IRC log of tagmem on 2012-09-20

Timestamps are in UTC.

16:59:01 [RRSAgent]
RRSAgent has joined #tagmem
16:59:01 [RRSAgent]
logging to
16:59:09 [Zakim]
Zakim has joined #tagmem
16:59:19 [plinss]
zakim, this will be tag
16:59:19 [Zakim]
ok, plinss; I see TAG_Weekly()1:00PM scheduled to start in 1 minute
16:59:20 [Zakim]
TAG_Weekly()1:00PM has now started
16:59:25 [jar]
jar has joined #tagmem
16:59:26 [Zakim]
+ +1.617.500.aaaa
17:00:28 [Zakim]
17:00:32 [ht]
ht has joined #tagmem
17:01:35 [Zakim]
17:02:37 [Zakim]
17:02:40 [Ashok]
Ashok has joined #tagmem
17:03:18 [jar]
scribenick: jar
17:03:21 [jar]
scribe: Jonathan Rees
17:03:25 [jar]
17:03:32 [Zakim]
17:04:06 [Larry]
17:05:06 [Zakim]
17:05:06 [jar]
we have not convened yet
17:07:46 [jar]
lm: Many current threats are novel, so keeping threat analyses current is difficult.
17:08:30 [Larry]
so the 'governance framework' becomes a way to think about security threat analysis. How to keep "bad people" from doing "bad things" has expanded as the number of "things" increases
17:08:56 [jar]
zakim, who is on the call?
17:08:56 [Zakim]
On the phone I see +1.617.500.aaaa, Masinter, plinss, ht (muted), Ashok_Malhotra, Yves
17:09:23 [ht]
That would be you, JAR
17:09:38 [jar]
zakim, aaaa is jar
17:09:38 [Zakim]
+jar; got it
17:09:44 [jar]
zakim, who is on the call?
17:09:44 [Zakim]
On the phone I see jar, Masinter, plinss, ht (muted), Ashok_Malhotra, Yves
17:10:04 [ht]
JAR is hereby designated the iterim chair
17:10:19 [ht]
JAR wrote the agenda too
17:10:42 [jar]
No, I just copied Noah's agenda into the agenda file.
17:10:43 [Yves]
17:10:52 [jar]
17:11:05 [Larry]
17:11:05 [trackbot]
ACTION-726 -- Jonathan Rees to make a list of questions to which webarch and the findings suggest answers, as input to possible 'study design' and/or communication to chairs etc. -- due 2012-09-17 -- PENDINGREVIEW
17:11:05 [trackbot]
17:11:14 [Larry]
17:11:14 [trackbot]
ACTION-738 -- Noah Mendelsohn to schedule another discussion of World Wide Web Objectives Matrix per ACTION-726 -- due 2012-09-20 -- OPEN
17:11:14 [trackbot]
17:11:44 [jar]
17:11:49 [jar]
chair: Larry Masinter
17:11:56 [jar]
topic: Administrative
17:12:05 [Larry]
are there any minutes to approve?
17:12:28 [Yves]
17:12:32 [jar]
Minutes of the 13th =
17:12:50 [jar]
ashok: draft minutes of the 13th look OK
17:13:18 [jar]
RESOLUTION: Draft minutes of the 13th approved as a record of that meething by acclaim
17:13:43 [Larry]
i will note that i personally blogged
17:13:43 [jar]
yves: Publishing & linking WD has been published and announced.
17:13:55 [jar]
ashok: No comments yet, right?
17:14:24 [Larry]
F2F meeting all set?
17:14:32 [Larry]
17:14:52 [jar]
discussion of hotel
17:16:20 [Larry]
everyone set on logistics for London F2F
17:17:31 [ht]
ack ht
17:18:18 [Larry]
i have a couple of topics to talk about today
17:18:21 [jar]
review of today's agenda
17:19:07 [Larry]
new agenda items: web+ and registerXXXhandler
17:19:20 [Larry]
new agenda item: governanceFramework, and timely news
17:19:58 [Larry]
new agenda item: testing the web and performance and urls
17:20:05 [Larry]
new agenda item: IRIs and URL
17:21:35 [jar]
Topic: register-xxx-handler feature in HTML5
17:21:43 [Larry]
17:22:17 [jar]
lm: gmail wants to say, when you see a mailto: URL, go to gmail, passing the parameters
17:22:27 [ht]
q+ to ask all? really?
17:22:38 [jar]
lm: this is to change the system so that from now on mailto: URLs are handled by gmail
17:22:49 [Ashok]
17:23:08 [jar]
lm: There was an issue in the HTML WG - they were concerned about security.
17:23:28 [jar]
lm: Some schemes would be bad to redefine. So, whitelist or blacklist?
17:23:50 [jar]
lm: We don't know… so we're going to have a whitelist...
17:24:12 [jar]
lm: and in order to make the whitelist open-ended, include all scheme names beginning web+
17:24:26 [jar]
lm: There's a browser dialog [as a protection measure]
17:25:04 [noah]
noah has joined #tagmem
17:25:07 [jar]
lm: There was a procedural question, how to have new schemes without registering with IETF
17:25:28 [Larry]
17:25:38 [noah]
zakim, who is here?
17:25:38 [Zakim]
On the phone I see jar, Masinter, plinss, ht (muted), Ashok_Malhotra, Yves
17:25:40 [Zakim]
On IRC I see noah, Ashok, ht, jar, Zakim, RRSAgent, Larry, plinss, trackbot, Yves
17:25:49 [ht]
17:25:50 [Larry]
looking at thread on "web+ and registerProtocolHandler" subject thread
17:26:01 [jar]
(looking up thread)
17:26:26 [noah]
Larry is not in a position to scribe today after up in order are Jonathan, Henry, Ashok. If one of you would volunteer that would be great.
17:26:46 [Larry]
noah, JAR is scribing, and we've added some items to the agenda
17:27:02 [noah]
...and I screwed up the call time, my sincere apologies...dialing
17:27:04 [ht]
Hmm, scrub that URL from the log, it's dangerous
17:27:34 [ht]
ack ht
17:27:35 [jar]
lm: This looks like the nail in the coffin of the registries. The IANA URI scheme registry would be killed by this move.
17:27:35 [Zakim]
ht, you wanted to ask all? really?
17:27:56 [Zakim]
17:28:07 [noah]
zakim, [IPcaller] is me
17:28:07 [Zakim]
+noah; got it
17:28:50 [ht]
17:29:28 [jar]
NOTE TO MINUTES EDITOR: Check the slashes above
17:29:42 [jar]
lm: It's supposed to change the entire OS.
17:30:12 [jar]
ht: The issue was in whatwg, are you sure it's an html5 feature/issue?
17:30:21 [Larry]
17:30:46 [Larry]
17:30:56 [Larry]
17:31:07 [Larry]
17:31:13 [jar]
ht: Can't find it in html5 bug tracker.
17:31:33 [noah]
Should I be worried that it's closed?
17:31:43 [jar]
ht: OK
17:32:01 [Larry]
17:32:08 [jar]
noah: The issue is closed
17:33:20 [jar]
lm: My conclusion is that web+ was a red herring… the real issue is section, see the link
17:33:25 [noah]
Ah, >> section<<
17:33:28 [noah]
Not issue 6512
17:34:06 [jar]
… register-content-handler has a blacklist only ...
17:34:18 [jar]
lm: blows away the registries.
17:34:57 [jar]
noah: I see this as attempting, in the API, a way to express an intention
17:34:59 [ht]
q+ to ask again about scope
17:35:03 [jar]
lm: with an install security dialog
17:35:30 [jar]
noah: See this seems in that spirit, where the application is packaged as a web app
17:35:44 [jar]
… just as photoshop might say, I think I'm a good handler for media type M.
17:35:59 [jar]
… so it's ok for the spec to not say much about this.
17:36:21 [jar]
lm: Any application can install media type handlers
17:36:35 [jar]
lm: It's not appropriate; it's poorly defined and has the wrong security model
17:36:54 [jar]
… and reduces the motivation [to nil] for ever registering a URI scheme
17:36:56 [jar]
am: Why?
17:37:23 [noah]
Ah, OK, so you're not pushing hard against what they're >trying< to do, just suggesting that it's either under-specified and/or has an insufficient security story
17:37:28 [jar]
lm: There's lots of unregistered schemes and types anyway, but there was hope
17:37:53 [jar]
… now the web site has authority to modify the OS
17:38:08 [noah]
The browser routinely does this stuff for file types that the browser handles directly, including at least HTML, but also XML, or even JPG.
17:38:17 [jar]
am: Are you nervous that someone could screw with my browser?
17:38:30 [noah]
The difference here is that the browser will not handle things with its own (somewhat trusted) code
17:38:30 [jar]
am: attacks?
17:39:03 [jar]
lm: Changes security model: used to be you can scan for viruses, but with this you're trusting the site dynamically into the future
17:39:47 [jar]
lm: In this workflow the registry has no value [benefit]
17:40:01 [jar]
17:40:17 [Larry]
17:40:26 [noah]
ack next
17:40:32 [noah]
ack next
17:40:33 [jar]
17:40:34 [Zakim]
ht, you wanted to ask again about scope
17:40:49 [jar]
17:40:53 [ht]
zakim, mute ht
17:40:53 [Zakim]
ht should now be muted
17:41:12 [Larry]
my conclusion is this is the nail in the coffin for IANA registries for URI schemes & media types
17:41:27 [ht_home]
I think there's nothing here about scope -- temporal, or web/scope
17:41:28 [ht_home]
ht_home has joined #tagmem
17:41:42 [ht_home]
I think there's nothing here about scope -- temporal, or web/scope
17:41:52 [noah]
I infer it's sort of scoped to my desktop or phone or tablet
17:41:56 [ht_home]
I.e. for how long? For which pages?
17:41:57 [noah]
Is that what you mean?
17:42:01 [ht_home]
Yes, in the draft
17:42:13 [ht_home]
And what about conflict?
17:42:19 [ht_home]
Several sites all try to register a handler
17:42:22 [noah]
I assume that's up to the OS (it can do what it wants), but typically until explicitly changed
17:42:29 [jar]
(nothing in the html draft about how long the registration lasts / how far it goes)
17:42:33 [noah]
That's how setting handlers for JPG or e-mail typically works.
17:42:39 [Larry]
17:42:49 [Larry]
Robin: "this is intended to be system-wide"
17:42:54 [ht_home]
That's what it does!
17:43:06 [ht_home]
No, no no
17:43:11 [jar]
am: Who is registering what?
17:43:13 [noah]
I assume, the canonical use case is something like: "GMail is my mail handler, Google Voice does my phone dialing, etc."
17:43:39 [jar]
lm: This is a call on the OS to register scheme/type with the OS for indefinite future
17:44:38 [Larry]
this belongs with an "install" security model and not a "web" security model
17:44:39 [ht_home]
Yes NM, but at least they installed the App
17:44:49 [Larry]
web sandboxing is inappropriate
17:44:50 [jar]
noah: Browser is supposed to act on user's behalf… except that maybe some users won't understand… but desktops apps have the same problem
17:45:20 [noah]
So what, should we do about this, if anything?
17:45:34 [jar]
lm: I'm not saying it's a horrible thing it should go away; it needs a better security but that it will happen; just that this is the end of the registries
17:45:39 [Larry]
17:45:43 [noah]
I'm not convinced that the registries in >this< space, I.e. which desktop app showed show my photos, were ever a realistic model
17:46:03 [Larry]
Sysapps have a different security model
17:46:07 [Larry]
"The Working Group will focus on those operating system interactions that cannot be exposed safely to Web applications executing in the traditional browser security model."
17:46:10 [jar]
lm: Look at the sysapps draft charter...
17:46:39 [noah]
Hmm. I thought this is for apps that >are< in the traditional browser security model, and sysapps are for ones that aren't
17:46:46 [jar]
lm: the wording in the charter applies
17:47:03 [ht_home]
17:47:10 [ht_home]
Not a web app!
17:47:15 [ht_home]
Not a web app!
17:47:22 [ht_home]
All that happens is a URI is fetched
17:47:36 [ht_home]
All that happens is a URI is fetched
17:47:55 [jar]
zakim, who is on the call?
17:47:55 [Zakim]
On the phone I see jar, Masinter, plinss, ht (muted), Ashok_Malhotra, Yves, noah
17:47:57 [Larry]
zakim, unmute ht
17:47:57 [Zakim]
ht should no longer be muted
17:47:58 [noah]
Right, but typically I register something with a lot of Javascript that is a web app
17:48:00 [noah]
17:49:04 [jar]
(jar thinking: isn't this similar to the safe GET question? user expectations over hyperlink/button distinction?)
17:49:48 [jar]
ht: No web app, no installation, no javascript, just substitution [did I get that right ht]?
17:50:09 [jar]
ht: That javascript is going to be subject to cross-site constraints
17:50:09 [ht_home]
17:50:58 [jar]
ht: I see no evidence in the spec that it's a request to the OS to change what it does
17:51:12 [jar]
lm: The spec doesn't say, but as implemented this is how it works
17:51:37 [Larry]
image/jpg is blacklisted, but image/jpeg2000 isn't
17:51:51 [jar]
noah: once the OS is modified, it's possible that when I click this might launch some web app, but that's subject to sandboxing
17:52:22 [jar]
… so [no change in security model]
17:52:36 [jar]
lm: Clicking will go to some site
17:52:51 [noah]
I'm not seeing why registering such an app changes the security model. Does it say that registered apps have access to eg. local files that regular web apps dont
17:52:52 [noah]
17:53:50 [jar]
jar: let's not dive into security, LM wanted to talk about what will happen to the registries
17:53:58 [Larry]
so why bother with IETF APPS area any more?
17:54:23 [noah]
I can see why we would want this coordinated with the SysApps stuff, I'm less clear why anyone thinks a registry could work in this space, whether for webapps, native or both?
17:54:36 [jar]
lm: If you want to do a new SIP, there's no point in bothering with IETF any more, you just build an app and register a protocol handler.
17:54:42 [noah]
What would such a registry have, that GIMP is the world's handler for JPEG and Photoshop isn't? :-)
17:55:04 [Larry]
I was starting to understand Hannes "death of protocols" point
17:55:11 [ht_home]
I do want to get clarification on how they think the HTML5 spec. can change the OS
17:55:49 [ht_home]
I think we do need to discuss this at the F2F
17:56:06 [jar]
lm: I wanted the TAG to reflect on the role of registries in a world where this is common.
17:56:49 [Larry]
17:56:59 [jar]
lm: It's worth [at least] 1/2 hour at f2f [not to speculate how much time it is likely to take]
17:57:18 [ht_home]
web+ and registerProtocolHandler
17:57:25 [ht_home]
17:58:24 [Larry]
gather some URLs from the discussion to queue this up as an issue
17:58:30 [noah]
ACTION: Noah to schedule F2F discussion of XXX handler registration see discussion on 20 Sept.
17:58:30 [trackbot]
Created ACTION-739 - Schedule F2F discussion of XXX handler registration see discussion on 20 Sept. [on Noah Mendelsohn - due 2012-09-27].
18:01:10 [noah]
18:01:10 [trackbot]
ACTION-738 -- Noah Mendelsohn to schedule another discussion of World Wide Web Objectives Matrix per ACTION-726 -- due 2012-09-20 -- OPEN
18:01:10 [trackbot]
18:01:26 [Larry]
18:01:26 [trackbot]
ACTION-728 -- Noah Mendelsohn to find editor for copyright and linking after group reviews Ashok's proposals on stronger messages -- due 2012-07-12 -- CLOSED
18:01:26 [trackbot]
18:02:40 [noah]
18:02:46 [Larry]
18:04:18 [jar]
action-726 deferred pending receipt of input
18:04:28 [noah]
18:04:28 [trackbot]
ACTION-738 -- Noah Mendelsohn to only if there's e-mail news: schedule another discussion of World Wide Web Objectives Matrix per ACTION-726 -- due 2012-09-25 -- PENDINGREVIEW
18:04:28 [trackbot]
18:04:31 [jar]
Today's agenda as amended is at
18:04:56 [noah]
So, we're up to governance framework?
18:05:05 [noah]
topic: Governance Framework
18:05:20 [Ashok]
18:05:21 [Larry]
18:05:32 [jar]
topic: Governance framework
18:05:45 [jar]
lm: We published p&l, and I blogged about it.
18:06:25 [jar]
… I tried to give the elevator pitch about the governance draft. The blog post is what I came up with up. This is just a head-up
18:06:38 [jar]
s/to give various people/
18:06:42 [jar]
18:06:48 [Larry]
18:06:56 [Larry]
we talked about this one
18:07:02 [Larry]
18:08:10 [jar]
lm: [clarifying] The feedback I got on the gov. framework was negative. So I tried to explain what I was trying to do. The outcome was the blog post. I plan to pull the new intro back into a new version of the framework document.
18:09:05 [Larry]
i'll take an action to update
18:09:11 [Larry]
update in time for F2F
18:09:32 [noah]
ACTION: Larry to update the governance frame for Oct F2F discussion
18:09:32 [trackbot]
Created ACTION-740 - Update the governance frame for Oct F2F discussion [on Larry Masinter - due 2012-09-27].
18:09:54 [jar]
jar has joined #tagmem
18:10:03 [noah]
18:10:03 [trackbot]
ACTION-740 -- Larry Masinter to update the governance frame for Oct F2F discussion -- due 2012-09-27 -- OPEN
18:10:03 [trackbot]
18:10:37 [jar]
Topic: Testing web performance and URLs
18:10:47 [jar]
skipping due to time constraints
18:10:53 [jar]
Topic: IRIs
18:10:56 [jar]
lm: There is progress
18:10:56 [Larry]
and that i'm inarticulate about it
18:11:02 [Larry]
progress on URL
18:11:16 [Larry]
in the webapps working group
18:11:25 [Larry]
in the W3C webapps working group
18:11:27 [noah]
What's the question on the table for this discussion?
18:11:34 [Larry]
people are doing testing now
18:11:56 [jar]
lm: Hasn't been checked in, but people are doing testing now, re what browsers actually do with IRIs.
18:11:57 [noah]
So, this is interoperability, not performance (in the speed sense)?
18:12:10 [jar]
lm: Do they reverse query parameters or not? etc.
18:12:30 [jar]
lm: That's good. Procedural issue is how to coordinate IETF and W3C specs better.
18:12:31 [noah]
Seems like the topic title is misleading. Should be "IRI Browse Interoperability"?
18:12:44 [jar]
… IETF WG has been really quiet. Browser implementors aren't there.
18:13:14 [Zakim]
18:13:16 [jar]
… Concerned that any work on the scheme registry might be moot. Will people really register vendor schemes?
18:13:33 [jar]
noah: Are scheme names to be allowed to be nonascii?
18:14:19 [jar]
lm: Aim of registry work was to allow the part after the scheme name to be defined according to their unicode sequence rather than ascii
18:14:36 [jar]
lm: … this was about making scheme registration easier.
18:14:37 [Larry]
making scheme registration easier was a whole theme and subject of discussion
18:14:51 [noah]
zakim, who is here?
18:14:51 [Zakim]
On the phone I see jar, Masinter, plinss, Ashok_Malhotra, Yves, noah
18:14:52 [Zakim]
On IRC I see jar, ht_home, noah, Ashok, Zakim, RRSAgent, Larry, plinss, trackbot, Yves
18:14:54 [jar]
noah: What were you concerned about in specific?
18:15:04 [jar]
lm: I wanted to figure out if this is a topic of interest.
18:15:44 [Larry]
maybe this is just a heads up if you're interested
18:15:56 [jar]
noah: (procedural options)
18:16:43 [jar]
lm: This is a heads-up. We've talked about it a lot, I want to note that there has been recent activity.
18:17:24 [jar]
noah: Does this change anything that would be seen on the wire, or does it only affect how what we see is documented?
18:17:52 [jar]
lm: the latter… so maybe not as big a deal [as register-*-handler]
18:18:57 [Zakim]
18:19:03 [jar]
Topic: F2F agenda
18:19:12 [jar]
lm: register-*-handler
18:19:40 [jar]
Topic: Other
18:19:43 [noah]
Jonathan, I think I want to ask you about:
18:19:51 [noah]
18:19:51 [trackbot]
ACTION-692 -- Noah Mendelsohn to consider JAR's april request to discuss, for 10 mins, issues list at oct f2f -- due 2012-09-10 -- OPEN
18:19:51 [trackbot]
18:20:04 [jar]
lm: The google response to the recent video was a propos the p&l work.
18:20:17 [jar]
s/video/video takedown request/
18:21:01 [jar]
lm: If we want feedback on p&l, pointing out its relevance to topical issues would be a way to raise interest in it
18:22:38 [jar]
noah: If we're going to do this, let's consider the timing - push it into public light now, or later when we're more sure of it?
18:23:12 [noah]
zakim, who is here?
18:23:12 [Zakim]
On the phone I see jar, Masinter, plinss, Yves, noah
18:23:14 [jar]
noah: You question is, should we solicit feedback, and if so, from who?
18:23:14 [Zakim]
On IRC I see jar, ht_home, noah, Ashok, Zakim, RRSAgent, Larry, plinss, trackbot, Yves
18:23:37 [jar]
scribe notes departure of HT and AM
18:23:55 [Larry]
informally ask at FPWD for feedback, esp from people who have given us feedback before
18:24:07 [jar]
yves: We can send issues any time, no formal response required until last call
18:24:34 [Yves]
no formal accounting until LC
18:24:43 [jar]
lm: Now that we have a public document, we can start asking people to review it
18:25:22 [Larry]
18:25:22 [trackbot]
ACTION-692 -- Noah Mendelsohn to consider JAR's april request to discuss, for 10 mins, issues list at oct f2f -- due 2012-09-10 -- OPEN
18:25:22 [trackbot]
18:25:39 [jar]
lm: I'm asking TAG members, if you've asked someone to review it before, please ask them again now
18:26:19 [Larry]
this sounds like it's subsumed by JAR's matrix
18:26:34 [noah]
Well, this is about or formal issues list.
18:27:17 [Zakim]
18:27:43 [Zakim]
18:27:58 [Larry]
god disconnected
18:28:04 [Larry]
18:28:20 [jar]
zakim, who is on the call?
18:28:20 [Zakim]
On the phone I see jar, plinss, Yves
18:28:24 [noah]
Argh...zakim things conference is restricted because it's after 2:30. So, we are adjourned. Take it to email.
18:28:34 [noah]
18:28:34 [jar]
18:28:36 [noah]
bye all
18:28:42 [Zakim]
18:28:46 [Zakim]
18:28:51 [Zakim]
18:28:52 [Zakim]
TAG_Weekly()1:00PM has ended
18:28:52 [Zakim]
Attendees were +1.617.500.aaaa, Masinter, plinss, Ashok_Malhotra, ht, Yves, jar, noah
18:29:03 [noah]
As far as I know, we will have a call next week. Thanks to everyone who's been helping me cover my responsibilities!
19:00:51 [jar]
jar has joined #tagmem
19:01:55 [jar]
jar has joined #tagmem
19:38:08 [timbl]
timbl has joined #tagmem
19:45:02 [timbl]
timbl has joined #tagmem
20:35:00 [Zakim]
Zakim has left #tagmem
21:57:38 [jar]
rrsagent, make logs public
21:57:43 [jar]
rrs, pointer?
21:57:48 [jar]
rrsagent, pointer?
21:57:48 [RRSAgent]
21:58:27 [jar]
jar has left #tagmem