IRC log of tagmem on 2008-12-10

Timestamps are in UTC.

14:19:43 [RRSAgent]
RRSAgent has joined #tagmem
14:19:43 [RRSAgent]
logging to
14:19:51 [Zakim]
Zakim has joined #tagmem
14:19:53 [DanC_lap]
DanC_lap has joined #tagmem
14:20:14 [ht]
ht has joined #tagmem
14:20:38 [DanC_lap]
RRSAgent, pointer?
14:20:38 [RRSAgent]
14:20:41 [DanC_lap]
Zakim, agenda?
14:20:41 [Zakim]
I see nothing on the agenda
14:20:52 [noah]
scribenick: noah
14:21:01 [noah]
scribe: Noah Mendelsohn
14:21:24 [noah]
meeting: W3C Technical Architecture Group Face to Face - 10 Dec 2008 (Morning)
14:21:31 [noah]
date: 10 Decemeber 2008 (morning)
14:21:45 [noah]
chair: Stuart Williams
14:21:46 [ht]
14:21:58 [noah]
topic: URNsAndRegistries-50
14:22:21 [DanC_lap]
agenda + placeholder 1
14:22:23 [DanC_lap]
agenda + placeholder 2
14:22:24 [DanC_lap]
agenda + placeholder 3
14:22:28 [DanC_lap]
agenda + URNsAndRegistries-50 (ISSUE-50)
14:22:34 [DanC_lap]
agenda -1
14:22:35 [DanC_lap]
agenda -2
14:22:36 [DanC_lap]
agenda -3
14:23:34 [DanC_lap]
-> # Next steps (at the f2f, I hope) for URNsAndRegistries-50 Henry S. Thompson (Saturday, 6 December)
14:24:10 [Stuart]
14:24:20 [noah]
ht: We had an earlier draft,
14:24:38 [DanC_lap]
v 1.13 2006/08/17 19:23:58 dorchard Exp URNsAndRegistries-50.html
14:25:12 [noah]
ht: In an email I announced a new approach embodied in new draft at:
14:25:30 [noah]
ht: First, I tried to clarify the analysis of requirements. Are they complete? Comprehensible?
14:26:41 [noah]
ht: Earlier document was perceived as not sufficiently helpful to intended audience. Consider for example Secretary of State of New Zealand who are considering the need for a new URN subscheme for their documents. Goal: those readers should recognize that this document is meant for them.
14:27:26 [DanC_lap]
q+ to say yes, it speaks to, e.g., nz govt agency IT decision-makers, provided the legal terms (e.g. consortium) are readable worldwide
14:27:50 [noah]
ht: Then I explore why doing this name assignment can be hard, and I think that's the interesting part of what I've written.
14:29:42 [noah]
ht: Need to decide how to draw this to a conclusion, and what is it when it's finished?
14:30:20 [noah]
ht: So far, we've been at this 3 years, and have produced two documents, both unfinished. So we need to decide where to go?
14:30:30 [DanC_lap]
q+ to say the thesis of this document should be: naming is hard, and using http/dns well is hard, but http/dns meets the requirements [for naming grounded in administrative hierarchies] and is the best choice for now and the forseeable future (10 to 20 years, at least)
14:30:52 [noah]
am: you mentioned an academic paper, are you going to write an academic paper? I'm concerned that this will be brief and skip details. What will it point to?
14:30:57 [Stuart]
14:31:00 [noah]
ht: Yes, and perhaps that's inescapable.
14:31:00 [Stuart]
ack danc
14:31:00 [Zakim]
DanC_lap, you wanted to say yes, it speaks to, e.g., nz govt agency IT decision-makers, provided the legal terms (e.g. consortium) are readable worldwide and to say the thesis of
14:31:03 [Zakim]
... this document should be: naming is hard, and using http/dns well is hard, but http/dns meets the requirements [for naming grounded in administrative hierarchies] and is the
14:31:06 [Zakim]
... best choice for now and the forseeable future (10 to 20 years, at least)
14:31:44 [noah]
dc: Regarding target audience (e.g. New Zealand Secretary of State). My feeling is yes mostly it works, but we need to watch a few terms like "consortium" which may or may not work for all.
14:32:15 [DanC_lap]
(leasehold and freehold)
14:32:45 [DanC_lap]
"But Domain Names are not really owned, only leased"
14:32:45 [noah]
tbl: There is potential confusion over terms like "leasing", which may have different connotations.
14:33:26 [noah]
dc: I don't want to stipulate that domain names can only be leased. Gandi claims to sell you ownership?
14:33:35 [noah]
ht: How do they do it?
14:33:58 [Stuart]
14:34:18 [noah]
tbl: Gandi could stay in business past ICANN, in principle. You haven't paid for perpetual care, but insurance companies could try to support that.
14:34:46 [DanC_lap]
q+ to say the thesis of this document should be: naming is hard, and using http/dns well is hard, but http/dns meets the requirements [for naming grounded in administrative hierarchies] and is the best choice for now and the forseeable future (10 to 20 years, at least)
14:35:28 [noah]
tbl: I have discussed the possibility of a Top Level Domain in which names would be owned, and backed by insurance, maintained in perpetuity.
14:35:48 [DanC_lap]
ack danc
14:35:48 [Zakim]
DanC_lap, you wanted to say the thesis of this document should be: naming is hard, and using http/dns well is hard, but http/dns meets the requirements [for naming grounded in
14:35:52 [Zakim]
... administrative hierarchies] and is the best choice for now and the forseeable future (10 to 20 years, at least)
14:35:57 [noah]
q+ to make a few comments
14:36:37 [noah]
dc: I think the theses should be: naming is hard; using http + DNS to meet the requirements can be hard; using http + DNS is the recommended approach; ???
14:36:48 [DanC_lap]
"In what follows we'll explore the requirements space and the solution space, and conclude that in a large number of cases both Dirk and Nadia are wrong, because http-scheme URIs provide the best available solution."
14:38:32 [noah]
TBL: At the point where it says "So who's right?" I'm worried. You need to then say: "...or are they both wrong?" We need to avoid implication that one or the other is generally right.
14:38:59 [noah]
14:39:09 [Stuart]
ack noah
14:39:09 [Zakim]
noah, you wanted to make a few comments
14:39:11 [DanC_lap]
DC: or offer a 3rd character that advocates http/dns
14:39:48 [DanC_lap]
NM: I made a note on my copy... "isolate the highlights and put the rest in the appendix" ...
14:40:17 [DanC_lap]
HT: ... section 2 is, fortunately, short ...
14:40:47 [DanC_lap]
NM: under "identifyable", "in the scheme", the choice of 'scheme' conflates terms...
14:41:03 [DanC_lap]
some brainstorming: system, strategy, ...
14:41:30 [DanC_lap]
NM: one role of findings is to teach terminology, so...
14:41:36 [DanC_lap]
HT: yes, I'll give it a think
14:42:16 [DanC_lap]
NM: perhaps "distinguishable" rather than conflate 'identify' under "identifyable"
14:42:30 [DanC_lap]
HST: perhaps "branded"? that's what I hear people use in conversation
14:42:52 [DanC_lap]
NM: hmm... too much commercial overtone? [reads with "distinguishable"...]
14:44:00 [DanC_lap]
NM: under "resource identification". risk of collision under centralized? counter-intuitive to me
14:44:30 [jar]
14:44:35 [DanC_lap]
HST: suppose all the names share a domain name...
14:45:15 [DanC_lap]
NM: suggest "if people do distributed allocation ..."
14:45:48 [Stuart]
14:46:50 [noah]
JR: Many of the points, especially toward the end could use examples and/or elaboration. Presumably you're looking for validation from us that you're on the right overall path?
14:46:51 [DanC_lap]
(serialized novels came up at dinner last night... wouldn't it be fun to do this that way? even a radio programme...)
14:46:55 [noah]
HT: Yes, that's what I wanted.
14:48:25 [noah]
AM: I thought the beginning read very well, then the end sort of Peter'd out.
14:48:37 [noah]
HT: Yes, any suggestions welcome.
14:49:30 [noah]
JR: I think this shows lingering signs of earlier defensiveness. Some of the audience includes people who will not approach this with negative preconceptions about our recommendations.
14:49:53 [noah]
14:50:02 [noah]
q+ to say must convince skeptics
14:50:20 [DanC_lap]
q+ to suggest tracing just one path thru the requirements, rather than all of them
14:50:27 [noah]
HT: There is an editorial note in the margin on the screen. Do we need to make explicit.
14:52:26 [DanC_lap]
ack noah
14:52:26 [Zakim]
noah, you wanted to say must convince skeptics
14:52:30 [Stuart]
14:52:31 [DanC_lap]
ack danc
14:52:32 [Zakim]
DanC_lap, you wanted to suggest tracing just one path thru the requirements, rather than all of them
14:52:40 [noah]
NM: Yes, target those who aren't expert in the nuances, but do the presentation carefully enough that even skeptics will find it convincing and careful as far as it goes.
14:52:48 [noah]
DC: Are you doing all possible paths through requirements?
14:53:53 [noah]
HT: No, and I think it's a mistake to try and do all combinations of requirements. Have to figure out what to do.
14:54:48 [noah]
DC: You can at least do a specific solution for Dirk and Nadia
14:55:26 [noah]
NM: You could have a section at the end briefly indicating some of the sorts of needs that are legitimate for some users, but that are beyond what's dealt with in this note.
14:55:36 [noah]
TBL: We can see that solving this is a problem for Web science.
14:55:48 [noah]
DC: I don't want to say that. In practice on the Web, this is a solved problem. We do name allocations.
14:56:01 [noah]
TBL: Yes, but not always well enough. The challenge is to do it better.
14:57:22 [noah]
HT: Yes, I remember Ray Denenberg standing up awhile ago and pointing out that from the point of view of people who do name allocations for, e.g. the US Library of Congress, some of the approaches we advocate in the TAG can seem naive at times.
14:58:27 [DanC_lap]
Zakim, remind us in 10 minutes that ht said max 10 min
14:58:27 [Zakim]
ok, DanC_lap
14:59:36 [noah]
HT: Another issue that Noah raised with me privately: naming vs identifying
15:01:19 [noah]
NM: I believe I've heard people claim the difference is interesting, and you say words to the effect of "the URI names X". Are we happy with that?
15:02:09 [noah]
HT: Well, if we're going to be pedandic, it would probably have to be "denote", but I'd rather not go there.
15:02:18 [noah]
15:02:32 [noah]
NM: Fine with me, I was just checking and trying to learn something.
15:03:38 [Stuart]
q+ to mention a 'taxonomy' from Brian McBride:
15:03:50 [Stuart]
15:03:55 [Stuart]
15:03:55 [Stuart]
a = b => a and b denote the same thing
15:03:55 [Stuart]
a <> b => a and b denote different things
15:03:55 [Stuart]
15:03:55 [Stuart]
a = b => inconclusive
15:03:56 [Stuart]
a <> b => a and b denote different things
15:03:57 [noah]
JR: Well, I'm fine leaving things as they are, but if we were trying to be super careful, my preference would be to have the terms not be used interchangeably.
15:03:58 [Stuart]
15:04:01 [Stuart]
a = b => inconclusive
15:04:02 [Stuart]
a <> b => inconclusive
15:04:28 [noah]
TBL: We do commonly say things like "he can be identified by his email address", I.e. inverse functional properties.
15:04:42 [DanC_lap]
no, stuart, identifiers can be synonyms too.
15:04:56 [DanC_lap]
to wit, URIs
15:05:32 [DanC_lap]
and names are, by design, not ambiguous in their intended scope
15:05:34 [Stuart]
well... those are 3 labelled sets of properties that one could attribute to name like things - we could quibble about the lables
15:05:43 [Stuart]
15:06:01 [Stuart]
15:06:08 [DanC_lap]
ok, yes, you could introduce terms like that, but it seems better to stick with established terms: unambiguous, etc.
15:06:25 [noah]
HT: Regarding the view that the terms are distinct: a question. Is it the case that either a) a given thing can't have more than one name or b) a given thing can't have more than one identifier.
15:06:28 [noah]
JR: No to both.
15:06:51 [noah]
HT: But both tend to have inverse functional properties within a given scope?
15:06:53 [noah]
JR: Yes.
15:06:56 [Stuart]
Well... in some environments they make the Unique Name Assumption.
15:08:12 [noah]
TBL: You can imagine alternate approaches involving graphs of bnodes with typed links, but I think for our purposes the direction with explicit names/identifiers is a better way to look at it (scribe isn't 100% sure he got the nuance of what Tim said.)
15:08:15 [DanC_lap]
(oops; that reminds me... SCUDs are in last call, and at a glance, they don't clearly meet requirements we requested of them. I think that's in the someday part of our agenda and should be on the dated part)
15:08:20 [DanC_lap]
ack Stuart
15:08:20 [Zakim]
Stuart, you wanted to mention a 'taxonomy' from Brian McBride:
15:08:27 [Zakim]
DanC_lap, you asked to be reminded at this time that ht said max 10 min
15:08:34 [noah]
HT: I think that not making the distinction is appropriate at least with respect to the use in the document.
15:09:34 [noah]
SW: I was having a discussion with ??? that involved comparision semantics. Proposal: for identifiers, if two are the same they definitely denote the same thing; for names that's not true. For labels you can't say much at all.
15:09:59 [noah]
s/???/Brian McBride/
15:10:46 [DanC_lap]
(oops; I missed that context... that the terminology came from a discussion with Brian, Stuart)
15:10:52 [noah]
AM: Which one is unique?
15:11:00 [noah]
SW: Identifiers
15:11:30 [Stuart]
15:11:36 [noah]
NM: Well, in the sense that the same ID necessarily denotes the same thing; it seems unquestioned that a given object can be identified by more than one identifier.
15:11:49 [DanC_lap]
(historical note: owl:FunctionalProperty and owl:InverseFunctionalProperty were called, in previous drafts, UniqueProperty and UnambiguousProperty)
15:13:52 [noah]
JR: I've been working with Alan Ruttenberg on a case study that I think is interesting. Science commons focusses on communication, which means I needed things that people will share. Common practice in the community is {DatabaseID, RecordInDB}
15:14:04 [noah]
NM: Are the DatabaseIDs globally scoped?
15:15:08 [noah]
JR: Not necessarily, but in practice in this community, yes. There are a limited number (say 50) of these databases and people tend to agree on the names.
15:15:31 [noah]
JR: This is at this point informal. They're called DBXrefs.
15:15:45 [noah]
DC: Reminds me of how URIs came into existence. We had ftp, mailto, etc.
15:15:51 [noah]
TBL: Well, URI schemes.
15:15:52 [noah]
DC: Yes.
15:17:08 [noah]
JR: We needed a URI-based solution, and we're getting a committee together, and we have acquired a domain name, and will be working together to decide the resolution semantics. The trick is to get real agreement and buyin. Have identified technical principles of 6 or 8 projects that put xrefs in their databases.
15:17:40 [noah]
JR: The lesson is how hard this has been.
15:17:48 [noah]
NM: What sort of problems are you hitting?
15:17:51 [Ashok]
15:19:01 [noah]
JR: Partly social: we need to get people to talk to each other and to believe that this is important. Trust can be an issue if you need to get people to actually get people to use these things. We're for the moment not incorporating.
15:19:03 [ht]
q+ to ask about a relevant TLA
15:19:22 [noah]
JR: We're trying to get a prototype done.
15:19:27 [noah]
HT: Of what?
15:19:36 [noah]
JR: Some of these URIs will resolve to 303s.
15:20:05 [ht]
s/Some/Of a resolver. All/
15:20:27 [noah]
NM: Is it assumed that, if you recognized the URI, that you could avoid doing the dereference?
15:20:33 [noah]
JR: Yes.
15:20:47 [Stuart]
15:20:49 [jar]
15:20:51 [noah]
HT: I would like to understand how what you've hit line up with what I've set out as Dirk and Nadia's requirements.
15:21:21 [noah]
JR: Well, there's at least one that's questionnable. We required a particular kind of openness, I.e. that mirrors can be made of the metadata.
15:21:39 [Stuart]
ack ashok
15:21:58 [noah]
AM: These will link across databases?
15:22:24 [ht]
HST notes that a lot of variation can be concealed behind the word 'mirror'. . .
15:22:27 [noah]
JR: If they DB providers, who are organizationally separate from this effort, adopt this, then yes. But we have no expectation of that. This is really primarily for third parties to cite the database.
15:22:45 [noah]
AM: If I have in a database, multiple records about a person, then...
15:23:04 [noah]
JR: We're not talking of "about" yet; these things are, for the moment, just identifying "records".
15:23:37 [noah]
HT: Are you using records in the narrow sense of "row in table", or do you mean in the colloquial higher level sense (a record of this mouse's kidney)
15:24:02 [noah]
JR: We assume keys, but not a physical structure.
15:24:09 [noah]
NM: An abstract dictionary?
15:24:13 [noah]
JR: Yes.
15:24:22 [noah]
AM: If I have the kidney record, how I do it.
15:24:55 [noah]
JR: At a higher level. Either the publisher or a 3rd party can say these two records combine to form a mouse record.
15:26:09 [ht]
HST: Wrt some collection of RDB tables, doesn't matter how many are involved wrt some particular entity, we assume the primary key in one of those tables is "the record identifier" in our sense
15:26:32 [ht]
s/Wrt/I hear JR saying that wrt/
15:27:08 [noah]
NM: So, it's not specifically relational. There is a collection of databases. Each database is an abstract dictionary. If you give it a key, it will give you some data back. Not much is said about a) what the substructure of that data is or b) how these stores full of key-identified data are used for, e.g. storing resumes, mouse kidney records, etc.
15:28:34 [Stuart]
ack ht
15:28:34 [Zakim]
ht, you wanted to ask about a relevant TLA
15:32:04 [noah]
HT: What's the significance, for our discussion, of DOIs?
15:32:44 [noah]
JR: It's an existing non-URI naming system, that has been embedded in URI-space in at least two ways: info:doi and
15:33:37 [noah]
HT: I think Jonathan also said that naming schemes based on http to satisfy the needs is difficult, but doi shows that alternate approaches are not necessarily easier. The problems tend to pop up however you do it.
15:34:30 [ht]
JR: So all the issues raised in the Dirk and Nadia doc't arise when a publisher moves an identifier out of pure DOI space into the space
15:37:46 [noah]
SW: Next steps?
15:37:56 [DanC_lap]
15:37:57 [trackbot]
ACTION-33 -- Henry S. Thompson to revise URNsAndRegistries-50 finding in response to F2F discussion -- due 2008-12-13 -- PENDINGREVIEW
15:37:57 [trackbot]
15:38:04 [noah]
HT: I got some good advice, I would like to take this forward, and would like an action under which to do it.
15:38:11 [DanC_lap]
15:38:11 [trackbot]
ACTION-121 -- Henry S. Thompson to hT to draft TAG input to review of draft ARK RFC -- due 2008-12-05 -- OPEN
15:38:11 [trackbot]
15:38:24 [noah]
SW: You have ACTION-33 and ACTION-121.
15:38:34 [noah]
HT: Yes, I have to find the time to do the Ark work someday.
15:38:50 [DanC_lap]
action-33 due 1 Feb 2009
15:38:50 [trackbot]
ACTION-33 revise URNsAndRegistries-50 finding in response to F2F discussion due date now 1 Feb 2009
15:38:58 [noah]
HT: OK, let's do it under ACTION-33. I.e. we'll interpret the term "finding" broadly.
15:39:29 [noah]
DC: Is there a last call pending on the RFC? Is it an RFC?
15:40:10 [noah]
HT: It's a draft. I think John is working on it when he can.
15:41:00 [noah]
DC: So, not urgent, but we shouldn't drop it.
15:41:10 [DanC_lap]
action-121 due 1 March 2009
15:41:10 [trackbot]
ACTION-121 HT to draft TAG input to review of draft ARK RFC due date now 1 March 2009
15:41:13 [noah]
HT: Ping around 1 March.
15:41:41 [noah]
NM: Clarification, have we saided what is currently headed toward a finding at this point?
15:41:57 [DanC_lap]
15:41:58 [trackbot]
ACTION-33 -- Henry S. Thompson to revise naming challenges story in response to Dec 2008 F2F discussion -- due 2009-02-01 -- PENDINGREVIEW
15:41:58 [trackbot]
15:42:38 [noah]
HT: The original charge was to make a document that would be a finding. First document stalled. This may get there someday, but not prejudging for now whether it will be labeled as finding.
15:42:55 [DanC_lap]
break to 11:00 ET
15:42:58 [Stuart]
FYI drafrt-kunze-ark-15 has expired
15:43:02 [Stuart]
Stuart has joined #tagmem
16:05:54 [DanC_lap]
Uniform access to metadata aka issue-57
16:06:06 [DanC_lap]
16:06:42 [DanC_lap]
16:06:42 [trackbot]
ISSUE-57 -- The use of HTTP Redirection -- OPEN
16:06:42 [trackbot]
16:06:52 [noah]
topic: HttpRedirections-57 and Uniform Access to Metadata (ISSUE-57)
16:09:10 [Stuart]
16:09:19 [noah]
16:09:23 [DanC_lap]
Draft for discussion at TAG F2F (Dec 2008), 25 November 2008.
16:09:52 [noah]
JR: The objective is, from the draft, to "Establish a uniform, generally applicable method for a user agent to obtain information about a resource, given a URI that names the resource. "
16:10:06 [noah]
JR: So, we're looking for a follow your nose approach that works uniformly.
16:10:47 [jar] = graffle
16:11:11 [timbl]
timbl has joined #tagmem
16:11:46 [DanC_lap]
(for the meeting record, Somebody Should mail a copy to www-archive; I'm not inspired just now)
16:13:21 [DanC_lap]
16:13:21 [trackbot]
ISSUE-36 -- Web site metadata improving on robots.txt, w3c/p3p and favicon etc. -- OPEN
16:13:21 [trackbot]
16:14:20 [noah]
JR: Discussing
16:14:48 [noah]
JR: There is a proposal for a site meta-file.
16:15:15 [DanC_lap]
(timbl's point obliges me to an action to confirm that the POWDER WG knows about this site-meta spec; ah... JR says the archer is in contact with mnot)
16:16:34 [noah]
JR: The overall story from Mark, Eran, Phil and me is that you can get this metadata in any of a number of different ways. The choice may be application-dependent. Ways include site metatdata, which has it's own RFC, link header will have it's own RFC, and also link element.
16:16:42 [DanC_lap]
(what's the discussion forum of choice for the /site-meta spec?)
16:16:44 [noah]
AM: You'll get the same information in all cases?
16:16:48 [noah]
JR: Probably a strong SHOULD.
16:16:59 [Stuart]
q+ to as jar whether there is a way to state what realtion is applied in site-meta rules
16:17:09 [timbl]
q+ to ask what determines what way is used - server or client ? Is there a single result of this algo?
16:17:09 [noah]
JR: Orientation is not so much getting you the metadata itself, but rather getting you a document that holds the metadata.
16:19:34 [Stuart]
16:20:31 [DanC_lap]
q+ to ask to swap in an enumeration of the specific customers and their scenarios
16:20:43 [Ashok]
16:21:15 [Stuart]
ack me
16:21:15 [Zakim]
Stuart, you wanted to as jar whether there is a way to state what realtion is applied in site-meta rules
16:21:40 [noah]
SW: In that sample metafile, that's in the PDF, will you be able to know the relationship between the resources.
16:23:03 [Stuart]
s/to know/to state/
16:23:05 [DanC_lap]
16:23:19 [DanC_lap]
q+ to ask what's the discussion forum of choice for /site-meta
16:23:34 [Stuart]
ack timb
16:23:34 [Zakim]
timbl, you wanted to ask what determines what way is used - server or client ? Is there a single result of this algo?
16:23:36 [noah]
JR: Yes, you should. It's implicit<meta>
16:23:36 [noah]
16:23:37 [noah]
16:23:37 [noah]
16:23:37 [noah]
16:23:38 [noah]
16:23:51 [noah]
DC: It's one GRDDL transform away.
16:24:37 [noah]
NM: Ah, so knowning meta/descriptor-uri-rule/from/...your URI template here... allows GRDDL to infer thing described by for all URIs matching the template.
16:24:59 [noah]
TBL: Do you get the same information in all modes?
16:25:11 [noah]
JR: Well, some people have access to write site metadata and some don't
16:25:16 [noah]
DC: So, "no".
16:25:58 [ht]
q+ to remind (?) us that there can be more than one 'describedby' target
16:27:57 [DanC_lap]
tim described a protocol optimization that motivates invariants between the options
16:28:07 [DanC_lap]
acn danc
16:28:11 [DanC_lap]
ack next
16:28:12 [Zakim]
DanC_lap, you wanted to ask to swap in an enumeration of the specific customers and their scenarios and to ask what's the discussion forum of choice for /site-meta
16:28:14 [jar]
The intent (Eran's I think) is that if one path works, then you don't have to follow the other one. (path 1 = site metadata + rule, path 2 = link header)
16:30:35 [DanC_lap]
JAR: POWDER timeline isn't all that comfortable
16:31:25 [noah]
JR: The powder marketplace is not happy until this solved.
16:31:37 [DanC_lap]
16:31:49 [noah]
DC: So, there's a timing problem?
16:31:50 [Stuart]
jar... wrt to Eran's intent, I assume that either path is ok as the one to try first.
16:33:28 [noah]
JR: Not sure.
16:33:43 [noah]
DC: I'm not hearing that every ATOM feed reader is going to change.
16:33:47 [noah]
JR: Right.
16:33:55 [noah]
DC: Regarding Mobile Web, POWDER, etc.
16:34:28 [noah]
DC: Are there mobile folks involved in discussions with Mark N. et. al?
16:34:39 [noah]
JR: Not that I'm aware.
16:34:51 [noah]
DC: Mobile is why W3C did POWDER.
16:36:22 [DanC_lap]
(jar, thanks for ; very useful for me as team contact trying to coordinate all this stuff)
16:36:25 [noah]
TBL: POWDER and http-link headers are both examples of things that are pieces of the puzzle potentially for many things, but haven't been quite worth being the inspiration for brand new working groups.
16:37:12 [Stuart]
16:37:21 [noah]
DC: Is there a public discussion form for the site metadata?
16:37:25 [noah]
JR: www-talk, I think.
16:37:59 [Ashok]
Here is a thread:
16:38:28 [jar]
q+ jar to talk about Eran's use cases
16:40:48 [noah]
DC: Do you who Eran Hammer-Lahav works for?
16:41:00 [noah]
JR: I think it's Yahoo.
16:43:25 [jar]
Eran's blog:
16:47:33 [noah]
DC: Jonathan, do you trust yourself to evaluate solutions on behalf of this community.
16:47:44 [noah]
JR: Well, I try to listen to them carefully.
16:48:13 [dorchard]
dorchard has joined #tagmem
16:48:17 [noah]
DC: So, there is an outstanding worry about whether the mobile community is well enough connected. Does Mark N. have particular schedule goals?
16:48:33 [noah]
JR: I think both Eran and Mark are doing this because they need it for particular reasons.
16:48:41 [Stuart]
16:48:46 [Stuart]
ack ashok
16:49:59 [noah]
AM: I'm trying to think through the possible content of a TAG finding. Seems like it would be: "Here are specific ways of getting metadata, but you can try other ways to. What you get back may more may not be the same in all cases, and the formats may vary." Doesn't feel like a very sharp finding.
16:50:12 [noah]
s/ways to/ways too/
16:50:40 [DanC_lap]
16:50:54 [DanC_lap]
q+ to speak to the finding genre vs specs vs tag working papers
16:51:22 [noah]
NM: Is there a shared underlying.
16:51:58 [jar]
16:52:23 [dorchard]
Can you folks dial into zakim?
16:52:32 [noah]
JR: No
16:54:43 [Ashok]
16:55:28 [DanC_lap]
"point me to info about X" might be a good title
16:55:34 [noah]
JR: The commonality is answering the question: "what do you know about X"
16:56:12 [DanC_lap]
Zakim, this is tagf2f
16:56:12 [Zakim]
ok, DanC_lap; that matches TAG_f2f()9:00AM
16:56:20 [DanC_lap]
Zakim, code?
16:56:20 [Zakim]
the conference code is 824323 (tel:+1.617.761.6200 tel:+ tel:+44.117.370.6152), DanC_lap
16:57:20 [jar]
16:57:28 [noah]
NM: We could define idioms to be used by those who wish to do so. E.g. if your wish is that your description be integrated into the semantic web, you must tell us how to map your description to triples.
16:57:34 [DanC_lap]
ack ht
16:57:34 [Zakim]
ht, you wanted to remind (?) us that there can be more than one 'describedby' target
16:57:49 [Ashok]
ack Ashok
16:58:04 [Zakim]
+ +1.617.253.aabb
16:58:13 [DanC_lap]
Zakim, aabb is MITStar
16:58:13 [Zakim]
+MITStar; got it
16:58:54 [DanC_lap]
Zakim, MITStar holds ht, timbl, Ashok, danc, jar, noah, Stuart
16:58:54 [Zakim]
+ht, timbl, Ashok, danc, jar, noah, Stuart; got it
17:00:08 [noah]
HT: There is more than one thing that something can be described by. It's not functional. It's thus OK to get different descriptions by different.
17:00:29 [DanC_lap]
(I just realized: rel="describedBy" would probably be better as rev="describes" or rev="description")
17:01:04 [dorchard]
(and I think Mnot just added rev back into the -3 draft)
17:01:37 [noah]
TBL: The design could be that when you get a link header with described by, it points to THE site metadata file.
17:01:55 [noah]
HT: So, I conclude that in general it's OK to have multiple link headers with same relation.
17:01:55 [Stuart]
17:02:23 [noah]
TBL: In general, http headers and RDF statements both have the characteristic that they can be thrown in and interpreted relatively independent of each other.
17:02:47 [noah]
TBL: Thus, restricting to only one would be counter to the architecture.
17:03:19 [noah]
HT: I came to same conclusion for different reason: requiring only one would require agreement on packaging format, which likely isn't going to happen.
17:03:21 [noah]
17:03:31 [Stuart]
17:03:37 [Stuart]
ack jar
17:03:37 [Zakim]
jar, you wanted to talk about Eran's use cases
17:04:16 [noah]
JR: But for some specific relations, multiple may be inappropriate.
17:04:24 [noah]
HT: Yes, but I think Tim and I agree not in this case.
17:05:03 [ht]
s/not/multiple _is_ appropriate/
17:07:14 [noah]
JR: There is an XRDS spec being developed, and attempts to build discovery protocols. Eran took task of coming up with discovery protocol, and the two-branch choice of site metadata and link metadata as described in the PDF referenced above seems to be the direction he's leaning towards.
17:07:22 [noah]
JR: There is also a mailto use case.
17:07:26 [noah]
Several: Mailto?
17:07:36 [DanC_lap]
q+ to ask about XRDS and identity space specs (openid) and relate to RDF/FOAF and the upcoming W3C workshop on social somethingorother
17:07:59 [noah]
JR: There's a move afoot from those who think that some individuals can't conveniently get http-scheme URIs assigned for themselves, so the question is how to get metadata for them.
17:08:48 [noah]
DO: Yes, and, I need to declare things like "I own a site and is a valid email address at, but isn't."
17:09:42 [Stuart]
17:09:48 [DanC_lap]
ack danc
17:09:48 [Zakim]
DanC_lap, you wanted to speak to the finding genre vs specs vs tag working papers and to ask about XRDS and identity space specs (openid) and relate to RDF/FOAF and the upcoming
17:09:49 [Stuart]
ack danc
17:09:51 [Zakim]
... W3C workshop on social somethingorother
17:10:23 [Stuart]
zakim, mute daveo
17:10:23 [Zakim]
sorry, Stuart, I do not know which phone connection belongs to daveo
17:10:31 [Stuart]
zakim, mute dorchard
17:10:31 [Zakim]
sorry, Stuart, I do not know which phone connection belongs to dorchard
17:10:46 [DanC_lap]
17:10:46 [trackbot]
ISSUE-36 -- Web site metadata improving on robots.txt, w3c/p3p and favicon etc. -- OPEN
17:10:46 [trackbot]
17:10:59 [noah]
DC: I'm not yet concerned whether this results in a finding. I have an ISSUE-36 and working on this is useful whether we hatch findings or not.
17:11:39 [noah]
DC: I asked whether XRDS is one of these identity-related specs (scribe isn't quite sure what Dan meant - I think he meant whether the community interested in identity cares about it a lot)
17:11:53 [jar]
17:13:04 [jar]
timbl: Has anyone GRDDL'd XRDS to get RDF?
17:13:16 [noah]
DO: A lot of the discussions in the XRI community have been focussed on integrating with RDF. Haven't heard a lot from them about XRDS one way or the other, but I sense a lot of RDF focus.
17:13:47 [DanC_lap]
DC: the reason I asked whether XRDS was one of these identity specs (along with openid and cardspace) to recall the relationship with FOAF and RDF
17:13:55 [dorchard]
s/RDF focus/positive sentiment about RDF/
17:14:30 [noah]
NM: Are they really not interested in XRDS, I thought it was in their spec?
17:14:35 [jar]
17:14:38 [DanC_lap]
q+ to note the upcoming W3C workshop on social networking
17:14:40 [DanC_lap]
ack danc
17:14:40 [Zakim]
DanC_lap, you wanted to note the upcoming W3C workshop on social networking
17:15:10 [noah]
DO: No you misunderstood me. They obviously are interested in XRDS, I'm reporting what seems to be positive interest in RDF, not sure I heard a clear story on the two together.
17:15:19 [DanC_lap]
17:15:20 [DanC_lap]
W3C Workshop on the Future of Social Networking
17:15:20 [DanC_lap]
Call for Participation 15-16 January 2009, Barcelona
17:15:20 [DanC_lap]
17:15:39 [dorchard]
They are definitely interested in XRDS, I was only speaking about the relationship between XRI and RDF. ! ((XRI and XRDS) or (XRDS and RDF)).
17:16:25 [timbl]
Oshani, student at CSAIL, is first author on position paper for the workshop.
17:16:31 [timbl]
It has beensubmitted.
17:16:44 [noah]
TBL: Oshani, student at CSAIL, is first author on position paper for the workshop.
17:16:49 [jar]
XRDS spec = XRDS schema spec + XRD discovery protocol (not being factored out by Eran)
17:17:26 [Stuart]
Re: XRDS and RDF... this is what I found
17:17:34 [noah]
SW: Regarding XRDS and RDF I found
17:17:44 [noah]
SW: XDI is the group doing the data formats that go with XRI
17:18:24 [Stuart]
17:18:52 [DanC_lap]
sigh... a new ascii-level syntax in
17:18:54 [noah]
DC: The X3format appears not to be N3, XML, JSON, etc.
17:19:33 [ht]
I note with interest that there's a new draft of Cool URIs for the SemWeb:
17:19:34 [noah]
JR: Can I please get some guidance in the remaining 10 minutes?
17:19:37 [noah]
SW: Where do you think you are?
17:20:24 [ht]
Oh, forget it: "The only change from the previous version of this document is the addition of a link to an errata page. "
17:20:27 [noah]
JR: I'm a bit confused about what best scope would be. I might go one direction to satisfy myself, might go another to get maximum buyin. I guess I'm tempted to go in the middle, but what I really need are clear requirements, either wrt/ use cases or who needs to be happy.
17:21:44 [noah]
JR: The site metatdata with URI rewriting seemed appealing, in minimizing round trips by allowing the work to be done on the client.
17:22:48 [DanC_lap]
Zakim, who's making noise?
17:23:01 [Zakim]
DanC_lap, listening for 10 seconds I heard sound from the following: +1.604.709.aaaa (35%), MITStar (98%)
17:23:12 [DanC_lap]
Zakim, aaaa is dorchard
17:23:13 [Zakim]
+dorchard; got it
17:23:26 [DanC_lap]
Zakim, mute dorchard temporarily
17:23:26 [Zakim]
dorchard should now be muted
17:23:42 [Zakim]
dorchard should now be unmuted again
17:24:32 [noah]
TBL: There are downsides to proliferation of "see alsos". If you get back "see all of Wikipedia" when asking about Jonathan, things like tabulator don't get good value. Better to say: for this type of information, do it this way.
17:25:09 [timbl]
Tim: A good spec says "if we all do this, then we will have ths benefit".
17:25:20 [jar]
JAR: (that advice about seeAlso is news to me...)
17:25:50 [timbl]
Tim: It is good ten to profile the sorts of metadata whcih are made availabel, and formats etc until you have a set of clients which use a given algorithm and achieve a given level of functionality as a result.
17:26:17 [noah]
JR: Another approach is "just use site metadata, and if you can't influence it, chose another hosting service."
17:26:24 [DanC_lap]
(note to scribe: the topic/TOC label for this discussion please include issue-36 aka siteData-36 )
17:26:34 [noah]
SW: Some other alternatives seem to allow more direct "ask a question, get an answer"
17:26:39 [timbl]
An example is that hte tabulator has an algorithm which allows people to link to more data using rdfs:seeAlso, and this can work really well if respected and used reponsibly.
17:26:41 [DanC_lap]
17:27:43 [Stuart]
q+ to ask about any predisposition toward WKL's (cf siteData-36)
17:28:44 [Stuart]
17:28:56 [Stuart]
ack Danc
17:29:12 [ht]
q+ to ask site metadata discovery plans
17:30:07 [noah]
NM: I think we need more exploration. E.g. is ability to control the site metatadata something that any reasonable hosting provider can do, or are there good reasons that either (a) some can't or (b) even if they could, there would be other problems with that approach.
17:30:22 [dorchard]
17:30:25 [Stuart]
q+ skw2 to suggest that jar also mention the metadata-discovery googlegroup
17:30:37 [noah]
DC: I think you could continue in your role as advocate for the semweb use case and advise the TAG informed on what your peers are doing.
17:30:45 [Stuart]
ack next
17:30:47 [Zakim]
Stuart, you wanted to ask about any predisposition toward WKL's (cf siteData-36)
17:32:45 [DanC_lap]
(is /site-meta likely to take on leading-edge /robots.txt ideas? mnot's involvement suggests "yes" to me)
17:33:01 [noah]
SW: With robots.txt there has been a squatting issue because it's giving a reserved interpretation to that name. Same thing with site metadata
17:33:50 [noah]
NM: Could this, at least in principle, be the only one. You could say in the site metadata file "robots.txt has special meaning because I say so in the site metadata file, or in information you can find from it."
17:35:08 [Stuart]
ack next
17:35:09 [Zakim]
ht, you wanted to ask site metadata discovery plans
17:35:17 [DanC_lap]
q+ to review actions before we break for lunch
17:35:27 [noah]
JR: I would like this to be (something isomorphic to) ARK
17:36:18 [Stuart]
zakim, please close the queue
17:36:18 [Zakim]
ok, Stuart, the speaker queue is closed
17:37:32 [Stuart]
17:37:55 [noah]
HT: One of the advantages of the approach is that it offers the opportunity to do something of an end run around site administrators. If the discovery algorith were analagous to the .htaccess one, I.e. you look up the hierarchy in the URI, then by definition the same people who can post Web pages can put up site metadata files.
17:37:55 [Stuart]
ack next
17:38:45 [DanC_lap]
ack dorchard
17:38:51 [noah]
DO: I think the TAG could talk about the issue with Authority. Eran has asked me and Jonthan to think about whether the TAG has anything to say about whether a file like this can speak >authoritatively< for, e.g. a mailto: URI.
17:38:59 [ht]
HT acknowledges that his suggestion has a huge problem in the legacy/name squatting
17:39:03 [Stuart]
ack next
17:39:04 [Zakim]
skw2, you wanted to suggest that jar also mention the metadata-discovery googlegroup
17:39:05 [noah]
JR: Don't think I want to.
17:39:22 [noah]
SW: Should we point out the Google Group?
17:39:28 [ht]
s/in the/wrt/
17:39:30 [DanC_lap]
(if you want to speak authoritatively for a mailto: URI, you have to be the SMTP server. or edit the SMTP standard)
17:40:00 [noah]
JR: I want to encourage people to encourage the metadata discovery google group at
17:40:22 [noah]
DC: Is there any crossposting and or shared participation with www-talk?
17:40:28 [Stuart]
17:40:43 [ht]
q+ to get Jonathan's 3rd-hand comment about competence on the record
17:40:44 [noah]
JR: Some shared participation, don't think much cross posting, some difference of emphasis subject-wise
17:40:44 [Stuart]
17:40:44 [Stuart]
Discovery Coordination Report, Dec 5th 2008 Options
17:40:50 [Stuart]
17:42:06 [Stuart]
ack DanC
17:42:06 [Zakim]
DanC_lap, you wanted to review actions before we break for lunch
17:42:12 [noah]
HT: I believe the information sciences / library sciences community doesn't believe that, in general, the authors of a document can authoritatively provide the metadata for it.
17:42:33 [jar]
When I mentioned this metadata discovery issue to a library scientist, they said: Why on earth would anyone ask the publisher? They're not qualified to provide this kind of information.
17:42:39 [Ashok]
Ashok has joined #tagmem
17:43:06 [noah]
SW: We
17:43:15 [noah]
SW: We'll do review of related issues after lunch
17:43:26 [noah]
17:43:47 [Zakim]
17:46:44 [timbl]
timbl has joined #tagmem
18:20:32 [jar]
jar has joined #tagmem
18:30:58 [raman]
raman has joined #tagmem
18:37:21 [Stuart]
zakim, who is on the phone?
18:37:21 [Zakim]
On the phone I see MITStar
18:37:22 [Zakim]
MITStar has ht, timbl, Ashok, danc, jar, noah, Stuart
18:39:12 [timbl]
timbl has joined #tagmem
18:39:29 [Zakim]
18:39:33 [DanC_lap]
18:39:33 [trackbot]
ACTION-178 -- Jonathan Rees to prepare initial draft of finding on uniform access to metadata. -- due 2008-11-25 -- PENDINGREVIEW
18:39:33 [trackbot]
18:39:59 [DanC_lap]
Zakim, ??P4 is dorchard
18:39:59 [Zakim]
+dorchard; got it
18:39:59 [Stuart]
zakim, ??p4 is dorchard
18:40:00 [noah]
DC: On ACTION-178, you did an initial draft. Do we close the action or do a next step? 184 is still there.
18:40:00 [Zakim]
I already had ??P4 as dorchard, Stuart
18:41:05 [noah]
DC: Two use cases both relating to UAM: 1) XRD Discovery ....
18:41:23 [noah]
DC: Consider adding the XRD use case to UAM
18:41:49 [noah]
AM: Any downsides to doing nothing?
18:41:51 [timbl]
I note the tabulator has implemented HTTP link: header with rel=meta
18:42:08 [noah]
JR: I am going to do something. Science commons needs it, among others.
18:44:20 [noah]
JR: Potential action revise "Uniform Access to Metadata" (needs title change) to add XRD use case
18:44:42 [noah]
The document is at
18:44:58 [DanC_lap]
q+ to solicit reviewers of mnot's /site-meta draft
18:45:21 [Stuart]
zakim, please open the queue
18:45:21 [Zakim]
ok, Stuart, the speaker queue is open
18:45:40 [DanC_lap]
q+ to solicit reviewers of mnot's /site-meta draft
18:45:48 [noah]
ACTION: revise "Uniform Access to Metadata" (needs title change) to add XRD use case
18:45:48 [trackbot]
Sorry, couldn't find user - revise
18:45:59 [noah]
ACTION: jar revise "Uniform Access to Metadata" (needs title change) to add XRD use case
18:45:59 [trackbot]
Created ACTION-200 - Revise \"Uniform Access to Metadata\" (needs title change) to add XRD use case [on Jonathan Rees - due 2008-12-17].
18:46:01 [DanC_lap]
trackbot, status
18:46:18 [Ashok]
Ashok has joined #tagmem
18:46:25 [noah]
18:46:25 [trackbot]
Sorry, bad ACTION syntax
18:46:29 [noah]
18:46:29 [trackbot]
Sorry, bad ACTION syntax
18:47:55 [DanC_lap]
Zakim, who's on the phone?
18:47:55 [Zakim]
On the phone I see MITStar, dorchard
18:47:56 [Zakim]
MITStar has ht, timbl, Ashok, danc, jar, noah, Stuart
18:47:56 [noah]
JR: There are two things: 1) do we have anything to say about site metadata and 2) building on it. That's useful, but not clear whether TAG or SemWeb.
18:48:00 [DanC_lap]
Zakim, mute dorchard
18:48:00 [Zakim]
dorchard should now be muted
18:48:19 [noah]
JR: I guess I'd like to let a bit of time go by, think about it, maybe take it up in a month?
18:48:37 [DanC_lap]
action-178 due 2 Feb 2009
18:48:38 [trackbot]
ACTION-178 Prepare initial draft of finding on uniform access to metadata. due date now 2 Feb 2009
18:49:18 [noah]
18:49:19 [trackbot]
ACTION-116 -- Tim Berners-Lee to align the tabulator internal vocabulary with the vocabulary in the rules, getting changes to either as needed. -- due 2008-12-09 -- OPEN
18:49:19 [trackbot]
18:49:31 [noah]
SW: Tim, is action 116 one we should retain?
18:49:36 [noah]
TBL: Yes.
18:49:42 [noah]
SW: Revise due date?
18:51:39 [noah]
DC: Some concern about whether the Booth ontology is quite right.
18:51:59 [noah]
TBL: I will realign tabulator internal vocabulary, informed by reading of Booth ontology?
18:52:09 [noah]
DC: How related to link header?
18:52:25 [noah]
TBL: Broadly, they're both related to the question: with a URI in hand, what triples can I get.
18:52:26 [DanC_lap]
action-116 due 7 Feb 2009?
18:52:26 [trackbot]
ACTION-116 Align the tabulator internal vocabulary with the vocabulary in the rules, getting changes to either as needed. due date now 7 Feb 2009?
18:52:55 [noah]
18:52:55 [trackbot]
ACTION-184 -- Jonathan Rees to contact Lisa D of IESG, cc www-tag, to explain about 303, with cool URIs and webarch as references. -- due 2008-12-31 -- OPEN
18:52:55 [trackbot]
18:53:05 [noah]
SW: Action 184 is not due yet.
18:53:16 [noah]
DC: I think awwsw should report back to TAG.
18:53:32 [noah]
JR: Won't have a consensus view, but I can report back tomorrow if you like.
18:53:42 [DanC_lap]
ACTION jar: report on status of AWWSW discussions
18:53:42 [trackbot]
Created ACTION-201 - Report on status of AWWSW discussions [on Jonathan Rees - due 2008-12-17].
18:53:44 [DanC_lap]
ack danc
18:53:44 [Zakim]
DanC_lap, you wanted to solicit reviewers of mnot's /site-meta draft
18:53:44 [noah]
DC: Even knowing whether you're likely to do anything is a useful bit.
18:53:47 [Stuart]
ack next
18:54:05 [noah]
DC: One of us should look closely at Mark Nottingham's site metadata draft.
18:54:11 [noah]
AM: I can do that.
18:54:46 [DanC_lap]
action-201 due 11 Dec 2009
18:54:46 [trackbot]
ACTION-201 Report on status of AWWSW discussions due date now 11 Dec 2009
18:55:10 [jar] = Site metadata RFC draft
18:55:13 [DanC_lap]
action-201 due 11 Dec 2008
18:55:13 [trackbot]
ACTION-201 Report on status of AWWSW discussions due date now 11 Dec 2008
18:56:48 [noah]
ACTION: ashok to review due 10 January 2009
18:56:48 [trackbot]
Created ACTION-202 - Review due 10 January 2009 [on Ashok Malhotra - due 2008-12-17].
18:56:59 [DanC_lap]
action-202 due 10 Jan 2008
18:56:59 [trackbot]
ACTION-202 Review due 10 January 2009 due date now 10 Jan 2008
18:57:03 [timbl]
Jonathan, I note the tabulator follows currently link rel= {alternate|seeAlso|meta} preferring 'meta' -- why did you document use 'description'?
18:57:28 [jar]
the link relation is 'describedby' and in this I follow POWDER.
18:57:33 [noah]
SW: Ashok, is there anything else on this you feel that we've missed.
18:57:42 [noah]
scribenick: Ashok
18:57:48 [Ashok]
scribenick: Ashok
18:57:49 [noah]
scribe: Ashok Malhotra
18:58:00 [timbl]
(ah, powder)
18:58:12 [DanC_lap]
yes, timbl, good question; it should be in the POWDER issues list; I started searching but didn't really get to the bottom of it
18:58:21 [Ashok]
Topic: 6 Web Application security and Safe JavaScript
18:58:25 [DanC_lap]
POWDER is in last call, note.
18:58:43 [Stuart]
topic: Web Application security and Safe JavaScript
18:58:53 [jar]
Tim, I had a hard time finding any 'normative' spec for 'meta'. The only one I found was in RDFa, and it's pretty weak (x meta y if y is metadata for x)
19:03:30 [Stuart]
19:03:32 [timbl]
FOAF spec maybe sepcs it as pointer fromhome page?
19:03:48 [DanC_lap]
"Use the browser as part of the trusted computing base? Are you kidding?"
19:03:51 [DanC_lap]
no more kidding.
19:04:34 [Ashok]
On the other hand, after wrestling with the patchwork of javascript security policies in browsers in the past few weeks, the capability approach in adsafe looks simple and elegant by comparison. Is there any chance we can move the state-of-the-art that far? And what do we do in the mean time? Crockford's Jan 2008 post is quite critical of W3C's current work:
19:06:00 [Ashok]
... there are multiple interests involved in a web application. We have here the interests of the user, of the site, and of the advertiser. If we have a mashup, there can be many more interests.
19:08:30 [Stuart]
19:10:44 [DanC_lap]
JAR notes KeyOS circa '70s
19:11:01 [Ashok]
Capability security has a long history ... back to Butlet Lampson
19:11:15 [DanC_lap]
(I wonder if this history is told in wikipedia)
19:11:15 [Ashok]
19:11:24 [Stuart]
19:11:27 [Ashok]
Many implementations
19:12:35 [Ashok]
Tim: Describes some capability examples
19:13:14 [Ashok]
Tim: E.g. you can use this to access my salary
19:13:53 [Ashok]
Noah: I would mint a new pointer with special capabilities
19:15:06 [Ashok]
Tim: Any social constriant can be repsented in the capability
19:15:31 [Ashok]
jar: Any technical constraints ... not constraints that courts must enforce
19:17:28 [Ashok]
jar: Object capabilities and web keys are very different
19:19:13 [Ashok]
The capability system you wd have within yr browser would give you complete control of where the pointers go
19:20:23 [Ashok]
careful protocol between hosts .... hosts must have certain amount of trust
19:20:49 [DanC_lap]
(for reference, "webkey" is the subject of Tyler Close's Mashing with permission from the agenda)
19:21:23 [Ashok]
Noah: These are not pointers ... refernces more abstract
19:22:14 [Ashok]
e and webkeys are diferent systems with different properties
19:22:19 [timbl]
Jonathan: In E, there is Mandatory Access Control: Something which has a capabilaity can be made UNABLE to pass the cabability to something else. By contrast, any system which encodes capabilities with strings (like webkeys) cannot stop an object from cloning the string and passing it to anything else.
19:22:31 [Stuart]
19:25:00 [Ashok]
"this" is a problem is javascript
19:25:18 [Ashok]
Caja lets you use "this" in limited situations
19:27:06 [Norm]
Norm has joined #tagmem
19:27:08 [Ashok]
Tim: Calling it Access Control" is misleading. It's about privacy
19:28:19 [Ashok]
HT: My javascript is littered with "this"
19:30:06 [Norm]
Zakim, what's the passcode?
19:30:07 [Zakim]
the conference code is 824323 (tel:+1.617.761.6200 tel:+ tel:+44.117.370.6152), Norm
19:30:08 [Ashok]
HT: Its abt permission policy
19:30:32 [Zakim]
19:30:36 [Ashok]
RPPA - Resource Permission Policy Assertions
19:31:01 [DanC_lap]
ACTION DanC: discuss Access Control misnomer with Interaction Domain staff
19:31:01 [trackbot]
Created ACTION-203 - Discuss Access Control misnomer with Interaction Domain staff [on Dan Connolly - due 2008-12-17].
19:31:44 [Ashok]
20 percent of my lines in Javascript use "this"
19:32:08 [Ashok]
Norm: I use jquery ... it may use "this" behind the scenes
19:33:43 [Ashok]
Crockford says add a switch in Firefox to disable non-adSafe ads
19:33:57 [DanC_lap]
projected is
19:36:09 [Norm_]
Norm_ has joined #tagmem
19:37:00 [Ashok]
JSONRequest does not allow the server to abdicate its responsibility of deciding if the data should be delivered to the browser. Therefore, no policy language is needed. JSONRequest requires explicit authorization. Cookies and other tokens of ambient authority are neither sent nor delivered.
19:37:29 [Ashok]
For server read 'site'
19:38:00 [timbl]
Often, of course the 'site' is complicated as there is the SSN site, the[ syndicated] blogger, the commenter all may provide content
19:38:39 [Ashok]
Pick a s site ... ticketmaster
19:41:07 [Ashok]
Skw: You can put credentials in as parameters
19:43:06 [Ashok]
jar: capability systems require capabilities for everu requesy, session-based systems let you establish your rights at the start of the session
19:43:08 [ht]
HST tries to repeat his understanding of JAR's summary: a capability-based system requires a token of capability as a part of every request/transaction
19:43:54 [Ashok]
dan: Use ambient rather than session
19:44:01 [DanC_lap]
q+ skw
19:44:02 [jar]
"ambient" authority is authority that is just there, and gets used as needed by any request
19:44:09 [ht]
... whereas an ambient approach, which is what we're mostly used to, establishes an umbrella and then all subsequent operations are allowed (or not, as the case maybe) by that umbrella
19:44:16 [jar]
a capability must be "exercised" = passed as a parameter
19:44:17 [DanC_lap]
ack next
19:45:52 [jar]
capability security = no authority without designation (of the particular authority being exercised)
19:46:42 [Stuart]
19:48:05 [Stuart]
requirement #5 from ref'd doc: "The solution must be applicable to arbitrary media types. It must be deployable without requiring special packaging of resources, or changes to resources' content. "
19:50:23 [Ashok]
Back to the agenda
19:50:26 [Stuart]
19:50:41 [Ashok]
Norm, do you know mark S. Miller?
19:50:47 [Ashok]
Norm: Don't think so
19:53:02 [Ashok]
Dan: We have 8 minutes ... I suggest go for 20 minutes
19:53:10 [DanC_lap]
Zakim, remind us in 20 minutes to move on
19:53:10 [Zakim]
ok, DanC_lap
19:54:10 [Ashok]
Dan: Suart you have the floor
19:54:53 [Ashok]
skw: I did not find item 1 in the list satisfactory
19:55:09 [Ashok]
not connected with capabilities
19:55:43 [Ashok]
jar: What wd you like to know?
19:56:05 [Ashok]
Dan: Shd this stay in the TAG 'someday' pile
19:56:28 [Stuart]
q+ to ask whether the scope of the WSC-WG is relevant to this discussion.
19:57:06 [Ashok]
Noah: Yes... and possibly bring up sooner
19:58:00 [Ashok]
jar: It's hard for me to be impartial ... the first cgi script I wrote was abt capabilities
19:58:52 [DanC_lap]
q+ to note recent origin header discussion in the HTML WG
19:59:01 [Ashok]
This solution seems so obvious
19:59:28 [Ashok]
People are not making the connection ... it's defensive programming
20:00:57 [DanC_lap]
q+ timbl
20:00:58 [DanC_lap]
ack timbl
20:01:32 [Ashok]
Tim: I have not seen a completeness theorem for this .... need some examples
20:01:44 [Ashok]
jar: See e in a walnut
20:02:01 [Ashok]
20:02:52 [Stuart]
20:03:40 [Ashok]
Tim: Having programming in Ajax I feel I've been working with a capability system
20:04:12 [Norm]
Norm has joined #tagmem
20:05:57 [Ashok]
jar: What could be the outcome? Even a carefully guarded statement may be useful here.
20:07:27 [DanC_lap]
AM: I've been a fan of capabilities since the early '90s when I found a capability system in IBM; it's a beautiful system...
20:07:59 [DanC_lap]
... it had hardware support...
20:08:38 [DanC_lap]
... I wonder if it can be hacked.
20:08:52 [DanC_lap]
JAR: research results, related to garbage collection, are pretty solid
20:10:37 [Ashok]
Ashok: What do we do to encourage this direction?
20:10:57 [Ashok]
jar: There are 2 proposals: AdSafe, Caja.
20:11:47 [Ashok]
Tim: Shd we have little tutorials on these things: JSON Request, AdSafe
20:12:04 [DanC_lap]
q+ timbl to ack about jsonrequest and adsafe
20:12:19 [DanC_lap]
ack ashok
20:13:11 [Zakim]
DanC_lap, you asked to be reminded at this time to move on
20:13:30 [Ashok]
Tim: This is a really interesteing and timely bit of technology. Nailing it know wd do the world a lot of good.
20:13:36 [DanC_lap]
(I presume I can use 5 or 10 more minutes... or should I check orally? hmm.)
20:14:15 [Ashok]
It wd also make programming the stull easier. It wd be wiling to push to change the computing environment
20:16:16 [Ashok]
ht: Colored by personal experience. WACL is a hard spec to read but wd solve our problem
20:16:46 [Ashok]
My dept changed to using Kerberos and it made my life hell
20:17:10 [Ashok]
Disagreement with whether Kerberos is capability-based
20:17:35 [DanC_lap]
(nice job minuting, Ashok.)
20:17:54 [Ashok]
Don't see how AdSafe has anything to do w/capabilities
20:18:45 [DanC_lap]
(irc poll: (a) continue this discussion for another hour after a break today (b) schedule it tomorrow (c) action skw to schedule it for a telcon (d) other [pls specify how you're volunteering])
20:19:06 [Ashok]
How can we get there from here? We are using the browser as distributed app dev platform
20:19:21 [Ashok]
And it doen't do it terribly well
20:19:49 [Ashok]
It may be intrisically unfixable
20:20:31 [Ashok]
Even if there is a solution, can we get there from here?
20:20:44 [DanC_lap]
potential action: what does silverlight do? noah
20:20:47 [Ashok]
What does Silverlight do abt this?
20:20:50 [Ashok]
Noah: Same as Flash
20:21:22 [dorchard]
dorchard has joined #tagmem
20:21:44 [Ashok]
Norm: It shd remain on the 'soemday' pile. May be worth moving up
20:22:17 [noah]
For Flash, there's a standard data file you can leave on your site that says "yes, you can steal my data cross-site". Silverlight honors the Flash file, and I think has it's own slightly different equivalent if you prefer a Microsoft-specific approach.
20:22:31 [DanC_lap]
I'm for (a)
20:22:37 [Norm]
Norm has joined #tagmem
20:22:41 [Ashok]
Me too!
20:24:10 [DanC_lap]
breat to xx:40
20:24:17 [Ashok]
BREAK for 15 Minutes
20:24:17 [Norm]
back at xx:40!
20:24:21 [Zakim]
20:24:49 [noah]
MSDN page on Silverlight security policy:
20:27:25 [Zakim]
20:38:50 [Norm]
Norm has joined #tagmem
20:40:49 [Norm]
Zakim, what's the passcode?
20:40:49 [Zakim]
the conference code is 824323 (tel:+1.617.761.6200 tel:+ tel:+44.117.370.6152), Norm
20:41:10 [Zakim]
20:42:43 [Stuart]
Stuart has joined #tagmem
20:43:17 [Stuart]
amy... d'you know what time we have to stop so that the next people can use the room?
20:43:45 [ht]
ht has joined #tagmem
20:46:04 [Stuart]
20:46:46 [DanC_lap]
ack Stuart
20:46:46 [Zakim]
Stuart, you wanted to ask whether the scope of the WSC-WG is relevant to this discussion.
20:46:49 [Stuart]
ack Stuart
20:47:41 [Ashok]
Skw: What are We Security WG doing wrt to this issue?
20:48:02 [Ashok]
Dan: Some overlap
20:48:31 [Ashok]
skw: Is security of rich apps running in browsers part of their domain
20:48:40 [Zakim]
20:49:44 [Ashok]
Dan: The littlelock that lights up on yr browser is a security risk. They are seriously attacking the gap between the chair and the keyboard
20:49:50 [Stuart]
From: "Web Security Context Working Group
20:49:50 [Stuart]
From our charter: The mission of the Web Security Context Working Group is to specify a baseline set of security context information that should be accessible to Web users, and practices for the secure and usable presentation of this information, to enable users to come to a better understanding of the context that they are operating in when making trust decisions on the Web."
20:50:15 [jar]
20:50:58 [Ashok]
dan: The key/lock is harmful because websites put key in content
20:51:48 [ht]
q+ to ask how ADsafe is related to capabilities
20:51:54 [DanC_lap]
ack danc
20:51:54 [Zakim]
DanC_lap, you wanted to note recent origin header discussion in the HTML WG
20:51:58 [Ashok]
From WSC WG "to enable users to come to a better understanding of the context that they are operating in when making trust decisions on the Web."
20:51:59 [ht]
q+ ht2 to ask how JSONRequest works
20:52:34 [Ashok]
Another item ... origin header
20:52:55 [DanC_lap]
pls project:
20:53:32 [Stuart]
20:54:29 [Ashok]
Origin Header agenda item attracted attention... all interested parties showed up
20:55:11 [Ashok]
Adan Barth agrees to become editor
20:55:21 [Ashok]
of the spec
20:55:30 [Ashok]
20:55:49 [Stuart]
20:56:59 [Ashok]
Dan: I visit TicketMaster and there is a white hat reference and we go get it
20:58:41 [Ashok]
I buy ticket now I get lot's of cookies, etc. Now I end up on a bad guy site. This guy can do a post to TicketMaster and use cookies to buy another ticket.
20:59:37 [Ashok]
Mitigation is origin header in post to TicketMaster says its from bad guy site
21:00:24 [Ashok]
Noah: Construct a situation with long call stack. Which is the origin.
21:00:40 [Ashok]
HT: The article on screen tries to address this.
21:01:00 [Ashok]
Second bullet ....
21:01:46 [Ashok]
Noah: Can origin be forged?
21:01:58 [Ashok]
It's the invoking html doc
21:02:16 [DanC_lap]
ack timbl
21:02:16 [Zakim]
timbl, you wanted to ack about jsonrequest and adsafe
21:02:20 [jar]
q+ jar to ask how Mark M might help, supposing he wanted to
21:02:22 [DanC_lap]
ack ht
21:02:22 [Zakim]
ht, you wanted to ask how ADsafe is related to capabilities
21:03:03 [Ashok]
HT: How does AdSafe use capabilities?
21:03:26 [Ashok]
Jar: Nice discussion in second chapter on Caja spec
21:05:05 [Ashok]
Page 5 of caja spec
21:05:52 [Ashok]
AdSafe is very but cannot do a lot with it .... cannot get multiple AdSafes collaborating
21:06:01 [Ashok]
Dan: That's a feature
21:06:34 [Ashok]
jar: Caja is safe and powerful
21:07:06 [Ashok]
Put javascriot in upper left
21:07:51 [Ashok]
ht: AdSafe does not have tokens with capabilities
21:09:26 [Ashok]
Javascript has global object which has universal capabaility. They removed that.
21:09:47 [Ashok]
The DOM is a global access and AdSafe wraps access to the DOM
21:09:55 [Stuart]
21:09:59 [DanC_lap]
(for the record, the list stuart is projecting is a good answer to ht's question)
21:10:29 [Ashok]
HT: AdSafe removes some capabilities that javascript allows
21:10:58 [timbl]
timbl has joined #tagmem
21:11:34 [noah]
21:11:47 [noah]
A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights.
21:11:50 [Ashok]
jar: They needed a new name for object capabilities ... it's the same as hardware capabilities recast into software
21:14:31 [Ashok]
HT: Explains how AdSafe removes capabilities
21:15:09 [Ashok]
jar: A capability system has only capabilities not ambient authority
21:17:34 [Ashok]
HT: Where is the checking done?
21:19:45 [DanC_lap]
ack jar
21:19:45 [Zakim]
jar, you wanted to ask how Mark M might help, supposing he wanted to
21:19:52 [Ashok]
HT: We do not need to answer this question today
21:20:59 [Ashok]
He works for Googe. We can ask if he wants to join WG?
21:21:23 [Ashok]
21:22:50 [Ashok]
Dave: skw and I got invloved in this spec a while ago.... We tried to push them to Tyler approach
21:22:59 [Ashok]
We got pushback.
21:23:17 [Ashok]
Then they decided to do usecases and reqmnts
21:23:50 [Ashok]
Sturat and I looked at their docs and asked "what does the algorithm do"?
21:24:04 [Stuart]
21:24:55 [Ashok]
If we got enough people in WG that wanted something different we could get something done
21:25:36 [Ashok]
Need to muster support for a coherent position
21:25:45 [ht]
q+ to ask the social question
21:26:26 [Ashok]
Dan: We have looked at their work and we agree on their direction
21:26:48 [Ashok]
Dave: I understand their solution.
21:27:23 [Ashok]
Too many requirements and amny are muddled
21:27:42 [Ashok]
Dan: Too difficult to ask them to reopen requirements
21:28:23 [Ashok]
Dave: The did not follw process and ask for participation ... came out of .... work
21:29:05 [Ashok]
HT: Who do we have buy in on this?
21:29:23 [DanC_lap]
(it seems that the charter has since been fixed. "Access Control for Cross-site Requests (Access Control)" -- 2008/07/02 23:19:59 )
21:30:26 [Ashok]
Are their people who would deploy this and it would be real production?
21:30:54 [Ashok]
Dave: They pulled the final release
21:31:32 [Ashok]
Dave: Microsoft did not join WG but publish their own thing
21:32:03 [Ashok]
Seems like they are now going the W3C way
21:32:39 [DanC_lap]
21:32:41 [DanC_lap]
21:33:06 [DanC_lap]
ack ht2
21:33:06 [Zakim]
ht2, you wanted to ask how JSONRequest works
21:34:30 [Ashok]
dan: Any actions? Is it on our 'someday' pile?
21:34:38 [Ashok]
skw: No actions
21:35:09 [Ashok]
jar: Moral support resolution may be nice.
21:35:19 [Ashok]
skw: Support whom?
21:36:25 [Ashok]
dan: Noncommital resolution will not change anything
21:38:04 [Ashok]
jar: Goal is to encorage work on programming methodology that makes it hard to screw up
21:40:14 [Ashok]
jar: It is an architectural problem. Will not go away
21:40:59 [Ashok]
ACTION: jar to talk with Mark Miller and report back
21:40:59 [trackbot]
Created ACTION-204 - Talk with Mark Miller and report back [on Jonathan Rees - due 2008-12-17].
21:41:18 [DanC_lap]
action-204 due 14 Feb 2009
21:41:18 [trackbot]
ACTION-204 Talk with Mark Miller and report back due date now 14 Feb 2009
21:42:06 [Ashok]
Topic: uriBasedPackageAccess-61
21:42:08 [Zakim]
21:42:15 [Stuart]
21:42:49 [Ashok]
skw: We recd. direct request from them (Marcos) to comment on their requirements
21:43:25 [Ashok]
HT: Can we go thru this again
21:44:46 [Ashok]
Dan: I asked are these things ever written down and they replied usually not
21:44:58 [Zakim]
21:48:09 [Stuart]
looking at:
21:52:04 [Ashok]
Step 1 -Acquire a Widget Resource over HTTP or Local Storage
21:52:27 [Ashok]
We thought these requests did not come over HTTP
21:53:50 [raman]
raman has joined #tagmem
21:54:39 [Ashok]
ht: Is the config doc part of a widger resource? Answer appears to be 'yes'.
21:56:10 [Ashok]
21:57:43 [Ashok]
A HTML start file is also part of a widget resource
22:00:11 [Stuart]
Possible question of clarifiaction: "Is there a requiremment to be able to reference into a widget package from outside of the package?"
22:00:51 [Zakim]
22:01:28 [dorchard]
dorchard has joined #tagmem
22:03:04 [DanC_lap]
(another editorial matter: "widget resource" doesn't help me; just "widget" would be less distracting. and it says "resource" where "representation" seems better in several cases)
22:03:09 [Zakim]
22:03:28 [Ashok]
Why does it not just say -- A conforming spec MUST recommend a hierarchical adressing schems that can be used to address the individual resources within a widget resource from within a config doc, widget, or other constituent of the same widget pkg.
22:03:58 [Ashok]
22:05:19 [Ashok]
Action: Henry S to begin responding to Marcos asking the question: Why does the spec not say "A conforming spec MUST recommend a hierarchical adressing schems that can be used to address the individual resources within a widget resource from within a config doc, widget, or other constituent of the same widget pkg."
22:05:19 [trackbot]
Created ACTION-205 - S to begin responding to Marcos asking the question: Why does the spec not say \"A conforming spec MUST recommend a hierarchical adressing schems that can be used to address the individual resources within a widget resource from within a config doc, widget, or other constituent of the same widget pkg.\" [on Henry S. Thompson - due 2008-12-17].
22:05:29 [Zakim]
22:05:31 [Zakim]
22:06:16 [Ashok]
add to above action the words "In Reqmnt 6"
22:06:17 [Zakim]
22:06:18 [Zakim]
TAG_f2f()9:00AM has ended
22:06:19 [Zakim]
Attendees were +1.604.709.aaaa, +1.617.253.aabb, ht, timbl, Ashok, danc, jar, noah, Stuart, dorchard, Norm, Raman
23:34:17 [jar]
jar has joined #tagmem