W3C

Mobile Web Best Practices Working Group Teleconference

27 Jan 2009

Agenda

See also: IRC log

Attendees

Present
DKA, tomhume, Francois, jo, Dom, Jeff, achuter, adam, miguel, yeliz, SeanP, EdC, manrique, rob, bruce
Regrets
abel, DavidStorey, Kai, SangwhanMoon, VicquiChan
Chair
DKA
Scribe
Jo

Contents


Next F2F

<DKA> http://www.w3.org/2002/09/wbs/37584/BPWG-StillPossible-F2F-March-2009/results

dka: London roolz
... but we need to discuss a bit
... people from US may not be able to attend if we hold in London
... I'm going to be there anyway for the AC meeting as is Kai
... plus as David Storey notes SxSW is also ..
... it's a trade off
... balance of opinion is on London then I am happy with that (25-27 March)
... no clear decision ref Boston, London seems to be the winner

Francois: what about Adam?

Adam: I'd prefer London, could make Boston though

DKA: Can you host?

Adam: sure but we may have a problem with NDA's being waived

Dom: Can't be held in a place where an NDA is required
... but we did do it before at Google's office in LON

Adam: so I will chase up and see if we can follow that precedent

<DKA> PROPOSED RESOLUTION: We will have the next f2f in London 25-27 March 2009.

<dom> Policy Regarding Non-Disclosure Agreements and W3C Meetings

<dom> "W3C workshops, Technical Plenaries, Group meetings and other W3C-sanctioned events shall not be conducted on the premises of organizations that request W3C meeting participants to sign non-disclosure agreements in order to gain access to the host's facilities"

dka: we'll leave the question of hosts open, and if Google can't do it then we should be able to do it at Vodafone

<DKA> .

RESOLUTION: We will have the next f2f in London 25-27 March 2009

<francois> ACTION: daoust to setup a registration poll for next F2F in London [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action01]

<trackbot> Created ACTION-903 - Setup a registration poll for next F2F in London [on Fran├žois Daoust - due 2009-02-03].

adam: need to have info on room sizes

dka: francois, would you be so kind as to organise a poll?
... I would guess around 20

MWABP Update

Adam: have gone through Jo's extensive comments
... I raised an Issue yesterday, and would like to go through it

<francois> ISSUE-287?

Adam: I'll keep raising issues as I trip across things over the forthcoming weeks

<trackbot> ISSUE-287 -- Propose merging 3.1.1 and 3.1.2 in MWABP -- OPEN

<trackbot> http://www.w3.org/2005/MWI/BPWG/Group/track/issues/287

dka: good plan, wan't to open a discussion on how to get Ajax developers looking at this and engaing with it
... anyone?
... developer portals and Web sites, where we can get better community feedback

adam: don't know of anything mobile specific

<jeffs> +1 on site to allow dev feedback fm AJAX/Javascript devs... makes easier to solicit input from non-members

dka: where do people hang out who are working on iPhone Web apps

adam: sure there are Ajax discussion groups that would be a good place to go

<jeffs> suggest we est a site so we can publicize

dka: need to think about where we are going to publicise
... any android sites?

<dom> hmm... no point of raising an issue if nobody has a plan to submit?

dka: (dan discusses raising an Issue)

<jeffs> if group does not object, I will also start a thread on my "Center for the Handheld Web" blog http://chw.rit.edu/blog

dom: an issue with a plan to action it is like ...
... unly to get progressed

<francois> +1 to jeffs

dom: agree that we should get more feedback but think that someone needs to take an action to come back with a proposal or get on with some outreach

dka: jeffs, you can do some outreach?

jeffs: The idea of getting people to do outreach and gather stuff together makes sense
... I can do a post on the Center for the Handheld Web blog
... if you want other people to do outreach then they can point there or do their own

<scribe> ACTION: Jeffs to initiate discussion on his blog ref feedback on the MWABP [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action02]

<trackbot> Created ACTION-904 - Initiate discussion on his blog ref feedback on the MWABP [on Jeffrey Sonstein - due 2009-02-03].

<scribe> ACTION: appelquist to initiate discussion on betavine ref feedback on MWABP [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action03]

<trackbot> Created ACTION-905 - Initiate discussion on betavine ref feedback on MWABP [on Daniel Appelquist - due 2009-02-03].

<francois> ISSUE-287?

<trackbot> ISSUE-287 -- Propose merging 3.1.1 and 3.1.2 in MWABP -- OPEN

<trackbot> http://www.w3.org/2005/MWI/BPWG/Group/track/issues/287

adam: ISSUE-287 ...

<francois> [I note the issue was raised as "RAISED", which hides it deep in the list of issues. The "OPEN" state should be preferred. An email should have been sent to the mailing-list but was not. That's all dom's fault, for sure.]

<jeffs> to clarify, asking for feedback on MWABP in general or ECMAScript in specific?

adam: 3.1.1 Retain Info for Personsalization ... and 3.1.2 Autoamtically identify users ...
... apart from Network Operators this is really the same thing
... kind of no-brainer ways of keeping track of users and their preferences
... the gist is basically to identify user and minimise the input - the difference from BP1 being that there are more ways to do that now

dka: the how to do it can be merged if they are combined

adam: they are basically sayiong the same thing, once they are combined though not sure of the difference to BP1

<dom> [I have made sure new issues would appear as "open"; trying to figure out why issues aren't sent to the mailing list anymore]

<DKA> Jo: I think we need to get to the bottom of authentication separately. I agree with Adam however on this point.

<dom> [found why]

adam: what does the team think we are trying to say with this best practice, i.e. what important info should be in here, rather than just adding details for the sake of it

dka: can you do a proposal with a "before and after"

adam: OK

<scribe> ACTION: ref ISSUE-287 Adam to create a proposal for merge of 3.1.1. and 3.1.2 [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action04]

<trackbot> Sorry, couldn't find user - ref

<scribe> ACTION: connors to create a proposal for merge of 3.1.1. and 3.1.2 ref ISSUE-287 [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action05]

<trackbot> Created ACTION-906 - Create a proposal for merge of 3.1.1. and 3.1.2 ref ISSUE-287 [on Adam Connors - due 2009-02-03].

The "lang" attribute in XHTML Basic 1.1

dom: basically ...
... I ran some MobileOK statistics and one of the biggest causes of error was the fact that XHTML Basic doesn't allow the lang attribute
... at the same time I18N strongly recommends that in text/html you use both lang and xml:lang
... so either you break good practice for mobileOK or for I18N
... and the new orthodoxy is that any version of XHTML can be served as text/html (rather than only XHTML 1.0)
... XHTML2 WG is considering adding the lang attribute
... by going through the "proposed edited rec" process
... they are interested in support and assistance from BPWG
... so are we interested in adding the lang attribute
... to XHTML Basic?

<EdC> Fine with me, but as far as I know, most mobile devices supporting XHTML basic support XHTML basic 1.0, not 1.1.

dka: <mumble mumble> non trivial

dom: not difficult though proposed edited rec process, especially as limited in scope
... they want us to say we support

dka: I am supportive ... but hink that we need to understand more
... if we support and they make a change will we make a change to the checker?
... and so more content will become mobileOK

dom: yes they would release a new DTD and we'd make a trivial change to the checker and lots of sites would instantly become mobileOK

dka: what is the time frame?
... if it goes beyond June we are not around to make the change

dom: given that we have a normative dependency on XHTML Basic 1.1 we don't need a formal resolution to do it, so even if the process takes longer than the remaining time that is not a problem

<dom> PROPOSED RESOLUTION: the BPWG supports adding the lang attribute in XHTML Basic

<EdC> +1

<DKA> +1

<brucel> +1

<francois> +1

PROPOSED RESOLUTION: BPWG supports inclusion of lang attribute in all versions of XHTML and of upgrading checker to take into account

<dom> +1

<DKA> +1 to jo

<EdC> All versions means those specified by W3C -- not XHTML mobile profile...

<yeliz> +1

[which one were people supporting? mine is broader than Dom's?]

<EdC> (not = not necessarily)

<DKA> +1

PROPOSED RESOLUTION: BPWG supports inclusion of lang attribute in XHTML and of upgrading checker to take into account

+1

<DKA> +1

<SeanP> +1

<EdC> +1

RESOLUTION: BPWG supports inclusion of lang attribute in XHTML and of upgrading checker to take into account

Best Practice on security

francois: this discussion is on MWABP rather than than CT
... have had some feedback from the Web App Security Context group and think we will get feedback from them following their meeting tomorrow
... so suggest we postpone till next week

HTTPS qua CT

francois: we need to rationalise the topic on content transformation, and Jo had an action but he hasn't done it yet
... we have everything on the table and we need to make a decision
... will we put something in the guidelines and if so what would it be

rob: I started the discussion off on what should be done to address the question of what to do if you are the "man in the middle"

<francois> Rob's email on links rewriting

rob: ref security
... perhaps we should generalise the discussion rather than limiting to HTTPS
... that was my intention in kicking the discussion off
... but the discussion assumed the HTTPS context

<EdC> and a third issue: general security considerations on transformations not necessarily dependent on URL rewriting, nor on HTTPS (cookies, referer, etc).

francois: there are two questions, i) intercepting secure connections ii) rewriting links which triggers a number of cross site scripting problems
... and other security issues
... I think that we should have a "security consideration" section as proposed by Eduardo referencing what has been written by Rob
... I hope we are clear that we can't recommend to break the secure connection
... we can't endorse that as a best practice

dka: what is the way out of this

<rob> PROPOSED RESOLUTION: Include a section on General Security Considerations, which is appliccable to "man-in-the-middle" transformations, irrespective of SSL

francois: I think there should be a security consideration topic, or rather a security alert section

<scribe> ACTION: Jo to action his outstanding action [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action06]

<trackbot> Created ACTION-907 - Action his outstanding action [on Jo Rabin - due 2009-02-03].

<dom> ACTION-902?

<trackbot> ACTION-902 -- Jo Rabin to summarise current discussions on https link re writing -- due 2009-01-27 -- OPEN

<trackbot> http://www.w3.org/2005/MWI/BPWG/Group/track/actions/902

<dom> close ACTION-907

<trackbot> ACTION-907 Action his outstanding action closed

dka: anything else?

francois: I think we already resolved to change the link rewriting section - especially to remove the MAY as this would be to endorse the practice, which we don't

<EdC> There are editorial issues, to be done conformance statements, mandatory heuristics, at least.

francois: we really need a crystallization of the topic as it has spilled over into so many other areas

Mandatory Heuristics

<francois> ISSUE-286?

<trackbot> ISSUE-286 -- Transformation of Mobile Content/Mandating some respect of some heuristics -- OPEN

<trackbot> http://www.w3.org/2005/MWI/BPWG/Group/track/issues/286

francois: sean - summary?

sean: I raised this issue last week, but no email got sent out
... issue was raised about mandating heuristics around content-types and doctypes that are unambiguously mobile
... raised originally by Dom back in Nov
... we discussed a couple of weeks ago and I said that if you don't allow transformation on mobile pages then this prevents link rewriting
... and so you lose the proxy function
... so I wrote up the issue of user choice to allow users to choose mobile pages and EdC brought sup some points which I tried to answer
... and that is where we are

<dom> (as I mentioned last week, this only applies to cases where the proxy rewrites links; when it does, we could allow only to rewrite links, so as to preserve the proxy function)

francois: so we need to summarise where we agree and where we disagree
... so we need to agree that we say that those heuristics SHOULD be respected but with the caveat that the user can express the choice to continue link re-writing

<Zakim> jo, you wanted to say that jo has the action already

EdC: I don't think there is disagreement
... idea is simple
... if user doesn't want any kind of transformation then they get page untouched and they get links to non mobile sites
... but on the other hand if they allow transformed content then it is just a question of how the proxy works. Some will need to rewrite to keep users on mobile pages and others wont
... it is just a question of implementation
... saying SHOULD NOT is fine, you just need a reason to do otherwise

dom: it's more complicated than that. If the Proxy works at netowrk level then requests get caught anyway
... but for link re-writing proxies it is more difficult.
... so this would prevent non netowrk level proxies from doing their job

<francois> [Proxies SHOULD NOT transform explicit mobile content save links rewriting in Linked-mode proxies?]

dom: so the CT guidelines could say that rewriting links is OK in this case
... we should be as strict as possible for network level proxies but for link rewriting proxies, restrict as much as possible

edc: if you have to rewrite then you will rewrite and that is included in the SHOULD

dom: but that's not restrictive enough - so we need to explicitly limit what can be rewritten in those circumstances

edc: the question of saying which restrictions is a long topic - we could open too big a can of worms and we won't be able to resolve it.
... rewriting URLs in out of band proxies falls into that category

dom: that would open the door to transforming everything

edc: <scribe missed it>

<francois> s/trasnforming/transforming

seanp: you know where I am coming from, if a user allows it then we should be able to transform sites
... we gets lots of requests for this

<EdC> In short:CT-proxies should not modify mobile content -- except as strictly necessary to make desktop content accessible to mobile devices. URL rewriting is unavoidable for out-of-band proxies (i.e. those that do not capture all HTTP traffic by default). Other transformations are in principle not admissible.

<Zakim> jo, you wanted to say that it is allowed

jo: we already say that users may request transformed content but that can't be the default assumption

seanp: sounded like mobile was going to be treated differently to the mobile page

jo: ah I see

francois: doh?

jo: I think that Sean was saying that we allow transformation of the request and therefore implicit requested transformation of the response (from desktop to mobile) but we haven't documented any facility for the user to request transformation of a mobile response. The one applies to the request and the other applies to the response irrespective of the request

seanp: yes

dka: jo can you scrivbe that as a resolution

jo: no, not now I'm busy, dammit

<francois> [Summary of what I think: we agree to mandate respect of explicit mobile pages, with 2 points to detail: 1. on the wording for proxies that operate in links-mode 2. user expression of choice for transformation of mobile pages]

<dom> +1 to francois summary

PROPOSED RESOLUTION: Introduce a section describing a non-defaultable user option to tranform responses irrespective of the transformation of the request, even where the response is apparently mobile according to the so-called mandatory heuristics

<dom> on francois.2, I think we should keep it simple, and say your "deployment" doesn't conform when mobile page gets transformed

<SeanP> What's meant by non-defaultable?

<EdC> This seems to me splitting hairs. End-users are actually offered the following: leave everything untouched. Transform responses from desktop to mobile -- it might have some side effects on mobile pages depending on the implementation of the gateway, i.e. out-of-band might have to rewrite URL to external desktop sites. Transform mobile transactions for whatever other reasons.

<dom> <dom> on francois.2, I think we should keep it simple, and say your "deployment" doesn't conform when mobile page gets transformed

edc: stunned by proposal of defaultable: simply put the user can have 3 choices - a) no transformation at all b) access desktop sites and transform c) some additional transformation

dom: problem with the approach is that you can say that the user signed a contract that says everything gets trasnformed, so this is really not a viable choice
... so we are really creating lots of loop holes [Emmental?]

edc: didn't we say that these have to be opt-in

dom: isn't signing a contract opting in?

edc: no you have to check what you want

jo: we say that preferences will be maintained on a site by site basis which goes some way to addressing Dom's point

<dom> [but that doesn't match the everything/only desktop/nothing approach that eduardo proposed, does it?]

seanp: ref dom's point ref the contract - I thought we moved it to an appendix to out of band means, and that we were going to an interstitial apporach - i.e. something you do on the phone and not something you do by contract
... and what about about the site by site thing
... thought it was on a session basis

jo: we say site by site

<dom> Current section on user preferences

<DKA> PROPOSED RESOLUTION: Introduce a section describing a non-defaultable user option to tranform responses irrespective of the transformation of the request, even where the response is apparently mobile according to the so-called mandatory heuristics

<EdC> Current version 4.2.2 User Preferences

<EdC> Proxies must provide a means for users to express preferences for inhibiting content transformation. Those preferences must be maintained on a user by user and Web site by Web site basis.

<dom> "Proxies must provide a means for users to express preferences for inhibiting content transformation. Those preferences must be maintained on a user by user and Web site by Web site basis. Proxies must solicit re-expression of preferences in respect of a server if the server starts to indicate that it offers varying responses as discussed under 4.2.6 Receipt of Vary HTTP Header."

dom: I think this is too detailed. It should be non-conformant

francois: I agree with Dom

<EdC> The resolution proposal is convoluted.

francois: isn't 4.2.2 enough?
... it's not limited to request or response
... let's leave 'as is'
... and mandate respect of explicit mobile site

<DKA> PROPOSED RESOLUTION: leave 4.2.2 as is and do not say anything about transformation of mobile-friendly content.

<EdC> Basically, you could have many other transformation options: filter for viruses, translate from * to English, add dancing bears, etc. All these are user-selectable.

PROPOSED RESOLUTION: We will not offer an explicit carve out for transforming mobile content at user request, transformation of such content is non-conformant

<dom> PROPOSED RESOLUTION: mandate respect of heuristics (as SHOULD), with caveat on links rewriting

<francois> +1 to both

seanp: liked the original one better
... are we saying in the proposed resolution that if you transform mobile content then you are non conformant?

dom: yes

dka: isn't there a middle way?

dom: we need to take this to the list

dka: thanks and good night

Summary of Action Items

[NEW] ACTION: appelquist to initiate discussion on betavine ref feedback on MWABP [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action03]
[NEW] ACTION: connors to create a proposal for merge of 3.1.1. and 3.1.2 ref ISSUE-287 [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action05]
[NEW] ACTION: daoust to setup a registration poll for next F2F in London [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action01]
[NEW] ACTION: Jeffs to initiate discussion on his blog ref feedback on the MWABP [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action02]
[NEW] ACTION: Jo to action his outstanding action [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action06]
[NEW] ACTION: ref ISSUE-287 Adam to create a proposal for merge of 3.1.1. and 3.1.2 [recorded in http://www.w3.org/2009/01/27-bpwg-minutes.html#action04]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.133 (CVS log)
$Date: 2009/01/27 16:36:30 $