15:55:47 <RRSAgent> RRSAgent has joined #webperf
15:55:47 <RRSAgent> logging to http://www.w3.org/2010/10/27-webperf-irc
15:56:24 <AndersonQuach> rrsagent, set logs world-visible
15:56:34 <AndersonQuach> meeting: Web Performance WG Teleconference
15:56:40 <AndersonQuach> chair: ArvindJain
15:56:47 <AndersonQuach> scribe: AndersonQuach
15:56:58 <AndersonQuach> present+ AndersonQuach
15:57:06 <AndersonQuach> list the agenda
15:57:37 <AndersonQuach> agenda+ Feedback on information disclosure issue w/ Navigation Timing: navigationStart, redirectStart, redirectEnd, unloadEventStart, unloadEventEnd, and redirectCount
15:57:55 <AndersonQuach> agenda+ Definition of same-origin, with respect to publicsuffix+1 and as it relates to navigations, the Origin definition does not capture when going from a site to another. 
15:58:08 <AndersonQuach> agenda+ Behavior of window.performance when disabled.
15:58:16 <AndersonQuach> agenda+ Finalize interface names (See: http://lists.w3.org/Archives/Public/public-web-perf/2010Oct/0040.html)
15:58:38 <AndersonQuach> agenda+ Behavior of window.performance when disabled.
15:58:49 <AndersonQuach> agenda+ Resource Timing and User Timing.
15:58:57 <AndersonQuach> agenda+ Any other business.
15:59:07 <AndersonQuach> zakim, save agenda
15:59:13 <Zakim> ok, AndersonQuach, the agenda has been written to http://www.w3.org/2010/10/27-webperf-agenda.rdf
15:59:14 <AndersonQuach> present+ NicJansma
16:00:28 <tonyg> tonyg has joined #webperf
16:03:03 <AndersonQuach> present+ TonyG
16:03:49 <Zhiheng> Zhiheng has joined #webperf
16:04:08 <AndersonQuach> present+ Zhiheng
16:05:34 <plh> plh has joined #webperf
16:05:42 <plh> zakim, list conferences
16:05:42 <Zakim> I see Team_(ecc)16:00Z, RWC_web-per(WPWG)12:00PM, Style_CSS FP()12:00PM, WAI_PF()12:00PM, VB_VBWG(SCXML)12:00PM active
16:05:44 <Zakim> also scheduled at this time are INC_SWXG()11:00AM, T&S_EGOV(UseWebTech)12:00PM
16:05:48 <plh> zakim, this will be web-per
16:05:50 <Zakim> ok, plh, I see RWC_web-per(WPWG)12:00PM already started
16:05:56 <Zakim> +Plh
16:08:43 <AndersonQuach> next agendum
16:09:05 <AndersonQuach> topic: Feedback on information disclosure issue w/ Navigation Timing: navigationStart, redirectStart, redirectEnd, unloadEventStart, unloadEventEnd, and redirectCount
16:11:24 <AndersonQuach> AndersonQuach: feedback, not to be explicit about leaking information about the previous site.
16:11:35 <AndersonQuach> TonyG: Similar findings, attacks can be constructed with today's means. 
16:11:39 <AndersonQuach> TonyG: What do we want to do?
16:11:46 <biesi> biesi has joined #webperf
16:12:15 <AndersonQuach> NicJansma: Simpilest approach is to zero out fields, navigationStart, redirectStart, redirectEnd, unloadEventStart, unloadEventEnd.
16:12:26 <AndersonQuach> Present+ Christian
16:12:52 <AndersonQuach> TonyG: It's good to be consistent field. What about navigationStart as a start point?
16:12:57 <Christian> (once I dial the number)
16:13:11 <Zakim> + +1.650.691.aacc
16:14:21 <AndersonQuach> Zhiheng: Question, does the privacy concern still apply in the case of no redirection from a different origin to the target origin?
16:14:58 <AndersonQuach> TonyG: Sites doing before, setting time in a cookie on previous page, to get a full timeline on the subsequent page?
16:16:05 <AndersonQuach> TonyG: navigationStart is less useful if we cannot collect it consistently.
16:17:00 <AndersonQuach> Zhiheng: what about non-redirect case? unload phase is info disclosure. what about exposing navigationStart with no-redirection?
16:18:37 <AndersonQuach> TonyG: if navigationStart goes away, fetchStart is the new earliest time.
16:19:53 <AndersonQuach> NicJansma: We have seen navigationStart and fetchStart vary.
16:21:20 <AndersonQuach> AndersonQuach: there is no info disclosure to have navigationStart as it is without the redirects.
16:22:41 <AndersonQuach> NicJansma: Summary, in the case if on the same dest/target origin all attributes are there. In the case of no-redirect, navigationStart is there. If there is a redirect from the same origin we have all the attributes. If there is a redirect and different dest/target origin navigationStart, redirectStart|End, unloadStart|End and redirectCount is zero.
16:23:31 <AndersonQuach> NicJansma: new attribute in nav info to signal cross dest/target domain?
16:23:55 <AndersonQuach> TonyG: maybe a special value, or the attributes are undef or access is denied.
16:24:09 <AndersonQuach> NicJansma: site devs not expecting script errors or exceptions.
16:24:16 <AndersonQuach> TonyG: it will be difficult to use.
16:24:45 <AndersonQuach> NicJansma: They can differentiate with the differences between values in unload versus and redirect.
16:24:55 <AndersonQuach> TonyG: Okay to be zeroed and the rest can be inferred.
16:25:38 <AndersonQuach> Zhiheng: how to differentiate different cases? 
16:28:59 <AndersonQuach> Zhiheng: end-user perception and the latency for destination page?
16:32:12 <AndersonQuach> Zhiheng: what about defining navigationStart as after the redirect phase as proposed in mail?
16:32:33 <AndersonQuach> TonyG: what is the difference between navigationStart and fetchStart?
16:34:13 <AndersonQuach> TonyG: i like having navigationStart closer to end-user perceived time.
16:34:53 <AndersonQuach> NicJansma: yes, because the end-user perceived time is still valuable on same domain redirect and sub-sequent navigations.
16:35:33 <AndersonQuach> NicJansma: we would like to keep navigationStart as in IE and Chrome webkit implementation.
16:35:47 <AndersonQuach> Christian: making navigationStart as the end-user time is the right thing to me.
16:35:50 <AndersonQuach> Zhiheng: okay.
16:37:39 <AndersonQuach> Zhiheng: I agree and update processing model.
16:38:21 <AndersonQuach> next agenda
16:38:47 <AndersonQuach> topic Definition of same-origin, with respect to publicsuffix+1 and as it relates to navigations.
16:41:50 <AndersonQuach> TonyG: Public suffix means TLD. +1 means domain.
16:41:58 <AndersonQuach> Zhiheng: Correct.
16:42:30 <AndersonQuach> Zhiheng: publicsuffix + 1, same schema, same port.
16:42:54 <AndersonQuach> NicJansma: will google.com be considered the same as www.google.com.
16:43:01 <AndersonQuach> Zhiheng: that is TLD.
16:44:40 <AndersonQuach> AndersonQuach: HTML5 definition: http://www.w3.org/TR/html5/origin-0.html
16:45:53 <AndersonQuach_> AndersonQuach_ has joined #webperf
16:46:39 <AndersonQuach_> NicJansma: definition for redirect being none same origin redirections.
16:46:45 <Zhiheng> http://www.w3.org/TR/html5/origin-0.html#origin-0
16:47:02 <AndersonQuach_> TonyG: there may be a definition in the HTML5 spec. we probably need to find it offline.
16:48:53 <AndersonQuach_> NicJansma: should be up to the site
16:49:32 <AndersonQuach_> Zhiheng: same origin policy does not include path.
16:49:40 <AndersonQuach_> NicJansma: we do not want to include the path.
16:50:02 <AndersonQuach_> AndersonQuach: what about sub-domains?
16:50:07 <AndersonQuach_> Zhiheng: only the TLD
16:50:35 <AndersonQuach_> TonyG: we need to do some research.
16:51:33 <AndersonQuach_> TonyG: capture in the spec that the redirect chain, and match up everything in the spec.
16:52:32 <AndersonQuach_> Next Agenda
16:52:44 <AndersonQuach_> topic: Behavior of window.performance when disabled.
16:54:32 <AndersonQuach_> AndersonQuach: recommend, if it's disabled must not provide the interface.
16:54:35 <AndersonQuach_> TonyG: agreed.
16:54:41 <AndersonQuach_> Zhiheng: sounds good.
16:54:49 <AndersonQuach_> Christian: concerned how the implementation of that could work.
16:55:02 <AndersonQuach_> Christian: easier to provide a null return or undef return.
16:55:28 <AndersonQuach_> AndersonQuach: let's go with null
16:55:35 <AndersonQuach_> next Agenda
16:55:46 <AndersonQuach_> topic: Finalize interface names (See: http://lists.w3.org/Archives/Public/public-web-perf/2010Oct/0040.html)"
16:56:38 <AndersonQuach_> TonyG: Performance, PerformanceTiming, PerformanceNavigation and keep going with that scheme.
16:56:43 <AndersonQuach_> NicJansma: That sounds fine.
16:57:22 <AndersonQuach_> Zhiheng: that sounds good.
16:58:00 <AndersonQuach_> TonyG: s/NavigationTiming/PerformanceTiming/ s/NavigationInfo/PerformanceNavigation/
16:58:03 <AndersonQuach_> list the agenda
16:58:31 <mdelaney> mdelaney has joined #webperf
16:59:31 <Christian> me too
17:00:01 <AndersonQuach_> NicJansma: should not have sort order for NavigationTiming attributes, order can be messed up if extended.
17:00:05 <Zakim> -Plh
17:00:12 <AndersonQuach_> TonyG: sentence, ordering is not normative.
17:00:23 <AndersonQuach_> NicJansma: spec says chronological order.
17:00:41 <Zakim> - +1.650.691.aacc
17:00:51 <Christian> I have to go
17:02:31 <Zakim> -[Microsoft]
17:02:34 <Zakim> - +1.650.248.aaaa
17:02:36 <Zakim> - +1.650.390.aabb
17:02:38 <Zakim> RWC_web-per(WPWG)12:00PM has ended
17:02:42 <Zakim> Attendees were +1.650.248.aaaa, [Microsoft], +1.650.390.aabb, Plh, +1.650.691.aacc
17:31:55 <AndersonQuach_> Summary
17:32:14 <AndersonQuach_> 1.	The attributes navigationStart, redirectStart, redirectEnd, unloadEventStart, and unloadEventEnd will zero out in cross-origin navigations and non-same redirection chain. The rationale is that this is explicitly providing information about the previous domain previously not easily accessible and will enable site developers to glean information about end-users visiting their site.
17:32:23 <AndersonQuach_> 1 a. In scenarios where there are no redirection chain, navigationStart begins immediately after the prompt for unload, if the previous page and the current page are of the same origin or different origin.
17:32:29 <AndersonQuach_> 1 b. If the navigationStart and fetchStart are of the same origin and the redirect chain is of the same origin or no redirect chain, the site developer has all the attributes.
17:32:34 <AndersonQuach_> 1 c. If the navigationStart and fetchStart are of different origins and there is a redirection chain the following attributes are to be zero: navigationStart, redirectStart, redirectEnd, unloadEventStart, unloadEventEnd and redirectCount. 
17:32:53 <AndersonQuach_> 2.	The navigationStart attribute will capture the end-user perceived time and begin immediately before redirectStart in allowable cases.
17:33:00 <AndersonQuach_> 3.	Currently we will use the origin definition as specified in HTML5 section 5.3 Origin. And specify navigation scenarios when involving different domains from the previous navigation to the target navigation and different domains in redirect chains.
17:33:04 <AndersonQuach_> 4.	The ability to disable the interface needs to become a “May” level requirement. The behavior when the interface is disabled is a “Must” level requirement. The window.performance.timing and window.performance.navigation interface must be null when disabled
17:33:09 <AndersonQuach_> 5.	The naming for the interfaces should have the Performance prefixes. The recommended changes are: s/NavigationTiming/PerformanceTiming/ s/NavigationInfo/PerformanceNavigation/ and subsequent interfaces for ResourceTiming and UserTiming will follow this convention.
17:33:14 <AndersonQuach_> 6.	When enumerating the window.performance.timing attributes, there is no order implied. As developers may extend this interface and the order may change from site to site and user agent to user agent.
17:33:22 <AndersonQuach_> rrsagent, generate minutes
17:33:22 <RRSAgent> I have made the request to generate http://www.w3.org/2010/10/27-webperf-minutes.html AndersonQuach_
17:34:00 <AndersonQuach_> rrsagent, set logs world visible
17:34:30 <AndersonQuach_> rrsagent, set logs world-visible
17:34:33 <AndersonQuach_> rrsagent, generate minutes
17:34:33 <RRSAgent> I have made the request to generate http://www.w3.org/2010/10/27-webperf-minutes.html AndersonQuach_
17:35:21 <AndersonQuach> AndersonQuach has joined #webperf
17:35:28 <AndersonQuach> rrsagent, set logs world-visible
17:35:34 <AndersonQuach> rrsagent, generate minutes
17:35:34 <RRSAgent> I have made the request to generate http://www.w3.org/2010/10/27-webperf-minutes.html AndersonQuach
17:39:19 <AndersonQuach_> present+ plh
17:39:34 <AndersonQuach_> s/summary/topic: summary/
17:39:40 <AndersonQuach_> rrsagent, generate minutes
17:39:40 <RRSAgent> I have made the request to generate http://www.w3.org/2010/10/27-webperf-minutes.html AndersonQuach_
20:01:17 <mdelaney> mdelaney has joined #webperf
20:06:43 <plh> plh has left #webperf
20:39:00 <Martijnc> Martijnc has joined #webperf
21:49:00 <mdelaney_> mdelaney_ has joined #webperf
21:51:55 <mdelaney> mdelaney has joined #webperf
23:04:38 <mdelaney> mdelaney has joined #webperf