IRC log of social on 2016-03-29

Timestamps are in UTC.

17:01:18 [RRSAgent]
RRSAgent has joined #social
17:01:18 [RRSAgent]
logging to
17:01:20 [trackbot]
RRSAgent, make logs public
17:01:20 [Zakim]
Zakim has joined #social
17:01:22 [trackbot]
Zakim, this will be SOCL
17:01:22 [Zakim]
ok, trackbot
17:01:23 [trackbot]
Meeting: Social Web Working Group Teleconference
17:01:23 [trackbot]
Date: 29 March 2016
17:01:23 [tantek]
17:01:24 [annbass]
17:01:38 [ben_thatmustbeme]
17:01:39 [tantek]
Zakim, who is here?
17:01:39 [Zakim]
Present: tantek, annbass, ben_thatmustbeme
17:01:40 [Zakim]
On IRC I see RRSAgent, eprodrom, bblfish, annbass, tantek, jaywink, prtksxna, KevinMarks, tsyesika, Arnaud, cwebber2, Loqi, ben_thatmustbeme, shepazu, raucao, rrika, aaronpk,
17:01:40 [Zakim]
... wilkie, bigbluehat, jet, oshepherd, rhiaro, ElijahLynn, dwhly, tessierashpool_, bitbear, bret, wseltzer, trackbot, sandro
17:01:45 [aaronpk]
17:02:21 [ben_thatmustbeme]
we only have 5 people on the phone right now
17:03:31 [eprodrom]
sorry, just joining
17:03:51 [Arnaud]
17:04:46 [eprodrom]
17:04:59 [eprodrom]
17:05:06 [ben_thatmustbeme]
i'll scribe
17:05:21 [annbass]
whoops .. I said I would, but guess I'm muted
17:05:28 [ben_thatmustbeme]
scribenick: ben_thatmustbeme
17:05:33 [ben_thatmustbeme]
Scribe: Ben Roberts
17:05:42 [tsyesika]
17:05:45 [ben_thatmustbeme]
Chair Evan Prodrom
17:05:53 [eprodrom]
eprodrom has joined #social
17:06:05 [ben_thatmustbeme]
eprodrom: lets get started, we have a few minutes to review
17:06:09 [annbass]
I really appreciate Amy's summary notes:
17:06:16 [eprodrom]
17:06:23 [ben_thatmustbeme]
TOPIC: approval of minutes
17:06:33 [annbass]
17:06:37 [tsyesika]
17:06:38 [eprodrom]
17:06:41 [aaronpk]
17:06:45 [ben_thatmustbeme]
eprodrom: this is a little bit of catch up, but from 3 weeks ago. +1's
17:06:46 [ben_thatmustbeme]
17:07:04 [ben_thatmustbeme]
eprodrom: without any objections
17:07:13 [eprodrom]
17:07:25 [eprodrom]
17:07:30 [ben_thatmustbeme]
RESOLVED: approve
17:07:32 [tantek]
(btw it's ok to ask for more time to review)
17:07:33 [Arnaud1]
Arnaud1 has joined #social
17:07:49 [tantek]
ben_thatmustbeme, wat?
17:08:04 [eprodrom]
17:08:05 [ben_thatmustbeme]
eprodrom: as annbass mentioned in IRC, rhiaro did a very nice summary of minutes from f2f
17:08:16 [annbass]
17:08:32 [tantek]
(I admit I was at the f2f and have not reviewed the minutes, but if everyone else is ok, I'm not objecting)
17:08:32 [aaronpk]
17:08:50 [ben_thatmustbeme]
RESOLVED: approve
17:09:17 [ben_thatmustbeme]
eprodrom: i have only given a slight look but they look ok to me. Would anyone like to defer to next week?
17:09:28 [ben_thatmustbeme]
.... if not we'll just call this resolved
17:09:46 [ben_thatmustbeme]
RESOLVED: approve the minutes for 3/16 and 3/17
17:10:02 [Loqi]
Cwebber2 made 1 edit to [[Socialwg/2016-03-29]]
17:10:27 [ben_thatmustbeme]
eprodrom: i think this covers all our administrative issues, but its worth noting that we set up a schedule for face to faces for the next 9 months
17:10:47 [ben_thatmustbeme]
... our plan is to have them in June, Sept, and i think November
17:11:01 [tantek]
see for next f2fs
17:11:08 [ben_thatmustbeme]
... if you were not at the F2F you should check that to see that they fit your schedule
17:11:17 [ben_thatmustbeme]
... see link in IRC, thank you tantek
17:11:25 [tantek]
in particular please RSVP ASAP to
17:11:47 [ben_thatmustbeme]
... we have Portland in June, Lisbon in September
17:11:57 [ben_thatmustbeme]
TOPIC: AS2 status
17:11:57 [tantek]
(only 7 RSVPs so far everyone should say if they can go or not)
17:12:26 [ben_thatmustbeme]
eprodrom: maybe i can, as unfortunately both chair and editor today, you'll hear me a lot
17:12:30 [tantek]
ack eprodrom :)
17:13:00 [ben_thatmustbeme]
... where we got at the F2F is that a couple of the big items for AS2 we got worked out
17:13:09 [ben_thatmustbeme]
... conformance clause and ?
17:13:17 [ben_thatmustbeme]
... test suite
17:13:35 [ben_thatmustbeme]
... unfortunately by the time we got to Boston, we had a number of issues that arose
17:13:50 [ben_thatmustbeme]
... our current list is 13 issues, we addressed a number of these at f2f
17:14:15 [ben_thatmustbeme]
... a majority of the ones tha required input from the group we resolved
17:14:50 [ben_thatmustbeme]
... unfortunately some of them, the main editor who was not participating in boston, -1'd them and so we may have to resolve some of those again
17:15:16 [eprodrom]
17:15:21 [tantek]
q+ for procedural clarification
17:15:26 [ben_thatmustbeme]
... it comes down to an issue of an editor is opposed to a group resolution so i suggest we re-open some of these issues and try to resolve them again
17:15:34 [ben_thatmustbeme]
... i think james is not on the call
17:16:08 [eprodrom]
ack tantek
17:16:08 [Zakim]
tantek, you wanted to discuss procedural clarification
17:16:13 [ben_thatmustbeme]
... I think that we pushed these forward while james wasn't there, he pushed back on them, and I'd like to come to a resolution with him on these, if we can't we'll have to figure out the proceedure
17:16:37 [KevinMarks]
17:16:57 [ben_thatmustbeme]
tantek: for w3c, we do try to get consensus, we try to get the dissenter to explain their position. Its possible that person has found a flaw that no one else sees
17:17:20 [ben_thatmustbeme]
... when they present that, often others see the issue and change their vote
17:18:06 [ben_thatmustbeme]
... if after the explanation, no one else is still opposed, after that it becomes an issue for the chairs and a chair can declare consensus and just note the official objection
17:18:14 [ben_thatmustbeme]
... but to do that we need james to call in
17:18:54 [ben_thatmustbeme]
... the next step would be to get james to commit to a specific telcon where he can call in and give his explanation, we really need him to explain it himself, since there is usually back and forth
17:19:32 [ben_thatmustbeme]
... if he is not on the call, that falls to the chair, to decide how long to wait and if it runs too long we have to make a judgement call on that
17:19:41 [Arnaud1]
Arnaud1 has joined #social
17:19:45 [ben_thatmustbeme]
... maybe we could action you evan to contact james
17:20:03 [Loqi]
Tantekelik made 1 edit to [[Socialwg/2016-03-29]]
17:20:14 [ben_thatmustbeme]
eprodrom: that sounds good, i'll take it as an action on myself to get in contact with james and try to resolve these
17:20:31 [ben_thatmustbeme]
... if we can get these resolutions done the rest is just editorial issues
17:20:50 [ben_thatmustbeme]
tantek: and remind james that these are blocking CR for us, so the sooner he can get them done, the better
17:21:00 [ben_thatmustbeme]
eprodrom: hopefully we can get james in for next weeks telcon
17:21:11 [ben_thatmustbeme]
... hopefully we can get some resolutions online
17:21:19 [ben_thatmustbeme]
tantek: great
17:21:32 [ben_thatmustbeme]
TOPIC: status of as2 test suite
17:21:47 [eprodrom]
17:21:51 [ben_thatmustbeme]
i think this is a left-over from before, as we haven't had much movement in the past two weeks
17:21:52 [eprodrom]
17:22:39 [ben_thatmustbeme]
eprodrom: i gave a demo at f2f, there is still quite a bit of work to be done as far as making it look better and such, but it is at a usable point for people to test their as2 documents
17:23:08 [eprodrom]
17:23:24 [ben_thatmustbeme]
... at the f2f we felt this met our needs for our test suite. I think there is some additional work that is going to go on there. There are a few open issues that i will link in IRC, but thats going to be an ongoing developement effort
17:23:32 [ben_thatmustbeme]
... any questions about validator or test suite?
17:23:40 [ben_thatmustbeme]
... hearing none, lets move on
17:23:50 [ben_thatmustbeme]
TOPIC: document status for our various documents
17:24:07 [ben_thatmustbeme]
eprodrom: we've already discussed as2 lets start discussing other documents
17:24:22 [ben_thatmustbeme]
... i'm not sure it makes sense to just highlight changes in the last week
17:24:37 [ben_thatmustbeme]
... i note that aaronpk has added a seperate discussion item around webmention
17:24:53 [aaronpk]
17:25:00 [eprodrom]
ack aaronpk
17:25:01 [ben_thatmustbeme]
... for any of the OTHER documents, have we had any significant developements since 2 weeks ago
17:25:38 [ben_thatmustbeme]
aaronpk: with micropub i don't have a new draft published, but i do have an editors draft with the combined micropub and activitypub syntax. I'd say it is very much in progress right now
17:26:01 [ben_thatmustbeme]
eprodrom: excellent and you are coordinating with amy chris and jessica about that?
17:26:08 [ben_thatmustbeme]
... do you need anything else from us?
17:26:12 [ben_thatmustbeme]
aaronpk: no
17:26:22 [ben_thatmustbeme]
eprodrom: anything for activitypub?
17:26:40 [annbass]
aaronpk -- I'll be happy to edit your new draft (for 'English'), when it's ready
17:26:46 [ben_thatmustbeme]
tsyesika: we have done some work, but we have been busy and have not had a chance to close all the issues YET
17:26:50 [aaronpk]
thanks ann!
17:26:56 [ben_thatmustbeme]
eprodrom: lets move on to webmentions
17:27:14 [aaronpk]
17:27:23 [ben_thatmustbeme]
aaronpk: i published a new draft of webmention with things we disucssed (links new version)
17:27:46 [ben_thatmustbeme]
... its not a huge change but there is a bunch of language and phrasing clarification, some of that thanks to annbass.
17:27:59 [ben_thatmustbeme]
... there is a new section about sending webmentions when you edit posts
17:28:08 [ben_thatmustbeme]
... there is a new section on conformance criteria
17:28:16 [ben_thatmustbeme]
... and the note about not sending to localhost
17:28:31 [ben_thatmustbeme]
... and the note about turning field names in to URIs
17:28:44 [ben_thatmustbeme]
... those are the summary of changes in this draft
17:28:57 [ben_thatmustbeme]
eprodrom: and this is a live WD, FANTASTIC
17:29:03 [ben_thatmustbeme]
... thats a good step forward for us
17:29:14 [ben_thatmustbeme]
... are there other issue around WM we need to discuss
17:29:32 [ben_thatmustbeme]
aaronpk: yes, i used our new labels and went through all old issues and added appropriate labels to them
17:29:39 [aaronpk]
17:29:45 [ben_thatmustbeme]
... in doing that there were a couple that were marked for review by the group
17:29:55 [ben_thatmustbeme]
... i wanted to get some group feedback on this
17:30:02 [Loqi]
Tantekelik made 1 edit to [[Socialwg/2016-03-29]]
17:30:02 [aaronpk]
17:30:43 [ben_thatmustbeme]
... issue 20 is a challenging one, we talked about this at F2F, said its similar to how HTML loads external resources, and its actually slightly different in that is does POST not just perform GET
17:31:00 [ben_thatmustbeme]
... i am not sure how to word the security warning
17:31:15 [ben_thatmustbeme]
... its really an issue about systems outside of webmention
17:31:25 [tantek]
17:31:29 [ben_thatmustbeme]
... anyone have any suggestions?
17:32:22 [ben_thatmustbeme]
tantek: i just read the updates on the issue, and in terms of the post vs get. There is one more place in HTML you can get similar data. That is Forms. its possible to POST cross site that way
17:32:36 [ben_thatmustbeme]
... and presumably HTML has to say something about that
17:33:00 [ben_thatmustbeme]
... we could just reference HTML and say that it follows HTMLs security concerns
17:33:14 [ben_thatmustbeme]
aaronpk: okay, i can take a look at that and hope i find something there
17:33:35 [KevinMarks]
is xmlhttprequest relevant too?
17:34:21 [ben_thatmustbeme]
eprodrom: yeah, i'm just wondering if we can make this more general as tantek suggests. I don't think describing each and every possibility is worth it. but noting that a sender can get anyone to post to
17:34:51 [ben_thatmustbeme]
... something like "this is an URL that someone is giving to you, and you can't fully trust that"
17:35:22 [ben_thatmustbeme]
tantek: its acting just like a browser would when doing a cross-site form POST
17:35:42 [ben_thatmustbeme]
... and maybe we just say we should follow the same method browsers use
17:36:02 [ben_thatmustbeme]
... at least implementers can look at that as a starting point
17:36:44 [ben_thatmustbeme]
eprodrom: it would be nice to find some common language and point to that rather than having to rewrite it all in webmention
17:37:01 [ben_thatmustbeme]
tantek: exactly, thats why i say point to HTML unless someone can come up with some way that its actually different
17:37:11 [ben_thatmustbeme]
eprodrom: aaronpk, with webmention, are there other issues?
17:37:15 [ben_thatmustbeme]
aaronpk: one more
17:37:16 [aaronpk]
17:37:56 [ben_thatmustbeme]
... #14, the thread is long but the end of it describes it, basically webmention only requires that source and target exist and doesn't use anything else. Right now there is no access token or cookies or anything
17:38:25 [ben_thatmustbeme]
... there is a concern that if a webmention request accidently does have credentials in it, someone might be committed to something they might not be aware of
17:38:54 [ben_thatmustbeme]
... however i don't want to disallow tokens, as it will be important for private webmentions
17:40:03 [ben_thatmustbeme]
tantek: this happens in CSS a lot, there is some potentially advanced feature that we are not ready for, but we want to allow for, but its to put in a note saying this spec does not define any handling for webmentions that may have additional headers such as authentication headers such as ... etc
17:40:47 [deiu]
deiu has joined #social
17:40:53 [ben_thatmustbeme]
... by specifically saying that the spec doesn't specify any special handling, you are basically saying If you implement with them, thats fine
17:40:56 [deiu]
deiu has left #social
17:41:02 [ben_thatmustbeme]
... that leave the possibility open
17:41:23 [ben_thatmustbeme]
... just say "this specification does not define ....."
17:41:48 [ben_thatmustbeme]
aaronpk: will that handle the origianl issue? is sandro on the call since he commented on it before.
17:42:18 [ben_thatmustbeme]
eprodrom: i'm not sure i understand, leaving authentication open, or unspecified, i'm not sure i understand henry's point here, can you break that down?
17:43:37 [ben_thatmustbeme]
aaronpk: i can try. He is saying that there is a risk of (as source and target are not uris) the target page could use query parameters in the webmention url you could send any specific values you want
17:43:57 [ben_thatmustbeme]
eprodrom: so he wants to disallow authentication why?
17:44:26 [ben_thatmustbeme]
aaronpk: no its that it could generate a generic post to some endpoint that could do some action
17:44:54 [ben_thatmustbeme]
eprodrom: ahh, i see, if you are logged in, you browser could send your cookies etc
17:45:14 [ben_thatmustbeme]
... so if i provide the webmention URL that could be set to "friend someone on facebook" etc
17:45:26 [ben_thatmustbeme]
... i've always thought of webmention for server to server only
17:45:31 [tantek]
q+ to also note webmention forms people are using on their blogs
17:45:38 [eprodrom]
ack tantek
17:45:38 [Zakim]
tantek, you wanted to also note webmention forms people are using on their blogs
17:45:40 [ben_thatmustbeme]
aaronpk: me too, but its possible that the server could include cookies
17:46:06 [ben_thatmustbeme]
tantek: there is also a growing practice by many to include a form on their site that says "paste your URL here to send me a webmention"
17:46:38 [ben_thatmustbeme]
... to allow people who don't support webmention yet to still send a webmention. thats the one existing scenario i know of where there is a browser sending a webmention
17:46:53 [ben_thatmustbeme]
... so maybe thats worth mentioning that its only to the site its on
17:47:08 [ben_thatmustbeme]
... thats again something that seems HTML level, and not specific for webmention
17:47:51 [ben_thatmustbeme]
aaronpk: thats exactly html, this is a standard XSS issue. so maybe the solution is the same as issue 20 which is about preventing these cross site posts
17:48:22 [ben_thatmustbeme]
eprodrom: i think thats probably best, saying there is a possibility of XSS here and take necerssary precautions to avoid that
17:48:51 [ben_thatmustbeme]
... i realize the issues tend to be pretty esoteric, but thats probably a good sign that we covered the low hanging fruit
17:49:08 [ben_thatmustbeme]
... thats the end of the agenda for today, any other discussion items for today?
17:49:15 [ben_thatmustbeme]
17:49:29 [ben_thatmustbeme]
... i can get into tracker but i don't think there is anything new there
17:49:35 [tantek]
17:49:40 [eprodrom]
ack tantek
17:49:45 [ben_thatmustbeme]
hearing nothing, we can... oh, tantek?
17:49:57 [eprodrom]
Arnaud: ?
17:49:58 [Arnaud]
I am
17:50:03 [ben_thatmustbeme]
tantek: i thought i saw arnaud on the call maybe we can get it resolved now who is chairing next week?
17:50:06 [Arnaud]
17:50:27 [ben_thatmustbeme]
Arnaud: yes, i can do it next week
17:50:38 [annbass]
thanks Evan and Ben!
17:50:44 [eprodrom]
Thanks for scribing, ben_thatmustbeme
17:50:47 [ben_thatmustbeme]
trackbot, end meeting
17:50:47 [eprodrom]
17:50:47 [trackbot]
Zakim, list attendees
17:50:47 [Zakim]
As of this point the attendees have been tantek, annbass, ben_thatmustbeme, aaronpk, Arnaud, eprodrom, tsyesika, KevinMarks
17:50:50 [Loqi]
ben_thatmustbeme has 137 karma
17:50:55 [trackbot]
RRSAgent, please draft minutes
17:50:55 [RRSAgent]
I have made the request to generate trackbot
17:50:56 [trackbot]
RRSAgent, bye
17:50:56 [RRSAgent]
I see no action items