Web Performance Working Group Teleconference

20 Oct 2010

See also: IRC log


Biesi, AndersonQuach, Zhiheng, NicJansma, Sigbjorn, ArvindJain


<AndersonQuach_> list the agenda

<AndersonQuach_> Zhiheng: TonyG has gone thru security review with the Chrome team, suggestions include zero'ing out redirectCount in different origin navigations in the timeline, and to provide a means to disable the interface completely

<AndersonQuach_> AndersonQuach: Sounds good, as long as the disable via UI is a non-normative requirement.

<AndersonQuach_> Sigborn: We must be safe by default. The timings that reveal off-domain must not be available programmatically.

<AndersonQuach_> scribe: AndersonQuach

<AndersonQuach_> AndersonQuach: It can be feasible to attack with the same origin and a redirect service. We could remove redirectCount altogether.

<AndersonQuach_> AndersonQuach: And disable redirect and unloading timings for different origin.

<AndersonQuach_> Zhiheng: We need to hear more feedback from user-agent and security experts about the removal of redirectCount

<AndersonQuach_> Zhiheng: where is navigationStart?

<AndersonQuach_> Sigborn: What is same domain, same cookie domain?

<AndersonQuach_> Zhiheng: Same host

<AndersonQuach_> Sigborn: Cookie domain, sub domains of yahoo.com

<AndersonQuach_> AndersonQuach: where did we land with navigationStart

<AndersonQuach_> NicJansma: A->B->A->A, navigationStart should begin immediately prior the second A

<AndersonQuach_> NicJansma: for same domain with different origin redirections

<AndersonQuach_> Zhiheng: need to look to clarify navigationStart and redirectStart

<AndersonQuach_> AndersonQuach: Zhiheng, can you capture your thoughts and we'll get feedback from Jonas and TonyG?

<AndersonQuach_> NicJansma: Anderson and I will follow-up with additional feedback from our security review via mail and for the next meeting.

<AndersonQuach_> Sigborn: Should make the same domain be the same as the cookie domain, I will write it up.

<AndersonQuach_> AndersonQuach: Let's move the spec to a working draft as all the latest feedback has been incorporated.

<AndersonQuach_> AndersonQuach: Let's be explicit that this is not a user-agent benchmark.

<AndersonQuach_> Sigborn: Let's say due to the non-normative phases, the individual phases should not be used as a benchmark.

<AndersonQuach_> AndersonQuach: Agreed.

<AndersonQuach_> AndersonQuach: Let's simplify the accessing of the ResourceTiming

<AndersonQuach_> AndersonQuach: Let's say have a fixed buffer of 1000, have the ability to clear the buffer, and to expand the buffer to cater to WebApps.

<AndersonQuach_> Zhiheng: We don't want developers to crawl the page.

<AndersonQuach_> AndersonQuach: Agreed, we should have the timing centralized.

<AndersonQuach_> Zhiheng: Yup, the object should be easily serialized into a JSON object.

<AndersonQuach_> Zhiheng: How can a developer get the timing about a specific image?

<AndersonQuach_> NicJansma: Timing of a specific image?

<AndersonQuach_> Zhiheng: Yes.

<AndersonQuach_> NicJansma: ResourceTiming can have the URL and potentially the id and provide a means to filter based on type and/or id.

<AndersonQuach_> NicJansma: Goal for ResourceTiming to get timing that is inaccessible to JS.

<AndersonQuach_> NicJansma: We should keep in mind to be able to get the timing for individual elements and the collection.

<AndersonQuach_> Zhiheng: Come up with a short summary proposal and review the proposals.

<AndersonQuach_> AndersonQuach: I can write that out.

<AndersonQuach_> Zhiheng: ResourceTiming has privacy concern as well. To have an HTML header to turn this on.

<AndersonQuach_> Zhiheng: implement the allow policy in the http header.

<AndersonQuach_> Sigborn: This is possible but difficult to implement as seen in other W3C discussions.

<AndersonQuach_> NicJansma: For different origin we can reduce the amount of details, just having fetchStart -> loadEventEnd, not providing additional info via JS. Provide total time to load the content.

<AndersonQuach_> Sigborn: Expand definition of Same Origin to include Same Cookie Domain + Sub Domain.

<AndersonQuach_> AndersonQuach: 1. We agree to move spec to working draft.

<AndersonQuach_> AndersonQuach: 2. Discuss privacy offline, feedback from Tony and Jonas.

<AndersonQuach_> AndersonQuach: 3. Zhiheng will provide a proposal for navigationStart.

<AndersonQuach_> AndersonQuach: 4. Anderson will respond with the simplified resource timing proposal.

<AndersonQuach_> AndersonQuach: Thanks everyone for meeting!

list the agenda

rrsagent publish minutes

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2010/10/20 18:32:29 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.135  of Date: 2009/03/02 03:52:20  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Found Scribe: AndersonQuach
Inferring ScribeNick: AndersonQuach

WARNING: 4 scribe lines found (out of 83 total lines.)
Are you sure you specified a correct ScribeNick?

WARNING: No "Topic:" lines found.

WARNING: Replacing previous Present list. (Old list: Sigbjorn)
Use 'Present+ ... ' if you meant to add people without replacing the list,
such as: <dbooth> Present+ Zhiheng

WARNING: Replacing previous Present list. (Old list: Zhiheng)
Use 'Present+ ... ' if you meant to add people without replacing the list,
such as: <dbooth> Present+ NicJansma

WARNING: Replacing previous Present list. (Old list: NicJansma)
Use 'Present+ ... ' if you meant to add people without replacing the list,
such as: <dbooth> Present+ AndersonQuach

WARNING: Replacing previous Present list. (Old list: AndersonQuach)
Use 'Present+ ... ' if you meant to add people without replacing the list,
such as: <dbooth> Present+ Biesi

Present: Biesi AndersonQuach Zhiheng NicJansma Sigbjorn ArvindJain

WARNING: Replacing previous Regrets list. (Old list: JasonWeber)
Use 'Regrets+ ... ' if you meant to add people without replacing the list,
such as: <dbooth> Regrets+ plh

Regrets: plh
Got date from IRC log name: 20 Oct 2010
Guessing minutes URL: http://www.w3.org/2010/10/20-webperf-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report

[End of scribe.perl diagnostic output]