17:59:06 RRSAgent has joined #tagmem 17:59:06 logging to http://www.w3.org/2010/03/04-tagmem-irc 17:59:19 zakim, this will be TAG 17:59:19 ok, noah; I see TAG_Weekly()1:00PM scheduled to start in 1 minute 17:59:31 trackbot, start meeting 17:59:33 RRSAgent, make logs public 17:59:35 Zakim, this will be TAG 17:59:36 ok, trackbot; I see TAG_Weekly()1:00PM scheduled to start in 1 minute 17:59:36 Meeting: Technical Architecture Group Teleconference 17:59:36 Date: 04 March 2010 18:00:05 DKA has joined #tagmem 18:00:07 TAG_Weekly()1:00PM has now started 18:00:13 +jar 18:00:39 Ashok has joined #tagmem 18:00:46 +DanC 18:00:54 +DKA 18:01:15 As signalled in email, I will be joining after I get off a transition call 18:01:28 Right, Henry, I got that in the agenda 18:01:39 I'm having some Zakim problems at the moment...trying again 18:01:52 Scribe me up. 18:01:58 Scribe: DKA 18:02:04 ScribeNick: DKA 18:02:07 +[IBMCambridge] 18:02:14 zakim, [IBMCambridge] is me 18:02:14 +noah; got it 18:02:18 +Ashok_Malhotra 18:03:55 chair: Noah Mendelsohn 18:03:58 Chair: noah 18:03:58 masinter has joined #tagmem 18:04:17 agenda: http://www.w3.org/2001/tag/2010/03/04-agenda 18:04:36 zakim, who is here? 18:04:36 On the phone I see jar, DanC, DKA, noah, Ashok_Malhotra 18:04:37 On IRC I see masinter, Ashok, DKA, RRSAgent, Zakim, noah, ht, jar, timbl, ht_home, DanC, trackbot 18:04:50 +Larry 18:05:39 Topic: Approve minutes of previous meeting. 18:06:00 zakim, mute me 18:06:02 DKA should now be muted 18:06:03 +1 approve http://www.w3.org/2001/tag/2010/02/25-minutes.html 18:06:09 +1 18:06:23 RESOLUTION: Minutes of the 25th are approved. 18:06:36 Topic: Admin Items 18:07:11 Noah: TAG status report. HTML working group has made a few small comments. I have made small updates to reflect their contributions. 18:07:19 ... I will publish this tomorrow or monday. 18:07:27 http://www.w3.org/2001/tag/2010/sum03.html 18:07:45 Noah: It's member-only currently. 18:08:02 Larry: I wondered - I scanned for a reference to the versioning work. 18:08:15 Noah: Can you draft a few sentences and send them to me? I'll put them in. 18:08:21 Larry: Ok. 18:08:43 Noah: Just email me "change request for the status report." I want to have it out so people can review it before the AC meeting. 18:09:20 Noah: Two teleconferences between now and the f2f. One on the 11th and one on the 18th. Neither I nor Tim will be available on the 18th. Can we cancel? 18:09:26 +1 to cancel the 18th. 18:09:34 RESOLUTION: Cancel the telecon on the 18th. 18:09:45 Noah: On the 11th, Tim will be unavailable. 18:09:59 I will also be unavailable next week BTW as I will be on a plane. 18:10:14 Noah: We may cancel it but let's leave it for now. 18:10:17 +TimBL 18:10:26 Topic: Face to Face Meeting Agenda Preparation 18:11:04 q+ 18:11:14 Noah: Quick update. We did a good job asking each of you what you're doing. Anything related to the f2f agenda to discuss? 18:11:18 timbl_ has joined #tagmem 18:11:25 re http://www.w3.org/2001/tag/2010/03/actionsbyshepherd.html 18:11:48 DanC: You sent out a list - I looked at Mine and Tim's and a bunch of stuff got assigned to him. I tweaked some of those. 18:11:51 Noah: Fine. 18:12:33 Noah: I ran a little script to list all the issues open/pending by shepherd. By Monday please alert me to any of your issues that need attention in the f2f that do not have actions. 18:12:45 (I think I'll be sending something about ISSUE-56: (abbreviatedURIs-56), where I sent a proposal ages ago...) 18:12:49 Noah: Part of the role of the shepherd is to keep thinking about things we don't have actions associated with. 18:12:56 Noah: Questions? 18:13:42 timbl_ has left #tagmem 18:14:02 Topic: ISSUE-41 & ACTION-396 18:14:09 Wonders if what is a WebID 18:14:11 ACTION-396? 18:14:11 ACTION-396 -- Henry S. Thompson to henry to draft emails for NM to send to HTML WG chairs and to Liam+MS authors encouraging a change proposal wrt distr. extensibility by 23 March -- due 2010-03-04 -- PENDINGREVIEW 18:14:11 http://www.w3.org/2001/tag/group/track/actions/396 18:14:35 Noah: We want to send emails on behalf of the TAG... 18:14:54 zakim, unmute me 18:14:54 DKA should no longer be muted 18:15:07 zakim, mute me 18:15:07 DKA should now be muted 18:15:22 zakim, unmute me 18:15:22 DKA should no longer be muted 18:15:59 we were saying two things: (a) we'd reviewed the documents and think they're interesting, and (b) we're encouarging certain people to engage in the HTML WG process and offering our help in doing that. 18:16:09 Noah: two notes Henry was asked to send. One to HTML chairs and one to Liam Q. and MS authors and one to Henry himself... 18:16:13 just though the message should make the two things clear 18:16:16 zakim, mute me 18:16:16 DKA should now be muted 18:16:31 zakim, who is talking? 18:16:42 noah, listening for 10 seconds I heard sound from the following: jar (36%), TimBL (25%), Larry (69%) 18:16:54 Did Larry's mail ever show up in the archive? 18:17:10 Noah: Let's look specifically at the notes that Henry has drafted ... 18:18:17 Noah: Let's bless Henry's notes or fix them. 18:18:22 Larry: I think the fixing is just minor. 18:18:31 use your discression, that's fine with me 18:18:33 Noah: We need text I can mail. 18:18:41 DanC: What should we do? 18:18:57 Noah: Henry and Larry should go off-line and do this or we should do this now [in the call]. 18:19:10 Noah: I'm happy with Henry's text but if Larry is concerned then we have to work through that. 18:19:14 Larry: That's OK. 18:19:24 Noah: We can go with Henry's text? 18:19:27 Larry: Yes. 18:19:39 :) 18:19:43 just consider in future, i think, is fine with me 18:20:02 RESOLUTION: Noah to send both of henry's ACTION-396 emails. 18:20:37 action-396? 18:20:37 ACTION-396 -- Noah Mendelsohn to henry to draft emails for NM to send to HTML WG chairs and to Liam+MS authors encouraging a change proposal wrt distr. extensibility by 23 March -- due 2010-03-05 -- PENDINGREVIEW 18:20:37 http://www.w3.org/2001/tag/group/track/actions/396 18:20:38 Noah assigns himself as owner of ACTION-396 18:21:08 action-395? 18:21:08 ACTION-395 -- Noah Mendelsohn to guide TAG to a response on HTML decentralized extensibility (self-assigned) -- due 2010-03-23 -- OPEN 18:21:08 http://www.w3.org/2001/tag/group/track/actions/395 18:21:10 ACTION-395? 18:21:10 ACTION-395 -- Noah Mendelsohn to guide TAG to a response on HTML decentralized extensibility (self-assigned) -- due 2010-03-23 -- OPEN 18:21:11 http://www.w3.org/2001/tag/group/track/actions/395 18:21:11 Noah: I would like to have permission to close ACTION-395 when I send that note. 18:21:21 Noah: Anyone have a problem with that? 18:21:26 Noah: OK I am going to do that. 18:21:31 Topic: http://www.w3.org/2001/tag/group/track/issues/57 & http://www.w3.org/2001/tag/group/track/actions/348: Retaining address bar following redirect 18:21:35 zakim, unmute me 18:21:35 jar should no longer be muted 18:22:04 close action-395 18:22:04 close ACTION-395 18:22:04 ACTION-395 Guide TAG to a response on HTML decentralized extensibility (self-assigned) closed 18:22:04 ACTION-395 Guide TAG to a response on HTML decentralized extensibility (self-assigned) closed 18:22:15 action-395: see action-396 for follow-up 18:22:15 ACTION-395 Guide TAG to a response on HTML decentralized extensibility (self-assigned) notes added 18:22:24 jar: Before I joined the TAG there was an open issue-57. I got assigned an action to close up one of these sub-issues. 18:22:54 FWIW, there's still an open ISSUE-57 18:22:58 ... question is: why is it that even though direction of HTTP spec says address should be retained on a temp redirect that none of the browsers do this? 18:23:15 ... couldn't find much material. A mozilla bug report and a wikipedia article. 18:23:39 ... I drafted a memo of what I know about this issue. http://www.w3.org/2001/tag/2010/02/redirects-and-address-bar.txt 18:23:45 Noah: Any thoughts? 18:24:00 Noah: What, if anything, should TAG do next on this? 18:24:11 jar: I looked at Mozilla [bug database] but didn't look at other bug database. Should I look at others? 18:24:22 DanC: you found the relevant bug... 18:24:23 q+ 18:24:37 Larry: Obscure wrinkle with IRIs in the address bar... 18:24:44 q? 18:24:46 ack next 18:24:49 "I would *not* like to see this wontfixed." -- David Wood 2010-02-10 10:15:02 PST https://bugzilla.mozilla.org/show_bug.cgi?id=68423 18:24:50 ack next 18:25:05 q+ to suggest that that the next step is to email the browser vendoers engineers 18:25:38 q+ to note that location & content-location are difficult for IRIs, since the HTTP headers are URIs but what is presented should probably be translated back, but then there are spoofing issues? 18:25:45 q+ to say that this seems broken, but I have a sinking feeling that this train has long since left, that there might be compatibility issues, etc. 18:25:45 (I think "broadcast more widely" is consistent with posting a blog item) 18:25:51 Tim: This is interesting - next step I suggest is to mail the browser vendors. We've got them in the HTML working group. We need to broadcast more widely with what we've got. And if they still don't know why - it may well be that nobody's ever coded it because nobody's ever got round to it. 18:26:11 q+ jar to say they probably will consider it a security bug 18:26:14 ack next 18:26:15 timbl, you wanted to suggest that that the next step is to email the browser vendoers engineers 18:26:15 ack next 18:26:21 masinter, you wanted to note that location & content-location are difficult for IRIs, since the HTTP headers are URIs but what is presented should probably be translated back, but 18:26:24 ... then there are spoofing issues? 18:27:30 ack next 18:27:31 noah, you wanted to say that this seems broken, but I have a sinking feeling that this train has long since left, that there might be compatibility issues, etc. 18:27:33 ... Could we make a patch in the Mozilla codebase? Or a firefox plug-in that fixes it? 18:27:33 Larry: IRI document - this has more serious security problems when you allow unicode than ascii-only to the point that we [re]moving the requirement in the IRI document that human-... 18:27:35 (yeah... I was thinking it's orthogonal, but maybe not...) 18:28:23 Noah: I'm less convinced that spoofing is relevant - copy-paste - copy-paste is usually not vunerable to spoofing. 18:28:53 q+ to swap in a comment that boris endorses: "if I could get bigCorp.com to redirect me to mysite.com, then I could make it look as if the data was from their site" and to note the spoofing issue happens when mysite is spelled bigcöaut;om 18:28:56 ack next 18:28:57 jar, you wanted to say they probably will consider it a security bug 18:28:59 ... this seems like an obvious thing that browser vendors would have fixed it. Are there other barriers than getting the code written? 18:29:14 +Ht 18:29:39 jar: It's worth while to try to contact the browser people. My bet is that every one of them would say that this is a spoofing or phishing risk. 18:30:13 ... the compromise option would be to have some alternative UI control that could give you access to the original URI. 18:30:17 ("david wood and I were suggesting" refers to what, I wonder?) 18:30:24 I don't think we can do UI design at the level of particular new dialogs, we can just encourage exploration of ways of making two URIs available....I'm suspicous that users will just be confused. 18:30:45 q? 18:30:51 ... the thing about the address bar - users are going to look at the address bar - even if it's not meant to provide a particular info or endorsement, users will use it in this way. 18:31:24 ... claim is that users are looking at the address bar to assess the trustworthiness of the content they see on the page. Things can go wrong if the redirect happened in error. 18:31:30 There seems to be little hope of relying on either administrative or technical means to reduce the availability of spoofing exploits. For this reason, user agents SHOULD NOT relying on humans doing visual or perceptual comparison or verification of IRIs as any means of validating or assuring safety, correctness or appropriateness of an IRI. Other means of presenting users with the validity, safety, or appropriateness of visited sites 18:31:30 are being developed in the browser community as an alternative means of avoiding these difficulties. 18:31:30 18:31:44 Tim: you've got to convince me. A trustworthy site won't redirect you to an untrustworthy site. 18:31:56 jar: I think the claim is it will. 18:32:06 Is the concern that the "trustworthy" site might have been compromised? 18:32:08 above is proposed wording for IRIBIS 18:32:15 Tim: The definition of the a trustworthy site is that it won't. 18:32:19 q+ to note that 18:32:37 Tim: You could provide the effect of hiding the URI of something using frames - to retain the right to be linked to. 18:33:01 Tim: I want to see an attach scenario. 18:33:09 wonder if conneg should refer to more specific URI 18:33:11 ack next 18:33:12 s/ch/ck/ 18:33:13 DanC, you wanted to swap in a comment that boris endorses: "if I could get bigCorp.com to redirect me to mysite.com, then I could make it look as if the data was from their site" 18:33:17 ... and to note the spoofing issue happens when mysite is spelled bigcöaut;om 18:33:18 Noah: DanC can you explain what the threat is? 18:33:21 https://bugzilla.mozilla.org/show_bug.cgi?id=68423 18:33:56 DanC: Got to the bottom of this page with the more modern comments. Comment from Boris Zbarsky. 18:34:44 ... In comment 20 - he says comment 12 seems right on the money. https://bugzilla.mozilla.org/show_bug.cgi?id=68423#c12 18:35:19 DanC: I don't find this persuasive. 18:35:33 DanC: [but others do] 18:35:35 convention is that temporary redirection doesn't imply delegation of speaks for 18:35:52 and that the address bar should match what you got and not what you asked for 18:36:11 "if I could get bigCorp.com to redirect me to 18:36:11 mysite.com, then I could make it look as if the data was from their site." 18:36:25 Tim: If I can get bigcorp.com to redirect to mysite.com, I own bigcorp.com. 18:36:42 ("the transitive property of insecurity" was a paper by tchrist@convex, but it seems to have disappeared from the net) 18:36:49 Noah: You can make the case that you could own a bit of bigcorp.com but you don't own the whole site. 18:37:09 Tim: If I can get bank of america to redirect to my site... 18:37:48 Noah: ...these guys are saying that the protection is that the address bar will then say "Tim's bank". [The IRI issue is not addressed.] 18:38:08 DanC: if you can keep the BofA logo up there [in the address bar] then that's quite a bit less secure. 18:38:14 Line 1 Bank of America .. as served by akamai.com 18:38:25 in line 2. 18:38:26 Noah: UI design and security are in tension. 18:38:34 q? 18:38:52 The "Permalink:" 18:38:53 "I'm fine with having a way to retrieve the original URL the user tried to resolve... I just don't think it should be in the url bar." -- Boris https://bugzilla.mozilla.org/show_bug.cgi?id=68423#c22 18:38:55 word 18:39:10 ... two addresses and a complex relationship between them as to what's trusted. What's the chances that this will actually help my mother notice that she's been phished. 18:39:32 DanC: The point of moving forward is not to stop phishing... 18:39:51 Noah: I'm afraid that a collareral damage from this effort is to make it less obvious when they've been phished. 18:40:10 q? 18:40:11 ack next 18:40:13 masinter, you wanted to note that 18:40:18 I wonder if secure browsing and site certificates and UI around these play into this? 18:40:40 q+ to say this flies in the face of trademark use 18:40:49 Larry: [reading requirements around human verification of IRIs] 18:41:03 ack next 18:41:04 DanC, you wanted to say this flies in the face of trademark use 18:41:17 Larry: Additional annotation of the IRI int he address bar as to how safe it is - like is it likely to be a spoof. 18:41:24 That's next up on our agenda, FWIW 18:41:30 DanC: So people should not rely on looking at names? 18:41:33 Larry: Right. 18:41:55 [some discussion on this point] 18:42:16 Noah: This is Agenda Item 7 - shall we leave the floor open for discussion on both? 18:42:33 Noah: Can you introduce your proposal on spoofing? 18:42:54 Larry's proposal on spoofing: http://lists.w3.org/Archives/Public/www-tag/2010Feb/0175.html 18:43:13 =============draft============ 18:43:13 There are serious difficulties with relying on a human to verify that 18:43:13 a presentation of an IRI to them (whether visually or read out loud) 18:43:13 is the same as another identifier or is the one intended. These 18:43:13 problems exist with ASCII-only URIs (bl00mberg.com vs. bloomberg.com) 18:43:14 but are enormously exacerbated when using the larger character 18:43:16 repertoire of Unicode; these problems are elaborated in [UTR#36]. 18:43:21 (that was bcc'd... I wonder if the thread is only in public-iri) 18:43:22 There seems to be little hope of relying on either administrative or 18:43:22 technical means to reduce the availability of such exploits, to the 18:43:22 extent that user agents SHOULD NOT relying on visual or perceptual 18:43:24 comparison or verification of IRIs as any means of validating or 18:43:26 assuring safety, correctness or appropriateness of an IRI. 18:43:28 [UTR#36] also identifies additional security considerations that are 18:43:30 applicable to IRIs. 18:43:32 ======draft============ 18:43:59 Larry: copy-paste is still an interesting use case. .. I can see the advantage of both - having the actual URI you got to and the one you started with. That the thing you see in the address bar corresponds to what you're looking at is compelling. 18:44:09 DanC: But people want to bookmark the right URI. 18:44:20 Larry: So maybe the operation of bookmarking should be where we push. 18:44:27 jar: That's my suggestion. 18:44:40 (bookmarking and in general making links) 18:44:54 there are several URIs IRIs available, and which you want depends 18:45:03 there's also the URI vs. the IRI 18:45:20 12https://bugzilla.mozilla.org/token.cgi?t=ZXbZHfzCvo&a=cfmpw 18:45:27 (the http spec is pretty clear on which you want in the case in question, larry; don't muddy the waters) 18:45:28 since "location:" and "content-location:" are URI only, and yet your bookmark and copy/paste should be IRI 18:45:29 Tim: People bookmark things in lots of ways. I drag the icon to the left of the URI onto the desktop. You can drag that into different places [email messages, IRC channels, etc..] to do different things. My assumption is that it matches the URI I see next to it when I do that. 18:45:32 I agree with what Tim's saying. I very often copy/paste from URI bar into email 18:45:41 HTTP spec doesn't account for IRIs 18:45:49 Bookmarking is just one UI gesture. There are many others. 18:45:53 q? 18:45:54 q+ 18:46:06 Tim: I think it's a serious bug if when I bookmark it's not what's in the URI bar. 18:46:22 q+ to wonder about hooking copy/paste? 18:46:27 Tim: I'm happy to be a "perm bar" with its own icon... 18:46:31 I think this happens 18:46:37 Tim: How often would the permalink button come up? 18:46:41 ack next 18:46:48 Many: a lot 18:47:19 ack next 18:47:20 noah, you wanted to wonder about hooking copy/paste? 18:47:24 Larry: What you want to present to the user is a IRI but what [they often get] is a URI... 18:47:36 (when there's an HTTP redirect, do the browsers map back from uri to iri before displaying in the address bar?) 18:48:41 the HTTP headers here are URIs, not IRIs. But the address bar, the user visual display, as well as the bookmark, should be unicode, not ASCII hex or punicoded hostnames 18:48:45 Noah: What if the guideline is - whenever the UA performs an operation that copies or processes a URI, at that point the user should be given a choice and make informed consent as to which one would be copied. 18:48:56 Noah: Could agents buy into that? 18:48:57 so if you redirect, you redirect to a URI, but the view should be IRI 18:49:04 q+ to agree that designing the UI here isn't useful, but... 18:49:04 (TimBL above was saying he likes to drag from the favicon in the location bar onto desktop or into email etc) 18:49:08 ack next 18:49:11 DanC, you wanted to agree that designing the UI here isn't useful, but... 18:49:30 DanC: Jar - Please do post a blog item - that is a way to encourage UI design in this space. 18:49:52 Larry: I think it's worth going down the URI / IRI transition route as well. 18:50:23 "Dear Lazyweb, can I have a browser that knows how to bookmark the right address?" <- suggested blog title 18:50:26 ... I actually don't think that if you redirect to something that was an IRI, the address bar doesn't seem to show a URI it shows a presentation of the IRI that undoes the unicoding of the hostname for example. 18:50:43 jar: I'm happy to do this as a blog post. 18:51:03 s/https://bugzilla.mozilla.org/token.cgi?t=ZXbZHfzCvo&a=cfmpw// 18:51:11 s?https://bugzilla.mozilla.org/token.cgi?t=ZXbZHfzCvo&a=cfmpw?? 18:51:28 Noah: Either let's close action-348 or put it in another state and let's go on to the spoofing stuff. 18:51:33 blog posting and then other TAG members commenting on it sounds like a good way of TAG action 18:51:48 jar: I'm happy to close it. I will make a couple of changes based on what Dan and Tim have said. 18:51:56 close ACTION-348 18:51:56 ACTION-348 Research reasons why browser providers (e.g. Mozilla) aren't willing to meet requests (e.g. from purl) to retain address bar URL following successful redirect closed 18:51:58 +1 to doing that more often... use the web rather than email to post results 18:52:02 Noah: So we will have no option actions on the address bar thread. 18:52:14 Topic: http://www.w3.org/2001/tag/group/track/issues/27 & http://www.w3.org/2001/tag/group/track/actions/343: IRI Spoofing 18:52:27 Noah: We've had some discussion already... Anything else? 18:52:37 FWIW, email I see because of the push model. Web I tend to miss. 18:52:43 Email linking the Web is fine. 18:52:54 Larry: There is active discussion on the IRI mailing list. There's a unicode technical report that [explores] a number of the issues which I think is good. 18:52:59 Noah: Close the action? 18:53:05 fwiw, the thread: http://lists.w3.org/Archives/Public/public-iri/2010Mar/thread.html#msg0 18:53:16 q+ 18:53:16 Larry: Yes I think it's under control and the relevant parties are engaged. 18:53:19 close ACTION-343 18:53:19 ACTION-343 Discuss petname application to IRI spoofing in public-iri and www-tag closed 18:53:28 Noah: any objections to close action-343? 18:53:30 [none heard] 18:53:43 DanC: How does public-IRI relate to the new working group? 18:53:52 Larry: it's now the official mailing list. 18:53:53 (http://lists.w3.org/Archives/Public/public-iri/ should be updated ) 18:54:33 Topic: ACTION-380: Device API Policy Issues 18:55:24 DanC: Can we move to item 10? 18:55:43 Topic: ISSUE-62 & ACTION-363: WebFinger and Metadata Access 18:55:56 ACTION-354: defer to ftf 18:55:56 ACTION-354 Review client side storage apis (web simple storage etc.), looking for architectural issues or other critical problems... or interesting design features the TAG should know about notes added 18:56:03 Noah: Defer ACTION-354 o the face-2-face. 18:56:10 ACTION-354 due 8 March 18:56:10 ACTION-354 Review client side storage apis (web simple storage etc.), looking for architectural issues or other critical problems... or interesting design features the TAG should know about due date now 8 March 18:56:32 jar: gave a summary of what's going on with link header and "well known". 18:56:49 ... semantic web coordination group meeting a week or two ago... 18:56:49 q+ 18:57:02 (email to where?) 18:57:11 q? 18:57:13 ack next 18:57:13 zakim, mute me 18:57:15 DKA was already muted, DKA 18:57:51 Jar: I was thinking of composing a short email - writing to them - copying www-tag - with recommendations. 18:58:04 jar: no actions were assigned at sw-cg. 18:58:29 Noah: What do you propose for state of ACTION-363? 18:58:43 DanC: Leave it open... 18:59:15 DC: ACTION-363 should stay open as umbrella for JAR to send email to www-tag and Ivan(?) 18:59:24 ACTION-363: looks like next step is for jar to mail Ivan H. with copy to www-tag 18:59:24 ACTION-363 Inform SemWeb CG about market developments around webfinger and metadata access, and investigate relationship to RDFa and linked data notes added 18:59:28 Ashok: It would work better if you guys proposed what you would like standardized. 18:59:37 Noah: What's WebFinger? 18:59:41 q+ 19:00:05 (have we all completely forgotten what we discussed at at our last f2f? ;-) 19:00:06 JAR: uses .wellknown at the host 19:00:25 Jar: WebFinger is a way to get a little bit of XML associated with an email address. It uses a well known URI at the host that gives a rule that tells you how to turn the username into another URI that you fetch to get [e.g.] public key or whatever you want. 19:00:52 "Personal Web Discovery, making email addresses readable again" -- http://code.google.com/p/webfinger/ 19:01:01 Tim: smtp protocol originally had this but it was designed out due to security issues... 19:01:03 ack next 19:01:53 DanC: The TAG has said "identify things with URIs" and the experience in this community of people managing accounts is that URIs are unusable but name@domainame is usable. So this is a way to use email addresses as URIs. 19:02:16 mailto: is a URI scheme, being updated to deal with I18N issues 19:02:28 q+ to note similarities to XMPP <-> HTTP community issues. 19:02:32 ack next 19:02:35 DKA, you wanted to note similarities to XMPP <-> HTTP community issues. 19:02:49 DanC: what I meant was that the change from the email address the URI is a local function. 19:02:59 prepend "mailto:" turns email address into URI 19:03:04 Global convention for a local function 19:03:11 Tim: It's a globally agreed locally executed function. 19:04:12 DKA: XMPP community also found URI's to be inconvenient for users 19:04:16 I think there's a level of indirection... http://x/.well-known/host-meta contains a rewrite rule that will transform user@x into an arbitrary URI (presumably containing the user name) 19:04:16 q? 19:04:16 zakim, mute me 19:04:18 DKA should now be muted 19:04:43 action-363? 19:04:43 ACTION-363 -- Jonathan Rees to inform SemWeb CG about market developments around webfinger and metadata access, and investigate relationship to RDFa and linked data -- due 2010-02-24 -- OPEN 19:04:43 http://www.w3.org/2001/tag/group/track/actions/363 19:04:51 action-363 due +2 weeks 19:04:51 ACTION-363 Inform SemWeb CG about market developments around webfinger and metadata access, and investigate relationship to RDFa and linked data due date now +2 weeks 19:05:07 (feel free to make a better guess at due date, jar) 19:05:11 Topic: Device API Policy issues 19:05:16 ACTION-380? 19:05:16 ACTION-380 -- Daniel Appelquist to draft response to Fredrick, short and to the point. Larry to review. -- due 2010-03-04 -- PENDINGREVIEW 19:05:16 http://www.w3.org/2001/tag/group/track/actions/380 19:05:20 ack me 19:05:48 Noah: Along the way I had a to-do to respond to Frederick. Why is 380 there and why is it different to what I already did? 19:06:15 q+ to note DAP issue on W3C/IETF coordination call 19:06:21 DKA: So, I'm a new guy... 19:06:32 DKA: This was to be a response from the TAG. 19:06:51 http://lists.w3.org/Archives/Public/public-ietf-w3c/2010Mar/0002.html 19:06:55 yesterday 19:07:26 http://www.w3.org/2001/tag/group/track/actions/318 19:07:31 Send note to Device APIs and Policy (DAP) Working Group on behalf of the TAG 19:07:47 The note I sent ends with: 19:07:47 Thank you very much. 19:07:47 Noah Mendelsohn 19:07:47 For the W3C Technical Architecture Group 19:08:29 Thomas R. reported there Thomas: TAG feedback was that this wasn't necessarily a good approach 19:08:29 19:08:42 q? 19:09:23 q+ to borrow some TAG time to do team business about geolocation news... 19:09:24 This action got opened at: http://www.w3.org/2001/tag/2010/01/28-minutes 19:09:28 ack next 19:09:29 masinter, you wanted to note DAP issue on W3C/IETF coordination call 19:10:01 q+ to note http://lists.w3.org/Archives/Public/public-geolocation/2010Mar/0007.html 19:10:16 q+ to look a bit at Jan 28 minutes 19:10:31 ack next 19:10:32 DanC, you wanted to borrow some TAG time to do team business about geolocation news... and to note http://lists.w3.org/Archives/Public/public-geolocation/2010Mar/0007.html 19:10:33 Larry: The topic of this was the subject of the W3C-IETF coordination call. Thomas R. reported that the TAG was concerned. The message has been received [by the IETF]. 19:10:48 q? 19:11:17 Larry: Topic 5 on security. 19:12:01 if there were assurances, they weren't in the minutes 19:12:51 DanC: There is a 3-march message from John Morris of CDT. Long message giving all the ingredients of a formal objection but not objecting [to Geo going to CR] and in particular to the API should include privacy. 19:13:06 (he's not affiliated with the IETF, but he holds a similar position) 19:13:08 Ashok: this is part of the action I took on last week. 19:13:13 From John Morris' note: 19:13:13 Thus, to be clear, we think that the W3C should proceed to finalize 19:13:13 the 1.0 version of the specification. But – and here is where we hope 19:13:13 the W3C Team will accommodate a variation on the normal process – we 19:13:13 believe that the W3C Director should ALSO carefully review and 19:13:14 evaluate the objections we have raised. 19:13:21 Our goal is not to delay the 19:13:21 specification, but instead is to seek guidance from the W3C as to 19:13:21 whether both the process and substantive output of this WG meet the 19:13:22 current standards of the W3C. If they do – and they may well – then 19:13:24 that guidance would factor into my organization’s evaluation of its 19:13:26 continued involvement in the W3C. 19:13:39 DanC: John Morris is representing CDT in this case. 19:15:41 Minutes of 1-28 TAG meeting are: Our goal is not to delay the 19:15:41 specification, but instead is to seek guidance from the W3C as to 19:15:41 whether both the process and substantive output of this WG meet the 19:15:41 current standards of the W3C. If they do – and they may well – then 19:15:41 that guidance would factor into my organization’s evaluation of its 19:15:42 continued involvement in the W3C. 19:15:45 argh!!! 19:15:53 http://www.w3.org/2001/tag/2010/01/28-minutes#item04 19:15:58 Tim: We [the TAG] looked at whether there was a serious technical problem. After our involvement, the working group did make a more thorough job of going over the input even though they didn't change their course. 19:16:39 http://www.w3.org/2001/tag/2010/01/28-minutes#item04 is the telcon where ACTION-380 got assigned to DKA 19:17:12 F2F session with TLR: http://www.w3.org/2001/tag/2009/12/08-tagmem-minutes.html#item03 19:17:17 tx 19:17:26 Tim: The architectural issue here - the architecture of including privacy information with other information. Should we encourage the consortium to have a consistent architecture across different APIs [for privacy]. Should this be designed independent of Geo and other things? There are lots of APIs for different sorts of things many of which are sensitive. 19:18:09 ... geo has some specific issues [but] should we be looking for a consistent way of packaging information with the privacy information around it? 19:18:10 I still like my idea of mandating the right extensibility hooks; have heard of objections from implementors, but I don't yet understand what those objections are 19:18:14 q+ to try to generalize privacy with security, internationalization, accessibility issues 19:18:20 ack next 19:18:21 noah, you wanted to look a bit at Jan 28 minutes 19:18:31 http://www.w3.org/2001/tag/2010/01/28-minutes#item04 is the telcon where ACTION-380 got assigned to DKA 19:18:49 -Ht 19:19:01 Should we be building systems so that whenever they expect data X they can also accept package of X and the social metadata about X? 19:19:04 http://www.escholarship.org/uc/item/0rp834wf is a good article on this BTW 19:19:29 to enable quality "X" protocols must accompodate transmission of auxiliary information and representation to preserve X. For I18N, it's ability to do unicode and including "lang" annotations in cases where the language context. For security, it's being clear about authority of information and a way of accessing that. For privacy there has to be a channel, and use cases of using the channel. etc. 19:19:34 (380 and 371 are don't to my satisfaction, regardless of their history) 19:19:39 Noah: I mentioned interest in extensibility mechanisms and how they play here. 19:19:58 because these qualities (privacy, security, internationalization, accessibility) are often not enforced merely by market forces 19:20:15 ... wrt "ACTION-380" what is "this"? 19:20:40 Noah: So you did send a note. 19:20:42 Dan: Yes: 19:20:43 he sent http://lists.w3.org/Archives/Public/www-tag/2010Feb/0044.html 19:20:49 DKA sent: http://lists.w3.org/Archives/Public/www-tag/2010Feb/0044.html 19:21:09 Noah: I propose we agree to close ACTION-380 then. Any objections? 19:21:13 Larry: It's fine. 19:21:18 [no objections] 19:21:26 close ACTION-380 19:21:26 ACTION-380 Draft response to Fredrick, short and to the point. Larry to review. closed 19:21:26 q? 19:21:33 action-397? 19:21:33 ACTION-397 -- Ashok Malhotra to frame F2F discussion on geolocation and geopriv, with help from DKA -- due 2010-03-10 -- OPEN 19:21:33 http://www.w3.org/2001/tag/group/track/actions/397 19:21:49 ack next\ 19:22:46 Larry: I just was wondering if there's a way this can cover other kinds of issues we've addressed in the past having to do with i18n, security... some things that are not what customers are asking for but are for the greater good. E.g. use of UNICODE. 19:23:00 I take Larry's point in principle; I don't immediately see how to use it to frame an effective set of next steps for the TAG. 19:23:01 (I think the unicode stuff got worked out by market forces, in the end. it took FOREVER. how old is the utf-8 RFC?) 19:23:04 Larry: Similar kinds of policies around accessibility. 19:23:27 q+ to ask Larry what to do 19:23:30 ack next 19:23:31 masinter, you wanted to try to generalize privacy with security, internationalization, accessibility issues 19:23:40 ack next 19:23:41 noah, you wanted to ask Larry what to do 19:23:47 Larry: A general piece of direction that we need to look a the higher level policy issues - needs beyond the market forces. 19:23:56 Noah: So what would the TAG do? 19:24:39 Larry: We have some architectural statements around accessibility. We should have a concrete position [on privacy]. 19:25:05 Noah: Not sure what to do concretely ... 19:25:05 longer-term economic benefit, even if it doesn't meet short-term market needs 19:25:11 q+ 19:25:21 ack next 19:25:56 DanC: people are motivated by money or hard-earned experience... 19:26:40 s/money/the prospect of money/ 19:26:48 q+ isn't there a genera architectural principle here around privacy data packaged with other data that we could / should say something about? 19:27:25 we did 19:27:43 action-380? 19:27:43 ACTION-380 -- Daniel Appelquist to draft response to Fredrick, short and to the point. Larry to review. -- due 2010-03-04 -- CLOSED 19:27:43 http://www.w3.org/2001/tag/group/track/actions/380 19:27:43 t-3 19:27:54 action-371? 19:27:54 ACTION-371 -- Noah Mendelsohn to schedule TAG discussion of DAP WG query on policy (self-assigned) -- due 2010-01-26 -- CLOSED 19:27:54 http://www.w3.org/2001/tag/group/track/actions/371 19:28:49 DKA: Is there a concrete, technical point about packaging privacy with data? 19:29:00 re here around privacy data packaged with other data that we could / should say something about? ... you need to sat "q+ to ...." 19:29:16 DKA: At the first geo meetings, I was not happy with the notion that privacy should go with APIs, now starting to doubt based on UC Berkeley paper. 19:29:22 t-1 19:30:00 The Berkeley Paper: http://www.escholarship.org/uc/item/0rp834wf 19:30:16 action-397: perhaps take a look at http://www.escholarship.org/uc/item/0rp834wf 19:30:16 ACTION-397 Frame F2F discussion on geolocation and geopriv, with help from DKA notes added 19:30:37 Noah: Dan A, Ashok is to propose help from you (ACTION-397) what we will discuss on the f2f. 19:30:53 -Ashok_Malhotra 19:30:57 Noah: Adjourned. 19:31:53 -DKA 19:32:02 How can we take advice on privacy from someone who uses frames and flash and and 19:32:30 javascript:dynamicLink("0rp834wf.pdf",%20true,%20"action=transientDownload;expire=72h;from=2010-03-04:11:30;key=1fe20ca9476a51e2f01d1d65ae2f4f31") 19:32:57 Abstract: 19:32:57

The W3C's Geolocation API may rapidly standardize the transmission of location information 19:32:57 on the Web, but, in dealing with such sensitive information, it also raises serious privacy 19:32:57 concerns. We analyze the manner and extent to which the current W3C Geolocation API provides 19:32:57 mechanisms to support privacy. We propose a privacy framework for the consideration of location 19:32:58 information and use it to evaluate the W3C Geolocation API, both the specification and its use in 19:33:00 the wild, and recommend some modifications to the API as a result of our analysis.

19:33:00

The W3C's Geolocatio 19:33:44 http://www.escholarship.org/uc/item/0rp834wf.pdf?action=transientDownload;expire=72h;from=2010-03-04:11:30;key=1fe20ca9476a51e2f01d1d65ae2f4f31 19:34:02 Cool URIs never change theu just expire 19:35:57 noah has joined #tagmem 19:35:57 -TimBL 19:36:04 Thank you for chairing Noah 19:40:46 -DanC 19:40:48 -jar 19:40:49 -Larry 19:40:49 TAG_Weekly()1:00PM has ended 19:40:51 Attendees were jar, DanC, DKA, noah, Ashok_Malhotra, Larry, TimBL, Ht 19:47:29 zakim, pointer? 19:47:29 I don't understand your question, Ashok. 19:47:41 rrsagent, pointer? 19:47:41 See http://www.w3.org/2010/03/04-tagmem-irc#T19-47-41 19:51:50 i promised to do something today and now i don't remember what 20:01:37 thanks for taking the ball on updating the public-iri archive homepage, larry. 21:15:01 jar has joined #tagmem 22:03:33 Zakim has left #tagmem