has joined #tagmem 20:21:44 Norm: It shd remain on the 'soemday' pile. May be worth moving up 20:22:17 For Flash, there's a standard data file you can leave on your site that says "yes, you can steal my data cross-site". Silverlight honors the Flash file, and I think has it's own slightly different equivalent if you prefer a Microsoft-specific approach. 20:22:31 I'm for (a) 20:22:37 Norm has joined #tagmem 20:22:41 Me too! 20:24:10 breat to xx:40 20:24:17 BREAK for 15 Minutes 20:24:17 back at xx:40! 20:24:21 -Norm 20:24:49 MSDN page on Silverlight security policy: http://msdn.microsoft.com/en-us/library/cc645032(VS.95).aspx#Mtps_DropDownFilterText 20:27:25 -dorchard 20:38:50 Norm has joined #tagmem 20:40:49 Zakim, what's the passcode? 20:40:49 the conference code is 824323 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), Norm 20:41:10 +Norm 20:42:43 Stuart has joined #tagmem 20:43:17 amy... d'you know what time we have to stop so that the next people can use the room? 20:43:45 ht has joined #tagmem 20:46:04 q? 20:46:46 ack Stuart 20:46:46 Stuart, you wanted to ask whether the scope of the WSC-WG is relevant to this discussion. 20:46:49 ack Stuart 20:47:41 Skw: What are We Security WG doing wrt to this issue? 20:48:02 Dan: Some overlap 20:48:31 skw: Is security of rich apps running in browsers part of their domain 20:48:40 +??P1 20:49:44 Dan: The littlelock that lights up on yr browser is a security risk. They are seriously attacking the gap between the chair and the keyboard 20:49:50 From: http://www.w3.org/2006/WSC/ "Web Security Context Working Group 20:49:50 From our charter: The mission of the Web Security Context Working Group is to specify a baseline set of security context information that should be accessible to Web users, and practices for the secure and usable presentation of this information, to enable users to come to a better understanding of the context that they are operating in when making trust decisions on the Web." 20:50:15 q? 20:50:58 dan: The key/lock is harmful because websites put key in content 20:51:48 q+ to ask how ADsafe is related to capabilities 20:51:54 ack danc 20:51:54 DanC_lap, you wanted to note recent origin header discussion in the HTML WG 20:51:58 From WSC WG "to enable users to come to a better understanding of the context that they are operating in when making trust decisions on the Web." 20:51:59 q+ ht2 to ask how JSONRequest works 20:52:34 Another item ... origin header 20:52:55 pls project: http://www.w3.org/2008/12/04-html-wg-minutes.html 20:53:32 http://www.w3.org/2008/12/04-html-wg-minutes.html#item03 20:54:29 Origin Header agenda item attracted attention... all interested parties showed up 20:55:11 Adan Barth agrees to become editor 20:55:21 of the spec 20:55:30 s/Adan/Adam/ 20:55:49 http://crypto.stanford.edu/websec/specs/origin-header/ 20:56:59 Dan: I visit TicketMaster and there is a white hat reference and we go get it 20:58:41 I buy ticket now I get lot's of cookies, etc. Now I end up on a bad guy site. This guy can do a post to TicketMaster and use cookies to buy another ticket. 20:59:37 Mitigation is origin header in post to TicketMaster says its from bad guy site 21:00:24 Noah: Construct a situation with long call stack. Which is the origin. 21:00:40 HT: The article on screen tries to address this. 21:01:00 Second bullet .... 21:01:46 Noah: Can origin be forged? 21:01:58 It's the invoking html doc 21:02:16 ack timbl 21:02:16 timbl, you wanted to ack about jsonrequest and adsafe 21:02:20 q+ jar to ask how Mark M might help, supposing he wanted to 21:02:22 ack ht 21:02:22 ht, you wanted to ask how ADsafe is related to capabilities 21:03:03 HT: How does AdSafe use capabilities? 21:03:26 Jar: Nice discussion in second chapter on Caja spec 21:05:05 Page 5 of caja spec 21:05:52 AdSafe is very but cannot do a lot with it .... cannot get multiple AdSafes collaborating 21:06:01 Dan: That's a feature 21:06:34 jar: Caja is safe and powerful 21:07:06 Put javascriot in upper left 21:07:51 ht: AdSafe does not have tokens with capabilities 21:09:26 Javascript has global object which has universal capabaility. They removed that. 21:09:47 The DOM is a global access and AdSafe wraps access to the DOM 21:09:55 projecting: http://www.adsafe.org/ 21:09:59 (for the record, the list stuart is projecting is a good answer to ht's question) 21:10:29 HT: AdSafe removes some capabilities that javascript allows 21:10:58 timbl has joined #tagmem 21:11:34 From: http://en.wikipedia.org/wiki/Capability_architecture 21:11:47 A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. 21:11:50 jar: They needed a new name for object capabilities ... it's the same as hardware capabilities recast into software 21:14:31 HT: Explains how AdSafe removes capabilities 21:15:09 jar: A capability system has only capabilities not ambient authority 21:17:34 HT: Where is the checking done? 21:19:45 ack jar 21:19:45 jar, you wanted to ask how Mark M might help, supposing he wanted to 21:19:52 HT: We do not need to answer this question today 21:20:59 He works for Googe. We can ask if he wants to join WG? 21:21:23 s/Googe/Google/ 21:22:50 Dave: skw and I got invloved in this spec a while ago.... We tried to push them to Tyler approach 21:22:59 We got pushback. 21:23:17 Then they decided to do usecases and reqmnts 21:23:50 Sturat and I looked at their docs and asked "what does the algorithm do"? 21:24:04 s/Sturat/Stuart/ 21:24:55 If we got enough people in WG that wanted something different we could get something done 21:25:36 Need to muster support for a coherent position 21:25:45 q+ to ask the social question 21:26:26 Dan: We have looked at their work and we agree on their direction 21:26:48 Dave: I understand their solution. 21:27:23 Too many requirements and amny are muddled 21:27:42 Dan: Too difficult to ask them to reopen requirements 21:28:23 Dave: The did not follw process and ask for participation ... came out of .... work 21:29:05 HT: Who do we have buy in on this? 21:29:23 (it seems that the charter has since been fixed. "Access Control for Cross-site Requests (Access Control)" -- http://www.w3.org/2008/webapps/charter/ 2008/07/02 23:19:59 ) 21:30:26 Are their people who would deploy this and it would be real production? 21:30:54 Dave: They pulled the final release 21:31:32 Dave: Microsoft did not join WG but publish their own thing 21:32:03 Seems like they are now going the W3C way 21:32:39 ?q 21:32:41 q? 21:33:06 ack ht2 21:33:06 ht2, you wanted to ask how JSONRequest works 21:34:30 dan: Any actions? Is it on our 'someday' pile? 21:34:38 skw: No actions 21:35:09 jar: Moral support resolution may be nice. 21:35:19 skw: Support whom? 21:36:25 dan: Noncommital resolution will not change anything 21:38:04 jar: Goal is to encorage work on programming methodology that makes it hard to screw up 21:40:14 jar: It is an architectural problem. Will not go away 21:40:59 ACTION: jar to talk with Mark Miller and report back 21:40:59 Created ACTION-204 - Talk with Mark Miller and report back [on Jonathan Rees - due 2008-12-17]. 21:41:18 action-204 due 14 Feb 2009 21:41:18 ACTION-204 Talk with Mark Miller and report back due date now 14 Feb 2009 21:42:06 Topic: uriBasedPackageAccess-61 21:42:08 -??P1 21:42:15 http://lists.w3.org/Archives/Public/www-tag/2008Nov/0114.html 21:42:49 skw: We recd. direct request from them (Marcos) to comment on their requirements 21:43:25 HT: Can we go thru this again 21:44:46 Dan: I asked are these things ever written down and they replied usually not 21:44:58 +??P1 21:48:09 looking at: http://dev.w3.org/2006/waf/widgets/ 21:52:04 Step 1 -Acquire a Widget Resource over HTTP or Local Storage 21:52:27 We thought these requests did not come over HTTP 21:53:50 raman has joined #tagmem 21:54:39 ht: Is the config doc part of a widger resource? Answer appears to be 'yes'. 21:56:10 s/widger/widget/ 21:57:43 A HTML start file is also part of a widget resource 22:00:11 Possible question of clarifiaction: "Is there a requiremment to be able to reference into a widget package from outside of the package?" 22:00:51 +Raman 22:01:28 dorchard has joined #tagmem 22:03:04 (another editorial matter: "widget resource" doesn't help me; just "widget" would be less distracting. and it says "resource" where "representation" seems better in several cases) 22:03:09 -Norm 22:03:28 Why does it not just say -- A conforming spec MUST recommend a hierarchical adressing schems that can be used to address the individual resources within a widget resource from within a config doc, widget, or other constituent of the same widget pkg. 22:03:58 MEETING RECESSED 22:05:19 Action: Henry S to begin responding to Marcos asking the question: Why does the spec not say "A conforming spec MUST recommend a hierarchical adressing schems that can be used to address the individual resources within a widget resource from within a config doc, widget, or other constituent of the same widget pkg." 22:05:19 Created ACTION-205 - S to begin responding to Marcos asking the question: Why does the spec not say \"A conforming spec MUST recommend a hierarchical adressing schems that can be used to address the individual resources within a widget resource from within a config doc, widget, or other constituent of the same widget pkg.\" [on Henry S. Thompson - due 2008-12-17]. 22:05:29 -MITStar 22:05:31 -Raman 22:06:16 add to above action the words "In Reqmnt 6" 22:06:17 -??P1 22:06:18 TAG_f2f()9:00AM has ended 22:06:19 Attendees were +1.604.709.aaaa, +1.617.253.aabb, ht, timbl, Ashok, danc, jar, noah, Stuart, dorchard, Norm, Raman 23:34:17 jar has joined #tagmem