12:59:39 RRSAgent has joined #wam 12:59:39 logging to http://www.w3.org/2009/04/16-wam-irc 12:59:49 RRSAgent, make log Public 12:59:54 ScribeNick: ArtB 12:59:56 Zakim, +358.503.85aaaa is JereK 12:59:56 + +47.23.69.aabb 12:59:56 +JereK; got it 12:59:58 Scribe: Art 13:00:02 Chair: Art 13:00:04 Zakim, aabb is Arve/Marcos 13:00:04 +Arve/Marcos; got it 13:00:17 Agenda: http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0181.html 13:00:31 fjh has joined #wam 13:00:56 Date: 16 April 2009 13:01:02 Is anyone else on the line? I tried saying "Hi" but can't hear anyone 13:01:04 +Art_Barstow 13:01:20 Meeting: Widgets Voice Conference 13:01:39 Zakim, call Mike-Mobile 13:01:50 zakim, what is the code? 13:02:01 Present: Art, Josh, Marcos, Arve, Frederick, Jere 13:02:08 ok, MikeSmith; the call is being made 13:02:11 +Mike 13:02:16 Present+ Mike 13:02:23 the conference code is 9231 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), fjh 13:02:33 -Mike 13:02:54 Topic: who's here? 13:03:02 ArtB: can you please do "Zakim, call Mike-Mobile" again in about 10 minutes? 13:03:02 zakim, call thomas-781 13:03:06 ok, tlr; the call is being made 13:03:07 +Thomas 13:03:07 AB: anyone heard from Robin lately? It would be good if he was here 13:03:15 Present+ Thomas 13:03:17 +??P0 13:03:23 +Frederick_Hirsch 13:03:24 zakim, I am thomas 13:03:25 ok, tlr, I now associate you with Thomas 13:03:31 Present+ Mark 13:03:33 mpriestl has joined #wam 13:03:46 Topic: Review and tweak agenda 13:03:55 AB: agenda submitted on 14 April (http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0181.html). One change I propose is to drop PAG status since Rigo's related email (http://lists.w3.org/Archives/Member/member-widgets-pag/2009Apr/0000.html) covers the status, AFAIK. 13:04:24 AB: any issues with dropping that agenda item? 13:04:26 [None] 13:04:34 AB: any other change requests for the agenda? 13:04:37 [None] 13:04:50 Topic: Announcements 13:05:15 JS: I'd like to talk about a widget implementation I saw recently 13:05:20 AB: how about AOB? 13:05:22 JS: OK 13:06:11 Arve: I want to add show and hide proposal to A+E section 13:06:20 AB: OK, we will cover that proposal then 13:06:37 MP: I need to leave after one hour 13:06:52 FH: I need to leave then too 13:07:07 Topic: DigSig: Feedback sought on ECDSA Curves: 13:07:19 AB: On April 8 Frederick asked the group for feedback regarding the various ECDSA Curves (http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0094.html). Frederick, please give us a short intro and then explain what you want from us and the deadline for feedback. 13:08:10 FH: I sent a note that talked about some of the specific EC curves 13:08:21 ... I rephrased the question to the group 13:08:33 ... Please get some feedback and let us know 13:09:18 q+ 13:09:29 ... I think the timing is more critical to the WebApps WG then to XML Sec WG since WebApps wants to go to LC sooner 13:09:36 FH: any other timing questions? 13:09:42 http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0094.html 13:10:02 FH: please review the above message and respond within two weeks 13:10:32 This message clarifies and sonstrains the request for information regarding the elliptic curve, notes that it reduces the number. 13:10:33 AB: who expects to provide information on the EC curves? 13:10:40 MP: VF will provide feedback 13:11:06 ... I think FH's new email does help clarify the EC curve issue 13:11:19 ... Not sure about the IPR related to this though 13:11:39 FH: I can't make any authoritative statements; I'm just passing along info from US govt 13:12:28 tlr has joined #wam 13:13:05 FH: TR was saying the intent of my email was to narrow the scope 13:13:12 tlr; the question is narrowing the scope of what's asked, based on a perception that responses might be different for some specific curves than they would be for a general requirement 13:13:15 MP: I can give some prelim feedback 13:13:23 ... the main issue for us is IPR 13:13:56 ... we are going to do some checking to see if the IPR is a major issue for us because it will involve our legal team 13:14:03 FH: thanks Mark; that would be helpful 13:14:29 Topic: DigSig: ISSUE-83 - Instantiated widget should not be able to read digital signature 13:15:03 AB: we've discussed this on e-mail and in meetings. Want to spend a little bit of time on it today with the hope of getting consensus on how to close it. If we start to rat-hole, I will cut off discussion. As I've said on the mail list (http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0162.html), I don't think this issue should be addressed in a normative/prescriptive way. What do others think? (See http://www.w3.org/2008/webapps/track/issues/83) 13:15:37 q+ 13:15:53 MC: I think the ball is in Mark's court; some members are not convinced this is an issue 13:16:18 ... I think we need to get a sense from MP about the level of severity 13:16:43 MP: we think we identified a risk and the fix is relatively easy 13:17:02 ... we don't think the use cases against it are compelling 13:17:20 ... I'm not sure we have consensus on what the issue is 13:17:38 AB: I think the issue is clear 13:17:47 FH: I could use a reminder 13:17:59 MP: we allow mult sigs in a package 13:18:24 ... the sigs do not sign each other 13:19:34 q+ 13:19:37 ... can have a package with some files that are not signed 13:19:48 ... could lead to abuse 13:20:12 FH: so there is a covert channel 13:20:18 ... I agree it is a risk 13:20:44 anne has left #wam 13:20:49 ... but I'm concerned about an arbitrary rule that precludes all sig files from being accessed 13:21:00 ... think some policy re access is a better way to go 13:21:04 anne has joined #wam 13:21:27 ... rather than a single rule that says no, this is not ever allowed 13:21:44 MP: I don't understand the use case 13:21:58 ... but I do agree displaying some info to the user could be useful 13:22:29 ... I don't think the widget itself should be allowed to access the widget package contents 13:23:20 ... If we go in the policy direction, need text on Object element restrictions too 13:24:13 [ FH makes a proposal that I did not minute ...] 13:24:51 proposal is that ds:Object element be required to be signed, hence part of signature verified and validated 13:24:55 TR: I'm not sure I see a strong use case for accessing the signature 13:25:17 ... unless we create some type of API 13:25:53 TR: think there may be a larger covert opportunity e.g. HTML iframes 13:26:21 q+ 13:26:27 q- 13:26:31 q+ 13:26:43 ... behavior user sees can be controled by things that are not signed 13:27:07 MP: I agree with TR's points 13:27:31 should this be a security decision with note that implementation should take care regarding access control to information? 13:27:47 s/decision/consideration in the specification/ 13:28:32 MP: think we just need a couple of lines in the spec to close the hole 13:28:34 proposal - add security consideration about covert channels and providing access to information, access control decision by implementation 13:28:59 AB: which spec? 13:29:18 MP: P+C spec 13:29:27 Arve: re covert channel issue 13:29:41 ... I think restricting access to sig files is going overboard 13:30:56 q? 13:31:07 q- 13:31:16 ... would rather propose that we treat the signature as invalid if it has non-conformant data 13:33:10 FH: I'm concerned we are trying to be too prescriptive in the spec rather leaving this as an impl detail re the access policy 13:33:40 ... I agree we need a Security Considerations section in P+C and we could add this issue there 13:33:54 ... not sure it's a good design to restrict implementations 13:34:26 q- 13:34:41 proposing that implementations address issue via access control 13:35:09 AB: clearly we don't have consensus here 13:35:48 ... Marcos, will you please re-submit your complete proposal? 13:35:50 MC: yes 13:35:59 AB: FH, will you please submit your proposal? 13:36:01 FH: yes 13:36:23 -Frederick_Hirsch 13:36:23 Topic: P&C spec: Simple approach for 13:36:49 AB: On March 26 Robin made a proposal for the element. I don't believe there has been any follow-up yet this is a relatively major issue with respect to P&C going to LC#2. Robin, please give us a short intro and status on your proposal (http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0943.html). 13:37:05 AB: anyone know the whereabout of Robin? 13:37:17 ... he wasn't here on April 2 either 13:37:34 ACTION: barstow Ask Robin to flesh-out his element proposal 13:37:34 Created ACTION-332 - Ask Robin to flesh-out his element proposal [on Arthur Barstow - due 2009-04-23]. 13:38:05 AB: any comments on Robin's proposal? 13:38:27 MC: it is aligned with the way I think we should go 13:38:33 AB: anyone else? 13:38:33 -JereK 13:39:07 q+ 13:39:11 Topic: P&C spec: I18N proposal from Marcos 13:39:13 +JereK 13:39:38 TR: I want to briefly speak to Robin's proposal 13:40:20 ... how we thought about how this would be used at install time? 13:40:27 s/how we/have we/ 13:41:00 ... want to understand the use of the policy 13:41:06 ... Any comments on that? 13:41:27 MP: we think this info will be used at diff points 13:41:37 ... for example at distribution time 13:41:47 MikeSmith has joined #wam 13:41:59 ... decisions could be made by user e.g. at install time 13:42:08 ... could also use this info at runtime 13:42:10 Zakim, call Mike-Mobile 13:42:10 ok, MikeSmith; the call is being made 13:42:12 +Mike 13:42:51 TR: also need some text about the use beyond just access control 13:42:56 Zakim, mute Mike 13:42:56 Mike should now be muted 13:42:58 ... e.g. DNS control too 13:43:12 Zakim, Mike is MikeSmith 13:43:12 +MikeSmith; got it 13:43:40 s/Topic: P&C spec: I18N proposal from Marcos// 13:44:20 AB: TR, would you please respond to Robin's proposal with your comments 13:44:27 ... they are good things we need to consider 13:44:32 TR: yes; I'll do that 13:44:53 Topic: P&C spec: I18N proposal from Marcos 13:45:24 AB: Marcos has been working on a I18N model that will presumably address all of the related open issues for the P&C spec. This is another one of the major issues that must be closed before we publish LC#2. Marcos, please give us a short intro and then I'll open up for others' comments. Proposal is in CVS (http://dev.w3.org/cvsweb/2006/waf/widgets/i18n.html). 13:46:12 MC: my doc presents several options for localizing a widget 13:47:33 ... we have about 16 different options 13:47:41 ... some result in invalid widgets 13:48:01 ... also addresses the xml:base issue we've discussed 13:48:12 -Thomas 13:48:50 AB: is the proposal complete? 13:49:18 MC: I consider it still a rough proposal but it is mostly done 13:49:49 AB: I believe only Jere has responded so far 13:50:08 MC: yes; I also submitted it to the I18N Core WG 13:50:17 ... we may want to publish it as a WG Note 13:50:29 JK: have you received any feedback to the I18N Core WG 13:51:00 MC: no, I have sent it to the whole WG yet, just Addisson 13:51:10 JK: my comments are base on an older version 13:51:22 ... I gave some feedback on the options 13:51:45 http://dev.w3.org/2006/waf/widgets/i18n.html 13:51:48 ... perhaps we should try to reduce the number of options so it isn't overwhelming to the reader 13:52:03 MC: in section 9 there is a matrix that summarizes the options 13:52:54 AB: so a reader could stop at the table in section 9? 13:53:03 MC: yes, that's basically true 13:53:20 JK: it's great you did this work Marcos; it is essential we get it right 13:53:50 ... I urge everyone to read the proposal and make sure we get it right the first time 13:54:03 ... I don't think we want some type of incremental approach 13:55:02 AB: when will the doc be ready for a broad review? 13:55:06 MC: by the end of today 13:56:22 ACTION: Marcos send a Request for Comments re I18N proposal to I18N Core WG and WebApps WG on April 16 with a 1-week review period 13:56:22 Created ACTION-333 - Send a Request for Comments re I18N proposal to I18N Core WG and WebApps WG on April 16 with a 1-week review period [on Marcos Caceres - due 2009-04-23]. 13:56:40 JK: I think we can reduce the options today 13:56:53 ... please see my comments 13:57:10 i can't make that deadline 13:57:12 ... if something can be removed from the list, we should do so before we ask for broad review 13:57:36 JS: I will be on vacation starting today and cannot get comments in by April 23 13:59:08 AB: the action for everyone is to read this document and submit comments by April 23 13:59:40 AB: thanks Marcos for this good work! 14:00:03 ... I note that I support a WG Note after we have WG consensus on the content 14:00:19 Topic: A&E spec: preferences attribute and the Storage interface; 14:00:35 AB: Marcos started a thread on April 6 (http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0040.html) that included a proposed change to the preferences attribute. Several commentors disagreed with the proposal. If I understand the status correctly, Marcos' intent was to notify the group we may want to consider only prescribing HTML5's Storage support for HTML5 UAs only but he is OK with leaving the text as is (in the 26 March ED, http://dev.w3.org/2006 14:00:35 -Mark 14:01:29 MC: yes, the above summary is correct 14:01:41 AB: RESOLUTION: the preferences attribute as specified in the 26 March 2009 ED is OK 14:02:02 AB: any objections 14:02:12 [ None ] 14:02:14 RESOLUTION: the preferences attribute as specified in the 26 March 2009 ED is OK 14:02:21 Topic: Plan to get inputs and closure on the Red Block issues 14:02:46 AB: Arve agreed to create a proposal (see Action #235 http://www.w3.org/2008/webapps/track/actions/325) to address the Red Block issues. I don't believe that proposal has materialized. Arve, what is the status? 14:03:39 AB: some resolutions from April 2 are not in the ED 14:03:40 http://dev.w3.org/2006/waf/widgets-api/Overview.src.html 14:04:23 Arve: let's look at the version MC just put into IRC 14:04:46 AB: yes, that's fine with me 14:05:19 Arve: I'll hightlight the changes 14:05:44 ... Section on Resolving DOM nodes removed 14:05:51 AB: yes, we agree to do that before 14:06:06 Arve: Window interface 14:06:47 MC: we need to say how the Widget interface will be implemented on the Window interface 14:07:00 Arve: without actually mentioning the Window object 14:07:31 MC: we have also remove refs to XHR spec 14:07:43 s/remove refs/removed refs/ 14:07:56 Arve: we also removed the Icon interface 14:08:46 ... the previous text didn't make sense on some platforms 14:08:57 ... for example in a desktop scenario there could be several icons 14:10:14 Arve: also because of this, removed the icon attribute 14:11:24 AB: so, this version addresses all of the Red Block issues that were in the March 26 ED? 14:11:26 Arve: yes 14:11:35 AB: ok, so we can close action 325 14:12:41 AB: Arve, will you please do two things: 14:12:48 ... 1. build the doc and check it in 14:12:57 ... 2. annouce the doc on public-webapps 14:13:00 1 is already done 14:13:04 Arve: so what's next? 14:13:18 AB: good question; what do people think? 14:13:43 [ No comments ] 14:14:01 Arve: the next step is to fill in Ack section 14:14:22 ... then publish a new WD to see if there are any major issues 14:14:33 ... then push toward LC ASAP 14:14:43 AB: that sounds like a good plan to me 14:14:55 Arve: I do not want any scope creep 14:15:29 anne has joined #wam 14:15:51 Arve: may want to wait for feedback for removing hide and open methods 14:16:05 ... but they can be defined via extension mechanism 14:16:24 AB: yes agree on scope creep 14:17:17 fwiw 14:17:23 i'm opposed to using 'onclick' in new apis 14:17:24 AB: we can publish a new WD ASAP or publish the next version as a LC 14:17:27 (showNotification()) 14:17:31 MC: no, not ready for LC 14:17:44 JK: may need an API or two related to localization 14:17:59 q+ 14:18:14 ... for example Dashboard has some Localization APIs for getting localized strings 14:18:35 Arve: we thought about that model but rejected it 14:18:45 ... don't think it is a good model to follow 14:18:54 s/Arve: we/MC: we/ 14:19:37 ... can load scripts dynamically and then easily emulate Dashboard methods 14:20:01 Arve: don't want to follow Dashboard model; it raises more concerns then it solves 14:22:22 AB: I prefer to publish a new WD ASAP and then open the discussion for comments including this localization API 14:22:38 AB: RESOLUTION: we publish a new WD of A+E ASAP 14:22:48 AB: any objections to this proposal? 14:23:21 RESOLUTION: we publish a new WD of A+E ASAP 14:24:17 Topic: Window Modes spec: status and plans 14:24:22 AB: I believe the plan of record is for Robin to be the Editor of this spec. The only related document in CVS is "Widgets 1.0: Media Query Extensions" (http://dev.w3.org/cvsweb/2006/waf/widgets-wm/). I have three initial questions: 1) is this MQ Extension spec the one that will normatively define the Window Modes; 2) what is the status of the window mode specification; 3) what, if any, dependencies do P&C and A&E have on the formal definition of window modes? 14:25:14 AB: did Robin agree to be editor of Window Modes spec? 14:25:18 MC: I don't know 14:25:40 ACTION: barstow deterimine if Robin agreed to be editor of the Window Modes spec 14:25:41 Created ACTION-334 - Deterimine if Robin agreed to be editor of the Window Modes spec [on Arthur Barstow - due 2009-04-23]. 14:26:21 MC: yes 14:26:22 AB: is the normative defn of Window Modes a separate doc than this MQ Extensions doc? 14:27:16 AB: what about question #3 above re depedencies P+C and A+E have on Window Mode definition? 14:27:36 Arve: width and height in A+E may have a dependency 14:28:19 MC: I don't see any dependencies P+C will have on Window Modes spec 14:28:25 AB: good answer! 14:28:41 AB: anything else on Window Modes 14:28:59 Arve: what if Robin cannot agree to be Editor of Window Modes? 14:29:05 AB: good question 14:29:22 JereK has left #wam 14:29:24 Arve: without it we are likely to have some interop problems 14:29:28 -JereK 14:30:01 AB: I will work with Mike to try to find a resource if Robin can't help 14:30:18 Topic: AOB 14:30:25 AB: I don't have anything 14:30:42 JS: I saw a widget UA 14:30:56 ... demo to a large audience 14:31:16 ... if the widget is HTML then it can be styled by CSS 14:31:59 ... there are two classes: author wants widget to have its own look and feel; others will want the widget to just fit in with rest of the platform 14:32:26 ... need some way to say "I want this widget to be skinned to fit into the platform" 14:32:42 ... but also some way to say "I want to do my own skinning" 14:34:01 ... can also expect an author to be able to say "I don't want scrollbars" 14:34:48 RRSAgent, make minutes 14:34:48 I have made the request to generate http://www.w3.org/2009/04/16-wam-minutes.html ArtB 14:34:58 MC: I share a lot of those concerns 14:35:45 ... it is hard to know if a widget platform will "take over" a widget Look and Feel 14:36:10 ... we do have the app chrome that is part of window mode 14:36:36 JS: it's not about chrome really, its other parts of the UI 14:37:18 ... stuff like padding between buttons 14:37:24 ... it isn't specified by HTML5 14:38:17 Arve: I'm not sure we want to go too far in this direction 14:38:24 q+ 14:39:19 AB: meeting adjourned 14:39:36 RSSAgent, make minutes 14:39:39 -Art_Barstow 14:41:22 RRSAgent, make minutes 14:41:22 I have made the request to generate http://www.w3.org/2009/04/16-wam-minutes.html ArtB 14:55:06 This conference is in overtime; all ports must be freed 14:59:19 -Josh_Soref 14:59:21 -Arve/Marcos 14:59:30 -MikeSmith 14:59:31 IA_WebApps(Widgets)9:00AM has ended 14:59:32 Attendees were Josh_Soref, +47.23.69.aabb, JereK, Arve/Marcos, Art_Barstow, Thomas, Frederick_Hirsch, Mark, MikeSmith 15:05:21 MoZ has joined #wam 15:16:20 Marcos has joined #wam 15:53:20 RRSAgent, bye 15:53:20 I see 3 open action items saved in http://www.w3.org/2009/04/16-wam-actions.rdf : 15:53:20 ACTION: barstow Ask Robin to flesh-out his element proposal [1] 15:53:20 recorded in http://www.w3.org/2009/04/16-wam-irc#T13-37-34 15:53:20 ACTION: Marcos send a Request for Comments re I18N proposal to I18N Core WG and WebApps WG on April 16 with a 1-week review period [2] 15:53:20 recorded in http://www.w3.org/2009/04/16-wam-irc#T13-56-22 15:53:20 ACTION: barstow deterimine if Robin agreed to be editor of the Window Modes spec [3] 15:53:20 recorded in http://www.w3.org/2009/04/16-wam-irc#T14-25-40