See also: IRC log
<scribe> ScribeNick: ArtB
<scribe> Scribe: Art
AB: the draft agenda was submitted on July 7 ( http://lists.w3.org/Archives/Public/public-webapps/2010JulSep/0095.html ). If Robin doesn't join, we will drop the URI scheme agenda item. Any change requests?
AB: any short announcements? DAP WG has f2f meeting next week so there will be no call on July 15 and I have a conflict on July 22 so there will be no call on that day. Next call will be July 29.
MC: I added licenses to the test
cases
... did for P&C spec
... reflects the discussion we had with Rigo Wenning
... there is a license in every widget zip
... and it points to the W3C license
... plan to do the TWI spec
... Opera created a Perl script to do the work of adding the
license
AB: thanks very much!
<Marcos> http://dev.w3.org/2006/waf/mkwidgets.pl
AB: Issue-117 "In Widget P&C
Spec, need to clarify in the spec that dir attribute does not
apply to attributes that are IRIs, Numeric, Keywords, etc. The
dir attribute only affects human readable strings." ( http://www.w3.org/2008/webapps/track/issues/117
)
... Marcos asked the I18N WG for feedback (
http://lists.w3.org/Archives/Public/public-webapps/2010JulSep/0041.html
). Anything to report on this?
MC: no I haven't received any replies
AB: this is blocking our P&C
PR request
... so I'll follow-up with Richard and Addison
<scribe> ACTION: barstow followup with I18N WG re Issue-117 [recorded in http://www.w3.org/2010/07/08-wam-minutes.html#action01]
<trackbot> Created ACTION-565 - Followup with I18N WG re Issue-117 [on Arthur Barstow - due 2010-07-15].
<Steven_> \
MC: re the <span> and dir
attribute
... I added some tests
... also added some tests to reflect the VM media feature
CR
AB: the P&C had to be updated because the values of the view-mode media feature had changed
<Marcos> http://dev.w3.org/2006/waf/widgets/test-suite/test-cases/ta-viewmodes/
MC: clarified the set of
attributes that are Keywords and which attrs are
displayable
... the changes are purely editorial - no normative
changes
... Lachlan created over 100 tests for <span> and dir
attr
... we will submit them soon
AB: that's great - thanks to Lachlan!
MC: the tests are related to
parsing the element and attribute
... we do need to talk to the I18N guys to make sure we are
doing the right thing
... for the purposes of the test suite, must do byte
comparison
... After we complete the model, we will send an email that
explains what we did
AB: Issue-116 "Need to flesh out
the security considerations for the openURL method in the
Widget Interface spec" ( http://www.w3.org/2008/webapps/track/issues/116
)
... Marcos proposed resolution to Issue-116 is to remove
openURL from the spec (
http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/1229.html
).
... last week we agreed ( http://www.w3.org/2010/07/01-wam-minutes.html#item03
) to get more input from implementors.
MC: I've asked implementors and
widget developers
... no one so far has come back with a really good use
case
... or that we can't live without it given its issues
LG: I haven't followed all of the
discussions
... I would like to understand the security issues
... but I just heard it may not be useful
MC: well, it is useful but its
use must be secure
... e.g. when can a widget send a SMS without the user's
consent
LG: agree user consent is
needed
... the spec doesn't mention user consent
... for example, sms and user consent is left to the
implementation
MC: not clear it should open a
new app without user intervention
... e.g. could open a URL after some timer expires
... I don't think a URL should be opened without user
consent
... need to be careful about windows being automatically
opened
<Marcos> http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0570.html
MC: Adam Barth referenced related issues
AB: is this the one: http://www.gnucitizen.org/blog/ie-pwns-secondlife/ ?
<Marcos> "I'm not familiar enough with the use cases for widgets to know what the alternatives are. My perspective is that we'd be better off with a much weaker window.open() API in the web platform, but we're stuck with what we have. In the widgets space, it seems like there's an opportunity to do something better that doesn't require us to reinvent popup blockers and all the other pseudo-security cruft we have around to deal with window.open() in browsers."
<Marcos> Says Adam
MC: in Adam's email, he makes two
proposals
... #1 is to remove the API and handle it programatically
... #2 is to use a white list of URLs
LG: do you consider widget openURL as similar to window.open()?
MC: no, the use cases are
different
... window.open is to do an overlay
... openURL is fire and forget in Opera
LG: but what about other schemes?
MC: we don't support other
schemes except perhaps mailto:
... can use <a> element's click
... also want to use a white list of allowed URIs
LG: so openURL is considered
redundant?
... and hence no use for it?
MC: yes, that's our
thinking
... we want to defer to the HTML5 security model
... rather than define our own
LG: ok;
MC: I'm leaning towards dropping
it
... but want to hear from others
AB: is openURL used in Opera widgets?
MC: yes, it is part of Opera widgets
AB: openURL is part of S60
widgets
... do we want to consider moving it to a separate spec?
MC: I think that is worth
considering
... I don't think we want to continue to discuss it
... don't think we loose anything by removing it
... that is, can use other means e.g. <a> and click to
get the same result
AB: I want to get closure but
think we need some more time
... we could create a proposed resolution and then on July 29,
agree to a resolution
... would that be OK?
LG: yes, that would be OK
MC: yes that would be fine
AB: since this spec is in CR, I will start a new thread to solicit input
<scribe> ACTION: barstow start a thread on Issue-117 to gather input on the various options [recorded in http://www.w3.org/2010/07/08-wam-minutes.html#action02]
<trackbot> Created ACTION-566 - Start a thread on Issue-117 to gather input on the various options [on Arthur Barstow - due 2010-07-15].
AB: anything else on this topic for today?
KC: nothing new to add
AB: next call is July 29
... meeting adjourned
This is scribe.perl Revision: 1.135 of Date: 2009/03/02 03:52:20 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found ScribeNick: ArtB Found Scribe: Art Present: Laszlo_Gombos Steven_Pemberton Marcos_Caceres Kenneth Regrets: Frederick Agenda: http://lists.w3.org/Archives/Public/public-webapps/2010JulSep/0095.html Got date from IRC log name: 08 Jul 2010 Guessing minutes URL: http://www.w3.org/2010/07/08-wam-minutes.html People with action items: barstow[End of scribe.perl diagnostic output]