W3C

- DRAFT -

Widgets Voice Conference

08 Jul 2010

Agenda

See also: IRC log

Attendees

Present
Laszlo_Gombos, Steven_Pemberton, Marcos_Caceres, Kenneth
Regrets
Frederick
Chair
Art
Scribe
Art

Contents

<scribe> ScribeNick: ArtB

<scribe> Scribe: Art

Review and tweak agenda

AB: the draft agenda was submitted on July 7 ( http://lists.w3.org/Archives/Public/public-webapps/2010JulSep/0095.html ). If Robin doesn't join, we will drop the URI scheme agenda item. Any change requests?

Announcements

AB: any short announcements? DAP WG has f2f meeting next week so there will be no call on July 15 and I have a conflict on July 22 so there will be no call on that day. Next call will be July 29.

MC: I added licenses to the test cases
... did for P&C spec
... reflects the discussion we had with Rigo Wenning
... there is a license in every widget zip
... and it points to the W3C license
... plan to do the TWI spec
... Opera created a Perl script to do the work of adding the license

AB: thanks very much!

<Marcos> http://dev.w3.org/2006/waf/mkwidgets.pl

Packaging and Configuration spec

AB: Issue-117 "In Widget P&C Spec, need to clarify in the spec that dir attribute does not apply to attributes that are IRIs, Numeric, Keywords, etc. The dir attribute only affects human readable strings." ( http://www.w3.org/2008/webapps/track/issues/117 )
... Marcos asked the I18N WG for feedback ( http://lists.w3.org/Archives/Public/public-webapps/2010JulSep/0041.html ). Anything to report on this?

MC: no I haven't received any replies

AB: this is blocking our P&C PR request
... so I'll follow-up with Richard and Addison

<scribe> ACTION: barstow followup with I18N WG re Issue-117 [recorded in http://www.w3.org/2010/07/08-wam-minutes.html#action01]

<trackbot> Created ACTION-565 - Followup with I18N WG re Issue-117 [on Arthur Barstow - due 2010-07-15].

<Steven_> \

MC: re the <span> and dir attribute
... I added some tests
... also added some tests to reflect the VM media feature CR

AB: the P&C had to be updated because the values of the view-mode media feature had changed

<Marcos> http://dev.w3.org/2006/waf/widgets/test-suite/test-cases/ta-viewmodes/

MC: clarified the set of attributes that are Keywords and which attrs are displayable
... the changes are purely editorial - no normative changes
... Lachlan created over 100 tests for <span> and dir attr
... we will submit them soon

AB: that's great - thanks to Lachlan!

MC: the tests are related to parsing the element and attribute
... we do need to talk to the I18N guys to make sure we are doing the right thing
... for the purposes of the test suite, must do byte comparison
... After we complete the model, we will send an email that explains what we did

The Widget Interface spec

AB: Issue-116 "Need to flesh out the security considerations for the openURL method in the Widget Interface spec" ( http://www.w3.org/2008/webapps/track/issues/116 )
... Marcos proposed resolution to Issue-116 is to remove openURL from the spec ( http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/1229.html ).
... last week we agreed ( http://www.w3.org/2010/07/01-wam-minutes.html#item03 ) to get more input from implementors.

MC: I've asked implementors and widget developers
... no one so far has come back with a really good use case
... or that we can't live without it given its issues

LG: I haven't followed all of the discussions
... I would like to understand the security issues
... but I just heard it may not be useful

MC: well, it is useful but its use must be secure
... e.g. when can a widget send a SMS without the user's consent

LG: agree user consent is needed
... the spec doesn't mention user consent
... for example, sms and user consent is left to the implementation

MC: not clear it should open a new app without user intervention
... e.g. could open a URL after some timer expires
... I don't think a URL should be opened without user consent
... need to be careful about windows being automatically opened

<Marcos> http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0570.html

MC: Adam Barth referenced related issues

AB: is this the one: http://www.gnucitizen.org/blog/ie-pwns-secondlife/ ?

<Marcos> "I'm not familiar enough with the use cases for widgets to know what the alternatives are. My perspective is that we'd be better off with a much weaker window.open() API in the web platform, but we're stuck with what we have. In the widgets space, it seems like there's an opportunity to do something better that doesn't require us to reinvent popup blockers and all the other pseudo-security cruft we have around to deal with window.open() in browsers."

<Marcos> Says Adam

MC: in Adam's email, he makes two proposals
... #1 is to remove the API and handle it programatically
... #2 is to use a white list of URLs

LG: do you consider widget openURL as similar to window.open()?

MC: no, the use cases are different
... window.open is to do an overlay
... openURL is fire and forget in Opera

LG: but what about other schemes?

MC: we don't support other schemes except perhaps mailto:
... can use <a> element's click
... also want to use a white list of allowed URIs

LG: so openURL is considered redundant?
... and hence no use for it?

MC: yes, that's our thinking
... we want to defer to the HTML5 security model
... rather than define our own

LG: ok;

MC: I'm leaning towards dropping it
... but want to hear from others

AB: is openURL used in Opera widgets?

MC: yes, it is part of Opera widgets

AB: openURL is part of S60 widgets
... do we want to consider moving it to a separate spec?

MC: I think that is worth considering
... I don't think we want to continue to discuss it
... don't think we loose anything by removing it
... that is, can use other means e.g. <a> and click to get the same result

AB: I want to get closure but think we need some more time
... we could create a proposed resolution and then on July 29, agree to a resolution
... would that be OK?

LG: yes, that would be OK

MC: yes that would be fine

AB: since this spec is in CR, I will start a new thread to solicit input

<scribe> ACTION: barstow start a thread on Issue-117 to gather input on the various options [recorded in http://www.w3.org/2010/07/08-wam-minutes.html#action02]

<trackbot> Created ACTION-566 - Start a thread on Issue-117 to gather input on the various options [on Arthur Barstow - due 2010-07-15].

AB: anything else on this topic for today?

KC: nothing new to add

AOB

AB: next call is July 29
... meeting adjourned

Summary of Action Items

[NEW] ACTION: barstow followup with I18N WG re Issue-117 [recorded in http://www.w3.org/2010/07/08-wam-minutes.html#action01]
[NEW] ACTION: barstow start a thread on Issue-117 to gather input on the various options [recorded in http://www.w3.org/2010/07/08-wam-minutes.html#action02]
 
[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2010/07/08 13:37:30 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.135  of Date: 2009/03/02 03:52:20  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Found ScribeNick: ArtB
Found Scribe: Art
Present: Laszlo_Gombos Steven_Pemberton Marcos_Caceres Kenneth
Regrets: Frederick
Agenda: http://lists.w3.org/Archives/Public/public-webapps/2010JulSep/0095.html
Got date from IRC log name: 08 Jul 2010
Guessing minutes URL: http://www.w3.org/2010/07/08-wam-minutes.html
People with action items: barstow
[End of scribe.perl diagnostic output]