16:59:44 RRSAgent has joined #tagmem 16:59:44 logging to http://www.w3.org/2009/10/22-tagmem-irc 16:59:52 zakim, this will be tag 16:59:52 ok, jar; I see TAG_Weekly()1:00PM scheduled to start in 1 minute 17:00:34 TAG_Weekly()1:00PM has now started 17:00:41 +Jonathan_Rees 17:01:01 +Raman 17:01:19 +Ashok_Malhotra 17:01:56 noah has joined #tagmem 17:02:06 +Noah_Mendelsohn 17:02:33 raman has joined #tagmem 17:02:40 zakim, noah_mendelsohn is me 17:02:40 +noah; got it 17:02:47 zakim, who is here? 17:02:47 On the phone I see Jonathan_Rees, Raman, Ashok_Malhotra, noah 17:02:48 On IRC I see raman, noah, RRSAgent, jar, Ashok, Zakim, DanC, ht, trackbot 17:03:06 +DanC 17:03:45 zakim, please call ht-781 17:03:45 ok, ht; the call is being made 17:03:47 +Ht 17:03:48 scribe: Jonathan Rees 17:03:50 scribenick: jar 17:04:02 chair: Noah Mendelsohn 17:04:33 zakim, please mute me 17:04:33 Ht should now be muted 17:05:42 agenda + site-meta last call comments due 6 Nov (siteData-36 issue-36) http://lists.w3.org/Archives/Public/www-tag/2009Oct/0057.html 17:05:43 q+ 17:06:01 zakim, agenda? 17:06:01 I see 11 items remaining on the agenda: 17:06:02 1. Convene [from DanC] 17:06:03 2. Approve minutes of prior meeting(s) [from DanC] 17:06:07 3. Administrative items (Brief) [from DanC] 17:06:08 4. Privacy policy [from DanC] 17:06:08 5. Security [from DanC] 17:06:09 6. Forbidding hyperlinks [from DanC] 17:06:09 7. HTML [from DanC] 17:06:10 8. Pending Review Items [from DanC] 17:06:12 9. Overdue Action Items [from DanC] 17:06:13 10. Any other business [from DanC] 17:06:15 11. site-meta last call comments due 6 Nov (siteData-36 issue-36) http://lists.w3.org/Archives/Public/www-tag/2009Oct/0057.html [from DanC] 17:06:28 zakim, next agendum 17:06:28 agendum 1. "Convene" taken up [from DanC] 17:06:42 zakim, next agendum 17:06:42 I see a speaker queue remaining and respectfully decline to close this agendum, jar 17:06:47 q? 17:07:06 ack danc 17:07:33 zakim, unmute me 17:07:33 Ht should no longer be muted 17:08:47 +John_Kemp 17:09:11 zakim, please mute me 17:09:11 Ht should now be muted 17:10:29 zakim, next agendum 17:10:29 agendum 2. "Approve minutes of prior meeting(s)" taken up [from DanC] 17:11:13 Minutes of 23-25 Sept F2F - table approval 17:11:31 discussion of 2 week limit 17:11:42 approved minutes 1 oct 17:11:48 http://www.w3.org/2001/tag/2009/10/01-minutes 17:12:09 john k will read minutes of oct 8; take up approval next time 17:12:28 zakim, next agendum 17:12:28 agendum 3. "Administrative items (Brief)" taken up [from DanC] 17:12:34 me 17:12:36 who will be at TPAC? 17:12:49 DanC has joined #tagmem 17:12:50 ashok, raman, noah, henry, 17:13:09 +DanC.a 17:13:21 I plan to be at TPAC 17:14:02 Noah has worked out meeting time with HTML WG 17:14:38 exact time depends 17:14:57 danc: What shall we talk about? 17:15:19 noah: Thanks to those who responded to the issue summary request 17:15:46 (re shepherd... here I was thinking I wasn't shepherding any issues, but when I checked, I found the site-data thing was in my court) 17:15:59 noah: Reminder about call for exclusions; period ends today. 17:16:30 noah: What HTML-related things might we want to discuss at TPAC? 17:16:45 noah: (re session planning) 17:17:15 Zakim, who's on the phone? 17:17:15 On the phone I see Jonathan_Rees, Raman, Ashok_Malhotra, noah, DanC, Ht (muted), John_Kemp, DanC.a 17:17:20 danc: How about a poll. 17:17:52 level of enthusiasm on call is depressing 17:19:13 jar: Won't be at TPAC, no particular desires around TAG/TPAC discussions 17:19:47 raman: Individual discussions will be the important thing 17:19:50 zakim, unmute me 17:19:50 Ht should no longer be muted 17:20:31 ashok: Would like to ask whether there has been any progress since last meeting - anyone listening to the TAG? 17:21:01 ... authoring guidelines, extensibility, URIs, ... 17:21:03 q+ to note progress on spec modularity 17:21:41 ... not that there hasn't been any; just would like to track progress ... 17:22:08 danc: Could you (Ashok) go over last time's notes? 17:22:54 noah: Ian did prepare an authoring draft and wants us to review it 17:23:09 (I spent some time looking at the authoring draft, as did masinter) 17:23:11 -John_Kemp 17:24:12 noah: (continuing poll) Would like to go over our minutes in prep for TPAC 17:24:19 +John_Kemp 17:24:21 ACTION-319 on Noah: Consider HTML media type issue for TPAC agenda(s) Due: 2009-10-29 17:24:32 Zakim, who's on the phone? 17:24:32 On the phone I see Jonathan_Rees, Raman, Ashok_Malhotra, noah, DanC, Ht, DanC.a, John_Kemp 17:24:59 I was supposed to get input from Larry as input to my ACTION 319 on media types. Was hoping Larry would be here today to clarify status. 17:25:05 ht: RDFa is something where we could get some benefit from discussion 17:26:10 noah: consider the HTML media type issue 17:26:32 ht: yes, remember Tim's desire to have XHTML handled properly when served with text/html 17:26:43 s/served with/served as/ 17:27:12 ACTION: Noah to respond to HTML WG chairs with suggested TPAC topics -- see minutes of 22 Oct 17:27:12 Created ACTION-320 - Respond to HTML WG chairs with suggested TPAC topics -- see minutes of 22 Oct [on Noah Mendelsohn - due 2009-10-29]. 17:27:33 danc: (continuing poll) about URIs, what is the time scale? sequencing of the two specs (IRI / HTML5) 17:28:56 johnk: RDFa / microdata is worth discussing. also distributed extensibility 17:29:13 -DanC.a 17:29:23 zakim, who is here? 17:29:23 On the phone I see Jonathan_Rees, Raman, Ashok_Malhotra, noah, DanC, Ht, John_Kemp 17:29:25 On IRC I see DanC, raman, noah, RRSAgent, jar, Ashok, Zakim, ht, trackbot 17:30:01 +DanC.a 17:30:04 -DanC.a 17:30:10 zakim, drop DanC 17:30:10 DanC is being disconnected 17:30:11 -DanC 17:30:16 +DanC 17:30:22 (note to minutes editor: remove "(Brief)" from agendum name) 17:30:52 zakim, agenda? 17:30:52 I see 9 items remaining on the agenda: 17:30:53 3. Administrative items (Brief) [from DanC] 17:30:55 4. Privacy policy [from DanC] 17:30:55 5. Security [from DanC] 17:30:56 6. Forbidding hyperlinks [from DanC] 17:30:56 7. HTML [from DanC] 17:30:58 8. Pending Review Items [from DanC] 17:30:59 9. Overdue Action Items [from DanC] 17:31:00 10. Any other business [from DanC] 17:31:01 11. site-meta last call comments due 6 Nov (siteData-36 issue-36) http://lists.w3.org/Archives/Public/www-tag/2009Oct/0057.html [from DanC] 17:31:35 -John_Kemp 17:32:16 noah: Call for agenda for TAG meeting at TPAC 17:32:18 +John_Kemp 17:32:26 zakim, next agendum 17:32:26 I see a speaker queue remaining and respectfully decline to close this agendum, jar 17:32:41 q? 17:32:45 ack danc 17:32:45 DanC, you wanted to note progress on spec modularity 17:32:54 zakim, next agendum 17:32:54 agendum 4. "Privacy policy" taken up [from DanC] 17:33:17 action-318? 17:33:17 ACTION-318 -- Noah Mendelsohn to send note to Device APIs and Policy (DAP) Working Group on behalf of the TAG -- due 2009-10-15 -- OPEN 17:33:17 http://www.w3.org/2001/tag/group/track/actions/318 17:33:17 * From minutes of 8 Oct 2009: RESOLVED that that LMM edit 2009Sep/0073 lightly as discussed 8 Oct and Noah send to Device APIs and Policy Working Group on behalf of the TAG 17:33:17 * ACTION-318 Send note to Device APIs and Policy (DAP) Working Group on behalf of the TAG - on Noah Due: 15 Oct 2009 17:33:59 Continued 17:34:06 action-318 due october 25 17:34:06 ACTION-318 Send note to Device APIs and Policy (DAP) Working Group on behalf of the TAG due date now october 25 17:34:43 (does it matter when we send our thingy to the DAP WG? ht? (picking on you somewhat arbitrarily)) 17:34:59 ashok: There's a similar note on policy [...] to media annotations WG -- should we make a more general statement? 17:35:32 danc: Not my style. The anybody/nobody/somebody problem 17:35:40 [DAP WG] 17:36:21 ACTION Noah to bug Larry about his input to ACTION-318 17:36:21 Created ACTION-321 - Bug Larry about his input to ACTION-318 [on Noah Mendelsohn - due 2009-10-29]. 17:36:43 zakim, take up next item 17:36:43 agendum 5. "Security" taken up [from DanC] 17:37:27 This is what wants an answer: http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/0095.html 17:37:51 NM: I'm not sure whether the link in the agenda is also pertinent 17:38:28 On Wed, 24 Jun 2009 19:22:35 +0200, Henry S. Thompson 17:38:28 wrote: 17:38:28 > One point of clarification: my (admittedly imperfect) understanding 17:38:28 > was that the most important parts of CORS have to be implemented 17:38:28 > _server_-side for the proposal to achieve its goals. If that's true, 17:38:29 > browser deployment alone is insufficient. Is that a misunderstanding 17:38:32 > on my part? 17:38:33 As was pointed out elsewhere in this thread it was. 17:38:36 I was wondering if the TAG considers this item closed or wishes to know 17:38:38 something more, in which case I'd like to hear about it! I'm trying to 17:38:40 wrap up email threads and this is one of them. Thanks! 17:38:42 Kind regards, 17:38:47 Anne van Kesteren 17:39:20 (this = the confused deputy stuff or the server/client-side stuff?) 17:39:33 I think so Dan 17:39:43 which? 17:40:00 raman: Not a security expert, but have heard individuals I respect question it 17:40:07 (a) the confused deputy problem in 0042 or (b) the server/client-stuff in 0095 17:40:29 noah: Appropriate for the TAG to become a focal point 17:40:30 q? 17:41:02 ht: Looking to see current state of the thread that my email kicked off 17:41:09 q+ to speak to the confused deputy problem 17:41:52 noah: Does CORS go to LC on its own? 17:42:11 q_ to note that the confused deputy stuff isn't in the CORS issue list http://www.w3.org/2008/webapps/track/products/7 17:42:17 q+ to note that the confused deputy stuff isn't in the CORS issue list http://www.w3.org/2008/webapps/track/products/7 17:42:37 q? 17:42:51 raman: If we have things to say, we should do so now, not wait for their LC 17:42:54 q+ to say that if more research is needed, now is a good time to kick it off 17:44:05 Dan, I'm curious whether http://lists.w3.org/Archives/Public/www-tag/2009Oct/0042.html is about CORS at all 17:44:09 danc: Regarding 0042 - distinction between "Anne and others" don't see a problem and "the WG" doesn't see a problem 17:44:29 http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/0104.html 17:44:29 ... But confused deputy is not in their issues list ... 17:44:43 ... Mark M if he has a problem with this needs to get this onto their issues list 17:44:50 -John_Kemp 17:45:02 ht: The thread peters out into unresolved disagreement 17:45:28 +John_Kemp 17:45:53 ... we could say: Doesn't look like you're done, but I see that there is no open issue 17:45:59 ... what is their process? 17:46:23 danc: I think Mark M has raised an issue, and it ought to be added to their list 17:47:08 s/it ought to be added/I'm inclined to ask the chair to add it/ 17:47:34 (the difference is: their chair might clarify the way they handle issues) 17:48:10 noah: Propose ht to send a request on behalf of the TAG, that the WG open an issue [re confused deputy] 17:49:13 noah: alternative: ht to send a request (not directly on behalf of TAG) etc 17:49:26 -John_Kemp 17:49:34 q? 17:49:45 q- 17:49:57 http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/0095.html 17:50:32 danc: But that's not what the 8 oct message was about. 17:50:35 DC: I am talking about the message of 8 Oct., not 19th 17:50:46 danc: Two parts of this agendum on today's meeting. 17:51:17 ht: Thought this was about 19 October. 17:51:29 danc: Put aside confused deputy for now. 17:52:13 +John_Kemp 17:52:17 noah: There was a problem with the agenda.. 17:52:53 danc: OK to let 8 Oct (0095) drop. 17:53:17 ht: Not competent to judge this... 17:53:37 need to leave --- bye all! 17:53:41 -Raman 17:53:51 raman has left #tagmem 17:54:04 noah: This question (about server side deployment) more appropriate for CR time 17:54:34 NM: Seems to me that need for interoperable server side implementations might be an important CR exit criterion. 17:54:49 The confused deputy piece comes from http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/1215.html 17:55:14 (note to minutes editor... make sure to get the 2 issues untangled in the minutes) 17:55:43 Discussion of CR exit critieria. Can criteria be added after LC? 17:56:10 danc: Usually some of these decisions wait until discussion with the director 17:59:08 Sorry for the delay -- the discussion has clarified the current 17:59:08 relevance of client-side implementations, and as far as that goes the 17:59:08 TAG is happy. 17:59:08 17:59:08 We do assume that demonstrating interoperable server-side 17:59:09 implementation will be a necessary part of your CR exit criteria -- 17:59:11 could you please confirm that? 17:59:13 17:59:21 +1 17:59:31 q+ jar to talk about 1215 vs. 0095 and apologize for mixing them up 17:59:31 should that be s/could/would/ ? 17:59:38 ack danc 17:59:38 DanC, you wanted to speak to the confused deputy problem and to note that the confused deputy stuff isn't in the CORS issue list http://www.w3.org/2008/webapps/track/products/7 18:00:29 Agreement that HT should send that (see above "Sorry for ...") 18:00:30 ack jar 18:00:30 jar, you wanted to talk about 1215 vs. 0095 and apologize for mixing them up 18:00:56 I was the one who mixed up 1215 and 95, I'm pretty sure 18:01:16 JAR: I think we're now OK on server side 18:01:46 JAR: The one that Henry sent on behalf of the TAG is the 1215 message, on confused deputy. Should they open an issue on that? 18:02:12 http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/1215.html 18:02:13 http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/1215.html 18:03:25 no. 18:04:09 "the new functionality 18:04:09 > provided would, on the one hand, be insufficiently secure while, on 18:04:09 > the 18:04:09 > other, discouraging the provision of something more satisfactory. 18:04:10 ht: There are two parts to the paragraph in (1215). 18:04:11 " 18:04:37 ... Anne responded to the part about server side deployment, asking if that was still an issue for us... 18:04:50 I'm still not convinced that the IRC log is getting how the parts of this discussion fit. 18:05:07 JAR, are you grokking enough of this to clarify when you edit later? 18:05:24 ... but that's not the deeper question posed at the end, about how secure it will be. 18:05:32 http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/0104.html 18:06:32 2nd part of 1215 = the "even if it did" part, which gave rise to "unaddressed security concerns" thread (0014 see above) 18:06:36 http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/0102.html 18:07:00 ht: 0102 is from Mark Miller. You never want confused deputy vulnerabilities; that's what matters. 18:07:01 s/0014/0104/ 18:07:11 s/want/addressed/ 18:07:41 ht: That thread has not been reflected as an issue, or been brought to a resolution 18:08:01 q? 18:08:30 danc: And Anne is the editor, and says "I and others don't see an issue"... 18:08:46 noah: We agreed to say something right? 18:09:17 noah: Henry will send a note to Art 18:09:33 zakim, take up next item 18:09:33 agendum 6. "Forbidding hyperlinks" taken up [from DanC] 18:10:15 URIs, deep linking, framing, adapting and related concerns Rotan Hanrahan (Friday, 16 October) http://lists.w3.org/Archives/Public/www-tag/2009Oct/0031.html 18:10:19 danc: Rotan H brought this to the TAG 18:11:05 noah: As you recall... TAG worked on "deep linking" way back when 18:11:51 TAG Finding on Deep Linking: http://www.w3.org/2001/tag/doc/deeplinking-20030911 18:12:23 ... and now some sites are saying "don't link to me *at all*" 18:12:30 From the finding's conclusion: 18:12:31 Attempts at the public-policy level to limit the usage, transmission and publication of URIs at the policy level are inappropriate and based on a misunderstanding of the Web's architecture. Attempts to control access to the resources identified by URIs are entirely appropriate and well-supported by the Web technology. 18:13:17 q? 18:13:32 JAR: I think people are looking for legal advice 18:13:41 q+ 18:13:44 NM: Finding is anappropriate? 18:13:59 JAR: No, but now we need a legal reading. 18:14:34 danc: But web architecture is social, it's the whole thing. 18:14:38 +1 18:14:42 s/social/also social/ 18:14:46 ... There's no other body that can take a stand here. 18:14:52 ... (than the TAG) 18:15:29 noah: Maybe take deep linking finding and turn it inside out? 18:15:51 ... linking generally, with deep linking as a special case. 18:15:54 q+ to note that our deep linking finding (and webarch) goes to far in saying "the long-random-number /capability URI pattern is bad" 18:16:22 I think that's covered in metadata in URI finding, no? 18:16:27 Still could fix this one. 18:16:34 Oh bother, /me is late -- bye! 18:16:39 danc: Problem, it says don't use security by obscurity. But long random numbers are used to good effect... so that needs revision 18:16:43 -Ht 18:17:13 noah: So it seems we could do better. 18:17:31 Dan and I both seem intrigued about doing better, anyone else? 18:17:59 ashok: On a conversation about mobile devices, there was a question that a URI couldn't be made public for security reasons. 18:18:19 noah: URI for a device - such as a phone? 18:18:32 noah: Web server associated with it? 18:18:35 ashok: Yes 18:18:55 noah: URIs move through the network in the clear a lot, yes? 18:19:31 johnk: Often there's a proxy, which might not be talking http on the far side (to the device) 18:19:51 noah: Is this really the web, between proxy and the phone? 18:20:20 (indeed, it's using web technologies, but it's not "The Web". or something... I've never found a good way to write this up... it's somewhat like http://my.yahoo.com/ too. and intranets.) 18:21:12 q? 18:21:20 ack danc 18:21:20 DanC, you wanted to note that our deep linking finding (and webarch) goes to far in saying "the long-random-number /capability URI pattern is bad" 18:21:22 ack Danc 18:21:27 johnk: Not sure that mobile phone URIs are relevant to this discussion... 18:23:19 tickets.com vs. ticketmaster etc. 18:24:06 issue-25? 18:24:06 ISSUE-25 -- What to say in defense of principle that deep linking isnot an illegal act? -- CLOSED 18:24:06 http://www.w3.org/2001/tag/group/track/issues/25 18:24:31 q? 18:24:43 jar: Will a revised finding serve the present need? 18:28:00 q+ to say, speaking for myself, I don't want to hang up on the legal issues 18:28:19 ack next 18:28:20 noah, you wanted to say, speaking for myself, I don't want to hang up on the legal issues 18:28:21 q? 18:29:40 noah: What needs to be said: You should understand the value of network effects. That understanding needs to influence your legal decisions. This affects what the web will be like. 18:30:50 noah: If we can say something about legal precedent in addition, that's good too 18:31:35 ACTION DanC: ask W3C management for writing resources re hyperlinking 18:31:35 Created ACTION-322 - Ask W3C management for writing resources re hyperlinking [on Dan Connolly - due 2009-10-29]. 18:31:44 agenda? 18:32:03 jar: When you're deciding whether to publish a URI, you're not going to ask what web architecture is, you're going to ask whether you're likely to be sued 18:32:05 -Ashok_Malhotra 18:32:20 ADJOURNED. 18:32:34 rrsagent, make logs public 18:32:45 rrsagent, pointer 18:32:45 See http://www.w3.org/2009/10/22-tagmem-irc#T18-32-45 18:39:37 -noah 18:39:38 -John_Kemp 18:39:38 -Jonathan_Rees 18:39:39 -DanC 18:39:39 TAG_Weekly()1:00PM has ended 18:39:41 Attendees were Jonathan_Rees, Raman, Ashok_Malhotra, noah, DanC, Ht, John_Kemp, DanC.a