14:31:54 <RRSAgent> RRSAgent has joined #social
14:31:54 <RRSAgent> logging to http://www.w3.org/2016/11/17-social-irc
14:31:56 <trackbot> RRSAgent, make logs public
14:31:56 <Zakim> Zakim has joined #social
14:31:58 <trackbot> Zakim, this will be SOCL
14:31:58 <Zakim> ok, trackbot
14:31:59 <trackbot> Meeting: Social Web Working Group Teleconference
14:31:59 <trackbot> Date: 17 November 2016
14:32:03 <ben_thatmustbeme> scribenick: ben_thatmustbeme
14:32:05 <tantek> present+
14:32:06 <aaronpk> present+
14:32:06 <sandro> present+
14:32:08 <rhiaro> present+
14:32:09 <ben_thatmustbeme> present+
14:32:15 <julien> present+
14:32:17 <ben_thatmustbeme> chair:tantek
14:32:26 <ben_thatmustbeme> chair: tantek
14:32:35 <cwebber2> present+
14:32:41 <sandro> present+ evanp
14:32:45 <cwebber2> (but text only currently, my own fault)
14:32:57 <sandro> https://www.w3.org/wiki/Socialwg/2016-11-17
14:32:59 <Loqi> Social Web WG Face to Face Meeting at MIT (F2F8)
14:33:18 <ben_thatmustbeme> tantek: we have 5 clusters of topics to discuss, PR transitions, CR transitions, WD updates or note transitions, group continuity or transition to CG, or other business
14:33:41 <csarven> present+
14:33:45 <ben_thatmustbeme> ... we have one request form csarven to discuss LDN tomorrow, that seems fine since he is only here tomorrow
14:34:02 <csarven> Not present completely. Will watch out for keyword highlights.,
14:34:08 <ben_thatmustbeme> evan: if its okay i'd like to discuss AS2 tomorrow as well so i can handle some issues first
14:34:08 <csarven> Yes, I'd appreciate if LDN is tomorrow.
14:34:25 <ben_thatmustbeme> tantek: are there any other specific scheduling concerns?
14:34:41 <cwebber2> I have to drive my wife to an event tomorrow, but let me check the time
14:34:42 <ben_thatmustbeme> ... i think we should sort by priorty, but if any preferences
14:35:15 <ben_thatmustbeme> eprodrom: i think we should discuss contintuity to inform our other decisions on what we are doing with these in the future
14:35:30 <ben_thatmustbeme> tantek: that sounds good, lets put that down for 10 today
14:35:34 <cwebber2> the thing is at 5pm tomorrow, so it should be fine
14:35:53 <aaronpk> cwebber2, I opened an appear.in URL (see above) if you want to try that
14:36:00 <ben_thatmustbeme> ... anotherway to look at things is to tackler harder things in the morning since we are all fresh
14:36:16 <ben_thatmustbeme> ... the one obvious candidate is pubsub
14:36:47 <ben_thatmustbeme> julien: there is one issue that is a bit complicated, but it would be good for group feedback
14:36:55 <ben_thatmustbeme> ... the correct solution might be to do nothing
14:37:01 <eprodrom> eprodrom has joined #social
14:37:08 <eprodrom> present+
14:37:11 <ben_thatmustbeme> sandro: Is cwebber2 on audio, wondering how much stuff we have on activitypub
14:37:29 <cwebber2> I'm not on audio unfortunately, I can't seem to get my setup working
14:37:31 <ben_thatmustbeme> tantek: i'm going to suggest after continuity, we do pubsub next
14:37:51 <cwebber2> my fault for running a fringe GNU/Linux distribution using modified browsers and missing my webcam :P
14:37:58 <ben_thatmustbeme> ... and then activitypub and micropub after that
14:38:04 <ben_thatmustbeme> ... so i guess all the pubs first
14:38:32 <cwebber2> I will watch irc closely and participate here, sorry for the non-ideal participation :(
14:38:35 <mattl> cwebber2: try your phone with talky? assuming you have a camera there
14:38:54 <cwebber2> mattl, my phone's microphone broke!  but I'll try my wife's
14:38:56 <cwebber2> everything is breaking!
14:44:18 <ben_thatmustbeme> tantek: we had some comments from mozilla (publicly) on webmention
14:44:41 <ben_thatmustbeme> ... not officially yet but on their internal messaging
14:45:09 <aaronpk> aaronpk has changed the topic to: https://www.w3.org/wiki/Socialwg/2016-11-17 https://appear.in/socialwg Logs: http://socialwg.indiewebcamp.com/irc/social/today
14:45:46 <ben_thatmustbeme> eprodrom: for those of us not as familliar with the process, whats the process from here?
14:46:31 <ben_thatmustbeme> tantek: the voting period is open, its closes on the 30th and it goes by one formal objection can slow it or potentially kill it
14:47:02 <ben_thatmustbeme> ... usually its pretty bad form to have problems raised at that point unless its more beurocratic
14:47:16 <ben_thatmustbeme> ... or possible "good, but please fix X"
14:47:36 <ben_thatmustbeme> ... if you do know any w3c members, encourage them to take a look
14:47:47 <sandro> https://www.w3.org/2002/09/wbs/33280/webmention/
14:47:58 <sandro> (access controlled -- only for W3C AC reps)
14:48:51 <ben_thatmustbeme> tantek: how long for continuity?
14:48:56 <aaronpk> swwg_laptop_: https://chat.indieweb.org/social
14:48:59 <ben_thatmustbeme> eprodrom:  30 minutes should be good
14:49:13 <ben_thatmustbeme> tantek: julien, how long for pubsub?
14:49:19 <ben_thatmustbeme> julien: i think 30 minutes
14:50:02 <ben_thatmustbeme> tantek: cwebber2, aaronpk, eprodrom, any preference for which we talk about first and how much time?
14:50:10 <ben_thatmustbeme> aaronpk: i don't care, i don't have any open issues
14:50:27 <ben_thatmustbeme> tantek: its also to discuss what you need to move forward
14:50:35 <ben_thatmustbeme> cwebber2: i'd prefer to go second
14:51:33 <rhiaro> https://www.w3.org/blog/news/archives/5976
14:51:39 <rhiaro> ActivityPub ^
14:51:57 <sandro> https://www.w3.org/wiki/Socialwg/push-name
14:52:25 <ben_thatmustbeme> tantek: ok, i think we have everything through lunch scheduled, lets go ahead and start with that, if we need more time on things we can take more time and movethings around
14:52:40 <ben_thatmustbeme> TOPIC: group continuity / SWICG
14:53:14 <ben_thatmustbeme> tantek: we already resolved to create the group and Ann offered to do that, and consolidate all the other community groups
14:53:19 <ben_thatmustbeme> ... there are several of them
14:53:33 <rhiaro> https://www.w3.org/wiki/Socialwg/push-name#Hubbub
14:53:38 <ben_thatmustbeme> ... first question, where are we with that group, is it created yet?
14:54:23 <ben_thatmustbeme> aaronpk: cwebber2 and I offered to chair the group.  I am happy to do the actual submission, write up the group description
14:54:41 <ben_thatmustbeme> ... we need a short name
14:54:47 <ben_thatmustbeme> tantek: SWICG?
14:55:04 <ben_thatmustbeme> aaronpk: CG probably shouldn't be in there, its like ATM Machine
14:55:11 <ben_thatmustbeme> tantek: some other groups do that already
14:56:04 <ben_thatmustbeme> ... web platform incubater community group.  look at them for an example, look at existing groups and try to incorporate them
14:56:05 <jasnell> jasnell has joined #social
14:56:20 <timbl> timbl has joined #social
14:56:35 <tantek> FYI: https://wicg.io/
14:56:38 <tantek> (still up)
14:56:39 <ben_thatmustbeme> eprodrom: there is ostatus group, activitypub, others
14:57:16 <ben_thatmustbeme> ... the activitypub one should probably be closed.  the activity streams one could still be open since we have work to do
14:57:51 <ben_thatmustbeme> ... well these are at CR, but if there are things we think should be included and incubated, those would be good for the community group.
14:58:12 <jasnell_> jasnell_ has joined #social
14:58:17 <ben_thatmustbeme> ... the incubator group can continue to add extensions and add features to the specs we've defined
14:59:01 <ben_thatmustbeme> eprodrom: with AS, when we talked about extensibility, we talked about adding it to the namespace, which means there is some document maintinance
15:00:00 <ben_thatmustbeme> tantek: so part of it should probably be messaging all those other groups to tell them there is a community group that was not active and they may want to look at this group
15:00:20 <ben_thatmustbeme> sandro: I can imagine ppl being annoyed by that because they only want to follow one technology
15:00:48 <ben_thatmustbeme> tantek: i don't think anyone will really care since these groups are pretty much dead
15:01:47 <ben_thatmustbeme> sandro: if someone complains i think it would be good to keep the group open and maybe just have some major updates
15:02:15 <ben_thatmustbeme> tantek: i think that makes it worse as it looks like the discussion is there, but it isn't
15:02:42 <ben_thatmustbeme> ... i think we should include that the description
15:03:10 <ben_thatmustbeme> tantek: in this group most of the discussion takes place on github, is that something we want to keep for the CG?
15:03:18 <ben_thatmustbeme> .. how does cwebber2 feel about that?
15:03:27 <rhiaro> scribenick: rhiaro
15:03:29 <cwebber2> I'm fine with it
15:03:34 <cwebber2> but, the laptop disconnected
15:03:36 <cwebber2> so I can't hear/speak
15:04:03 <rhiaro> tantek: THe web platform incubator group is not using the email list for the CG as well. That's clearly an option for us
15:05:01 <rhiaro> ... We also had tension in this group over use or non-use of email, so we should be explicit rather than ambiguous about it
15:05:07 <tantek> we are not hearing you cwebber2
15:05:11 <aaronpk> one sec
15:06:10 <tantek> apparently both talky and appear in didn't work for us for different reasons
15:07:05 <ben_thatmustbeme> scribenick: ben_thatmustbeme
15:07:08 <cwebber2> I see a "mute" icon on both participants
15:07:45 <cwebber2> nope
15:07:50 <cwebber2> is the microphone enabled on yours?
15:07:59 <aaronpk> it's saying it's not able to send audio
15:08:15 <aaronpk> cwebber2, does hangouts work for you? or even a phone number?
15:08:26 <cwebber2> I can call in
15:08:37 <cwebber2> how about I call in for activitypub and then closely track irc otherwise
15:08:38 <aaronpk> call me directly, i'll PM you my number
15:10:10 <ben_thatmustbeme> tantek: i think that gives you some next steps for the incubator group?
15:10:27 <ben_thatmustbeme> cwebber2: we were asking if cwebber2 was okay with using github and no mailing list
15:10:31 <mattl> use GitLab ;)
15:10:46 <ben_thatmustbeme> s/cwebber2:/aaronpk:/
15:11:09 <ben_thatmustbeme> cwebber2: i'm okay with it, but its a little ironic
15:11:24 <ben_thatmustbeme> tantek: we are just saying we are specifically NOT using the mailing list
15:11:51 <sandro> existing CG that look related to me: activitypub, fed soc web, pubsubhubbub, ostatus, microposts, social business
15:11:55 <ben_thatmustbeme> ... i think the community group gets to specify an IRC channel
15:12:10 <ben_thatmustbeme> aaronpk: i think we should continue to use #social
15:12:29 <ben_thatmustbeme> ... it does mean the logs are shared though, if thats good or bad i don't know
15:12:40 <ben_thatmustbeme> tantek: since its a continuation of us, i think thats fine
15:13:04 <ben_thatmustbeme> ... i think that gives you enough time to write everything up and we can take a look tomorrow possibly
15:13:10 <ben_thatmustbeme> ... or later today maybe
15:13:32 <ben_thatmustbeme> tantek: that takes care of the community group portion.  now for continuity
15:14:06 <ben_thatmustbeme> sandro: one thing is that when we took on pubsub, we are legally required to extend the group
15:14:22 <ben_thatmustbeme> ... the waiting period requirements makes it required
15:14:39 <ben_thatmustbeme> ... we don't actually have to do anything other than the mechanical things (assuming no issues come up)
15:14:58 <ben_thatmustbeme> ... that makes it pretty easy to continue some things if we need to
15:15:15 <ben_thatmustbeme> ... the administartion is ok with extending the charter for that reason
15:15:31 <ben_thatmustbeme> aaronpk: the winter break also messes things up as well
15:15:45 <ben_thatmustbeme> sandro: i think as long as we got to PR before christmas we were going to be fine
15:16:13 <ben_thatmustbeme> tantek: the publication morritorium starts the 18th, which means the last day ........ etc etc
15:16:26 <ben_thatmustbeme> sandro: yeah, letting that slide to january makes a lot of sense
15:17:33 <ben_thatmustbeme> tantek: you need at least a week before to schedule transition calls, plus the CRs don't end until the 13th for LDN and AP
15:17:58 <ben_thatmustbeme> rhiaro: we could make it happen but its a lot less stressful to do it in january
15:18:33 <ben_thatmustbeme> tantek: so we have to request an extension, do we have to specify additional things?
15:18:42 <cwebber2> q+
15:18:49 <ben_thatmustbeme> sandro: we can probably find out more about what exactly we need for that in the next day or two
15:19:24 <ben_thatmustbeme> ... mostly its for us, do we want to be at a point where we need telcons?
15:19:45 <ben_thatmustbeme> rhiaro: also that will overlap with the CG, is that okay or do we want wait?
15:19:51 <ben_thatmustbeme> tantek: i think its good to have some overlap
15:20:27 <ben_thatmustbeme> sandro: do we want to try to do a webinar.  tutorials on what exists already, "this is what webmention is, heres how to use it" etc for each of our specs?
15:20:34 <ben_thatmustbeme> ... its a lot of energy
15:20:58 <ben_thatmustbeme> tantek: i'd say we wait until after PR
15:21:28 <ben_thatmustbeme> aaronpk: this sounds like my talk at open source bridge, i went through a brief overview of the group
15:21:40 <cwebber2> q-
15:21:47 <ben_thatmustbeme> tantek: i think for the rest of the agenda, we talkabout how much we want to go past the end of the year
15:21:49 <tantek> q?
15:22:41 <ben_thatmustbeme> eprodrom: so we are expecting to go to at least april with our group, and we expect to have a CG that will continue indefinitely
15:23:30 <ben_thatmustbeme> tantek: i think we should be clear that everything else should be finished up by january, and the rest is really just for pubsub mainly.  its not like we are trying to cram a bunch of other things in there
15:23:45 <ben_thatmustbeme> tantek: and we're not expecting to be doing an F2F after now, right?
15:24:14 <ben_thatmustbeme> sandro: I don't think so, the big question, what happens if someone points out a BIG issue with one of our specs that has to go through the whole cycle again
15:24:44 <ben_thatmustbeme> eprodrom: for us as a group, would it be fair to say, after jan 1, we have telcons as needed
15:24:55 <ben_thatmustbeme> tantek: i'm going to guess we'll want to do them at least monthly?
15:25:17 <ben_thatmustbeme> rhiaro:  monthly 4am phone calls will be preferable to weekly 4am phone calls for me
15:25:51 <ben_thatmustbeme> tantek: presumably we can still get staff contact time for the extension? and the chairs will be able to commit to having time?
15:26:04 <ben_thatmustbeme> eprodrom: yes, i can commit to being around for that
15:26:16 <cwebber2> q+
15:26:17 <ben_thatmustbeme> sandro: staff contact time will be fine
15:27:10 <ben_thatmustbeme> cwebber2: we can ge tto this in the AP time, but as AP has the most amount of work to do, i don't want to completely discount work on AP after Jan1
15:27:42 <ben_thatmustbeme> tantek: thats certainly something we need to talk about, and making that kind of request is important, we'll go over that schedule when we get to AP
15:27:56 <ben_thatmustbeme> ... anything else on group continuity / incubation group?
15:28:15 <ben_thatmustbeme> ... as we discussed, any impact on continuity is something the editor should bring up when we discuss them
15:28:35 <ben_thatmustbeme> TOPIC: 10 minute break
15:28:46 <csarven> [16:22:41] <ben_thatmustbeme> eprodrom: so we are expecting to go to at least april with our group, and we expect to have a CG that will continue indefinitely --- Is this agreed? April is the extension?
15:29:01 <aaronpk> we still have to request it
15:29:08 <csarven> What will be requested?
15:29:10 <aaronpk> it's not just up to us
15:29:34 <tantek> csarven: we will be requesting a charter extension for PubSub in particular
15:29:41 <csarven> "We'd like request to extent until May 31?"
15:29:41 <tantek> until April-ish
15:29:52 <csarven> Ok
15:30:00 <tantek> per IP requirements for PubSub FPWD + CR disclosure periods
15:30:27 <tantek> given that, we need to be specific about how much time (if any) any of our other specs need to complete CR & PR
15:30:48 <tantek> and we will be discussing that, per spec, while we are discussing next steps for each spec during its slot on the agenda
15:31:24 <tantek> there was a vague discussion about trying to get everything else (not yet in PR) into PR in January
15:31:40 <tantek> but we'll figure out the specifics for each spec in depth during today & tomorrow
15:32:12 <csarven> ok, so all specs need to wrapup by April or wahtever
15:32:26 <csarven> and that it is PubSub that needs the most time.. hence the extension being that long..
15:32:38 <csarven> otherwise it is maybe another month or so.. did I understand that correctly?
15:32:41 <csarven> Sorry I'm not on the call.
15:36:50 <tantek> csarven, no problem.
15:37:12 <tantek> that's roughly correct. there's a strong preference to wrap up our other specs in January, however we will discuss each spec in particular and figure out its particular needs.
15:38:23 <ben_thatmustbeme> <ben_thatmustbeme> its not like the arbitrarily chose April, we have to give a certain amount of time for IP exclusions, since that period is still going on for pubsub, we need to extend
15:39:26 <ben_thatmustbeme> <ben_thatmustbeme> that gives us the opportunity to finish dotting i's and crossing t's on other specs, but we want to be clear that we are not just trying to cram a bunch of other new stuff in by extending
15:39:35 <cwebber2> btw, I assume #social is a pretty welcome place in general to invite people hoping to implement socialwg specs?
15:39:42 <cwebber2> or should I encourage people to join another channel
15:40:17 <ben_thatmustbeme> scribenick: none
15:40:29 <ben_thatmustbeme> that will make things a bit easier on me
15:40:53 <ben_thatmustbeme> cwebber2, i would say thats fine, especially if we are going to suggest this as the IRC for the CG
15:40:59 <ben_thatmustbeme> and you will be co-chair
15:43:54 <cwebber2> ben_thatmustbeme, cool, thx for your input
15:45:00 <jasnell> jasnell has joined #social
15:54:24 <rhiaro> scribenick: rhiaro
15:54:31 <rhiaro> TOPIC: PubSub
15:55:02 <rhiaro> tantek: Most complicated issue?
15:55:13 <rhiaro> julien: the signature one
15:55:23 <aaronpk> https://github.com/w3c/pubsub/issues/36 and https://github.com/w3c/pubsub/issues/43
15:55:26 <rhiaro> ... How do we ensure that requests coming from the hub to the subscribers (that are not content) are actually coming from the hub
15:55:39 <rhiaro> ... It was suggested that we use a signature mechanism, except we don't have a body, so nothing tos ign
15:56:00 <rhiaro> ... I think (and aaronpk agrees) is to not provide a signature mechanism but strongly incentivise subscribers to use complex urls that are not guessable
15:56:04 <rhiaro> sandro: capability urls
15:56:27 <rhiaro> julien: if we go in that direction, which I think is safe in terms of security, is why do we even need to sign notifications? If we have https and complex urls, that should be secure enough
15:56:33 <rhiaro> sandro: https protects the url?
15:56:36 <rhiaro> julien: yes
15:56:37 <rhiaro> tantek: no
15:56:44 <rhiaro> julien: it exposes only the domain
15:56:50 <rhiaro> sandro: only the ip address
15:56:55 <rhiaro> aaronpk: you iknow the domain because of SNI
15:57:06 <rhiaro> julien: you don't even know the method
15:57:10 <rhiaro> tantek: so you want to make https a MUST?
15:57:37 <rhiaro> julien: I still think we should allow for non-https, that adds complexity, and I think we need the signature for the case where you could have a man in the middle thing where someone could alter the content and you would not know that they had
15:57:43 <rhiaro> sandro: there's nothing to sign because..?
15:57:45 <rhiaro> aaronpk: two things
15:57:59 <rhiaro> ... The confirmation that the hub sends is a GET request, here is: 'yes the subscrption has been activated'
15:58:14 <rhiaro> ... For that it's using a complex URL, because there's no body you can't sign the payload
15:58:28 <rhiaro> ... Some alternatives could be come up with a signature method based on query strings.. sounds like oauth1, or sign the headers... whatever..
15:58:38 <rhiaro> ... But a much simpler solution is use a 128 bit capability url
15:58:42 <rhiaro> ... That's probably fine over https
15:58:52 <rhiaro> ... That url is never exposed because it's sent in the POST body over https to the hub
15:59:06 <rhiaro> ... With that in mind, totally separate issue: why do we even have signature son the body?
15:59:17 <rhiaro> ... If you assume the URL is secret and nobody can send forged requests to it, why does the hub need to sign the payload?
15:59:40 <rhiaro> ... One reason to continue using signatures is it does allow subscribers to not support https if they are willing to take the risk of forged confirmations
15:59:42 <eprodrom> https://www.w3.org/TR/capability-urls/
15:59:43 <Loqi> [Jeni Tennison] Good Practices for Capability URLs
15:59:50 <rhiaro> ... but when they get the delivery they know the payload was not forged so they can check the signatures
15:59:57 <cwebber2> I guess if you don't trust certificate authorities too :)
16:00:00 <cwebber2> yeah
16:00:03 <rhiaro> ... Second, it secures against mitm over https, which is a thing in corporate network environments
16:00:04 <jasnell> jasnell has joined #social
16:00:10 <rhiaro> sandro: how do you know the public key..?
16:00:19 <rhiaro> aaronpk: the subscriber sent the secret to the hub during subscription over https
16:00:25 <rhiaro> julien: since it's async it's harder to mitm
16:00:38 <rhiaro> aaronpk: it's not pgp level safe, but it's..
16:00:49 <rhiaro> tantek: the other reason even in https is the general concept of defense in depth
16:00:55 <rhiaro> ... Multiple levels of things to use as defenses
16:00:59 <rhiaro> ... One more thing to break through
16:01:03 <rhiaro> ... Good security architecture
16:01:09 <rhiaro> julien: technically the payload is more important than the confirmation
16:01:22 <tantek> FYI: https://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29
16:01:23 <rhiaro> aaronpk: if you intercept a confirmation the worst thing that happens is the system thinks it is subscribed and it's not
16:01:29 <rhiaro> ... whereas the payload could have real consequuences
16:01:47 <eprodrom> q?
16:01:47 <rhiaro> julien: so the right thing is to not change the spec at this point, but to use capability urls
16:01:48 <eprodrom> q+
16:01:54 <rhiaro> aaronpk: it's essentially a bearer token in a URL
16:02:11 <rhiaro> ... Not change the normative spec, but the suggestion in security considerations would be to put a strong recommendation to use these URLs
16:02:17 <rhiaro> ... It doesn't affect interop, but for your own good you sholuld be doing this
16:02:27 <rhiaro> sandro: are people doing that now?
16:02:31 <rhiaro> aaronpk & julien: I think so
16:02:34 <rhiaro> aaronpk: subscribers
16:02:38 <rhiaro> julien: hub is blind to everything
16:02:45 <rhiaro> aaronpk: woodwind does and my switchbaord does
16:02:56 <rhiaro> tantek: strong enough that you can make it a must?
16:03:00 <rhiaro> aaronpk: it doesn't affect interop
16:03:14 <rhiaro> tantek: if you can make it a MUST it's good for the future
16:03:25 <rhiaro> aaronpk: you don't want to put a specific length.. how do you define what's strong enough?
16:03:37 <rhiaro> sandro: you could say it has to be unique for every subscription?
16:03:43 <rhiaro> julien: should we enforce it at the hub?
16:03:50 <rhiaro> aaronpk: the hub could deny a request if it's seen the URL before
16:04:05 <tantek> q?
16:04:17 <aaronpk> https://www.w3.org/TR/capability-urls/
16:04:18 <Loqi> [Jeni Tennison] Good Practices for Capability URLs
16:04:22 <rhiaro> eprodrom: W3C note on capability URLs that is very thorough
16:04:37 <eprodrom> https://w3ctag.github.io/capability-urls/
16:04:37 <rhiaro> ... WD from 2014, so maybe not quite... oh now I found Jan 7 2015
16:04:59 <rhiaro> ... Can't be normative, we can use as informative reference
16:05:11 <rhiaro> aaronpk: So then the issue is do we require unique URLs for subscription, which would be a testable implementation change
16:05:17 <rhiaro> julien: it would break things
16:05:19 <rhiaro> aaronpk: It's a strong change
16:05:23 <rhiaro> tantek: you could make it a SHOULD
16:05:26 <rhiaro> julien: I think it should be a SHOULD
16:05:35 <rhiaro> ... These are things that protect you, do them, if you don't you're the one who is going to suffer
16:05:42 <rhiaro> tantek: for new implementations and new subscribers it is a MUST
16:05:48 <rhiaro> aaronpk: I have a hard tiem justifying it as a MUST
16:05:51 <rhiaro> ... It doesn't change the protocol
16:05:59 <rhiaro> ... It works just as well with all the peices together whether or not subscribers do this
16:06:05 <rhiaro> ... I have a hard time saying it's a MUST because of that
16:06:34 <rhiaro> ... but if someone is implementing this.. I opened this issue because I was writing the test subscriber, and I was like 'wait a second what is stopping someone else from making this request?' there wasn't something in the spec to tell me how to protect myself
16:06:50 <rhiaro> ... I think just at that point the implementer will go to the spec and see the recommendation to make it a unique URL
16:06:58 <rhiaro> aaronpk: I can make the test suite measure that too
16:07:03 <rhiaro> ... whether that different
16:07:07 <rhiaro> ... could check the entropy as well
16:07:26 <rhiaro> tantek: if it becomes common practice we can chane it to a MUST and tighten the security of the whole system
16:07:27 <eprodrom> q?
16:07:29 <rhiaro> ... What about signatures?
16:07:40 <rhiaro> aaronpk: Right now signatures are a optional for the subscriber
16:07:53 <rhiaro> julien: the subscriber can take the risk to receive forged content
16:07:59 <rhiaro> aaronpk: or they can ignore the payload and go fetch the content themselves
16:08:06 <rhiaro> julien: very few implementations actually check the signatures
16:08:14 <rhiaro> ... so in practice even though the signature is safer, people will use the URL
16:08:20 <rhiaro> ... as a way to cover their base
16:08:25 <tantek> (mitigate)
16:08:30 <rhiaro> ... the reason is because the signature mechanism I felt people have had trouble coding
16:08:42 <rhiaro> ... People will not sue the right encoding
16:08:49 <rhiaro> ... It's harder to debug
16:09:09 <rhiaro> ... THe hub will compute the signature at the byte level, the subscriber will use a different encoding and compute the siganture on the string version of this, and get a different result
16:09:21 <rhiaro> aaronpk: shouldn't hte hub compute it on the string level then?
16:09:24 <rhiaro> julien: the hub doesn't know th eencoding
16:09:28 <rhiaro> eprodrom: the issue is signatures are hard.
16:09:49 <rhiaro> julien: PHP doesn't help
16:09:55 <rhiaro> sandro: In JS you oculdn't do it until recently
16:10:26 <rhiaro> aaronpk & julien: something about gzip
16:10:33 <rhiaro> ... good test case
16:10:40 <rhiaro> julien: the hub is the party signing the content, not th epublisher
16:10:54 <rhiaro> ... it would be more secure for the publisher to sign and the hub just transmit it, and be agnostic of the content
16:11:01 <rhiaro> ben_thatmustbeme: but then you're starting to define the publishing
16:11:05 <rhiaro> julien: right htat's a completely different thing
16:11:23 <rhiaro> sandro: In the current model the hub has to sign it differently for each user (per secret)
16:11:45 <rhiaro> eprodrom: one of the problems iwth capability urls is as soon as you publish anything across security boundaries you've started yoru clock ticking. Somebody is going to get to it at some piont, whether it's 100 years from now or next week
16:11:51 <rhiaro> ... Once yo've published it, ...
16:12:05 <rhiaro> julien: We should have a requirement, when the subscription expires, don't reuse your callbacks
16:12:16 <rhiaro> ... So you are exposed for the duration of your lease, when the lease is over you can start fresh
16:12:20 <rhiaro> eprodrom: and if you do a large enough key
16:12:28 <rhiaro> julien: start with 20, then 50, then 200, then 2000...
16:12:43 <rhiaro> eprodrom: if you can do it in a way that your window is small enough then you have enough time
16:12:54 <rhiaro> julien: someone has asked about unbound leases before, I think no this is wrong. You need to provide a maximum period
16:13:04 <rhiaro> ... the hub MUST have a period
16:13:09 <rhiaro> sandro: how does the hub reply?
16:13:13 <rhiaro> aaronpk: it's part of the confirmation
16:13:28 <rhiaro> sandro: does the spec now say 'we know it's ugly?'
16:13:31 <rhiaro> julien: no
16:13:40 <rhiaro> sandro: I would like it to say that it recognises that it's in violation of web arch
16:13:53 <rhiaro> aaronpk: it's important to put that in there because other people will think that and raise issues or try to reinvent
16:14:05 <rhiaro> julien: I think it's elegant to have a different verb for the handshake thing and the notification
16:14:15 <rhiaro> ... On the implementer level it's easier to just say it's a GET, or a POST
16:14:25 <rhiaro> aaronpk: It is easier. And for the payload, the post body is the document, it's not a wrapper
16:14:35 <rhiaro> ... If it was one of the form params it would be much easier on implementer level to use the hub.mode to swithc on that
16:14:50 <rhiaro> ... but as an implementor if I have to handel reading the raw POST body to understand what type of ..
16:14:53 <rhiaro> sandro: and it's the same URL?
16:14:54 <rhiaro> aaronpk: it has to be
16:15:02 <rhiaro> sandro: if they were both POST I'd use two URLs ors omething
16:15:05 <rhiaro> aaronpk: that would be even crazier
16:15:15 <rhiaro> julien: SO I understand it's not the nice way of doing http things, but it makes implementers job much asier
16:15:21 <rhiaro> sandro: how do you tell whether you're getting a diff or full content
16:15:23 <rhiaro> aaronpk: different issue
16:15:46 <rhiaro> sandro: I'd use http PATCH verbs
16:16:09 <rhiaro> ... and Accept-Patch
16:16:44 <rhiaro> ... Not a custom header
16:16:48 <rhiaro> ... You can have that in the subscription request
16:16:58 <rhiaro> ... For instance when you do the confirmation, on that GET the return header could be Accept-Patch
16:17:05 <rhiaro> julien: Oh I see
16:17:10 <rhiaro> sandro: could be an extension
16:17:29 <rhiaro> ... You could also, the hub could just send a patch and see what status code it gets back
16:17:38 <rhiaro> ... A server is not going to give a 200 on a patch unless it's handling it
16:17:46 <rhiaro> julien: I was hoping to be using a content type header
16:17:57 <rhiaro> sandro: or you could do it after the first post to a subscriber
16:18:03 <rhiaro> ... they can say they accept patch for future reference
16:18:14 <rhiaro> julien: there's a continue http code, 100 or something, the subscriber can say hey send me the patch
16:18:22 <rhiaro> sandro: I think continue is in response to a get
16:18:34 <rhiaro> julien: I dunno
16:18:41 <rhiaro> aaronpk: All these things are nice to do, but nobody has implemented any of them
16:18:48 <rhiaro> sandro: It can cleanly go in as an extension
16:19:07 <rhiaro> julien: when we went with fat ping we talked about ability to have extensions
16:19:20 <rhiaro> aaronpk: Okay so
16:19:27 <rhiaro> ... Recommend SHOULD use capability URLs
16:19:32 <rhiaro> ... SHOULD not reuse capability URLs
16:19:45 <rhiaro> ... Hubs MUST NOT issue unlimited subscriptions?
16:19:48 <rhiaro> ... MUST enforce lease
16:19:57 <rhiaro> julien: if the subscriber does not submit one the hub will tell you what it is
16:20:07 <rhiaro> sandro: but we're okay with 20 year leases?
16:20:14 <rhiaro> aaronpk: I don't think the hub should decide the limit
16:20:17 <rhiaro> sandro: in security considerations
16:20:19 <rhiaro> julien: Should be short
16:20:25 <rhiaro> tantek: how muc hof this can you test?
16:20:31 <rhiaro> aaronpk: All testable
16:20:49 <rhiaro> ... Can test that a subscriber is using unique urls, that the hub is returning lease seconds
16:21:01 <rhiaro> sandro: if it's more than a year you can give a warning
16:21:22 <rhiaro> aaronpk: That's basically going to resolve these two issues
16:21:28 <rhiaro> ... 43 and 36
16:21:53 <rhiaro> ... And then signatures on the notification not changing, because it is implemented some people are doing things with it, if you don't want to use it you don't have to, and you can always go fetch the original content if you don't trust the hub's payload
16:22:09 <rhiaro> tantek: are any of these SHOULDs currently unimplemented
16:22:19 <rhiaro> aaronpk: we don't know about renewal
16:22:25 <rhiaro> julien: we dont' check that you're using a differnet URL
16:22:30 <rhiaro> aaronpk: there's no survey of all of them
16:22:36 <rhiaro> ... but I know that mine does use a unique one
16:22:45 <rhiaro> ... We don't know how widely, but we can test it
16:22:58 <rhiaro> tantek: that sounds like we can make a SHOULD and see what happens
16:23:02 <rhiaro> ... if everyone is doing it, we can make it a MUST
16:23:06 <rhiaro> ... without discussing again
16:23:09 <rhiaro> julien: I don't think everyone does it
16:23:43 <rhiaro> aaronpk: could you check that on superfeedr's end?
16:23:47 <rhiaro> julien: wordpress and google doesn't do it either
16:24:09 <rhiaro> tantek: we should gather data
16:24:14 <rhiaro> ... and raise it with them as a security concern
16:24:24 <rhiaro> q?
16:24:30 <eprodrom> q-
16:24:33 <tantek> q?
16:24:37 <cwebber2> hi
16:24:39 <tantek> ack cwebber2
16:24:41 <cwebber2> q-
16:24:42 <tantek> ack cwebber
16:24:46 <cwebber2> not sure why I was on the queu
16:24:47 <cwebber2> e
16:24:54 <cwebber2> I think that was from way before
16:25:03 <rhiaro> julien: I have a process question
16:25:11 <rhiaro> ... People open issues, I close them, what should I do?
16:25:24 <rhiaro> tantek: what we've been doing so far is to try to reach a conclusion that the person who opened the issue has been happy with, and ask them to close it
16:25:52 <rhiaro> sandro: We don't want to have the situation where someone feels like they haven't been heard
16:26:02 <rhiaro> ... If you do exactly what they ask for it should be fine to close
16:26:11 <rhiaro> julien: Same with PRs, I just merge them myself
16:26:34 <tantek> FYI julien: https://www.w3.org/wiki/Socialwg/Github_Process
16:27:17 <rhiaro> tantek: You said you're opening PRs. If you get PRs from people who are outside of the WG we actually need to get them to agree to the contributor's agreement before we merge them
16:27:25 <rhiaro> julien: okay I think I merge da couple of things..
16:27:40 <rhiaro> sandro: there's the patent and copyright question
16:27:51 <rhiaro> ... if it's editorial it could be a copyright issue
16:27:58 <rhiaro> aaronpk: you can put a contributor.md
16:28:09 <rhiaro> ... people generally agree to that
16:28:18 <rhiaro> tantek: can we put the IE agreement there?
16:28:45 <rhiaro> ... if the person belongs  to a W3C member company that's okay too
16:28:57 <rhiaro> julien: and when they're not?
16:29:35 <rhiaro> sandro: the peopel who have already contributed, we can get them to confirm it
16:29:47 <rhiaro> ... It's part of the IE agreement, but not the whole IE sign up
16:29:57 <rhiaro> tantek: We should put the IE agreement into the contributions.md
16:30:06 <rhiaro> ... rhiaro can find the links to the agreements
16:30:39 <rhiaro> ... You need to ask tony to check he's agreed to the following
16:30:46 <rhiaro> ... If it's not okay you'll have to remove his changes. Hopefully won't coem to that
16:32:24 <aaronpk> https://github.com/w3c/pubsub/issues/40
16:32:28 <rhiaro> aaronpk: Host meta thing
16:32:35 <rhiaro> ... I opened this one as I was writing the subscriber
16:32:38 <tantek> https://github.com/w3c/pubsub/issues in general
16:33:00 <rhiaro> ... Right now the discovery steps in the specs say check the http headers and then if it's xml or html then look for the link tag, and then lastly check host-meta
16:33:05 <rhiaro> ... The spec doesn't say much about how that part works
16:33:13 <rhiaro> ... IT's sort of left as go read about host meta and figure it out
16:33:19 <rhiaro> ... I supsect there's not much implementation of it
16:33:26 <rhiaro> ... I suggest to drop it if there's no known implementations
16:33:37 <rhiaro> julien: I initially agreed and then changed my mind. There's a use case that's very useful - github pages
16:33:51 <rhiaro> aaronpk: a hosting environment that doens't le tyou set http headers, for document types that don't support embedded links
16:33:58 <rhiaro> sandro: eg. json data on github
16:34:54 <rhiaro> aaronpk: host meta turns out to be a weird rabbithole
16:34:59 <rhiaro> ... hostmeta is actually an xml document
16:35:23 <rhiaro> ... hostmeta is a specific part under .well-known
16:35:47 <rhiaro> ... In my opinion, the best way to do it for pubsub (and possibly webmention) is to define a pubsub .well-known
16:35:57 <rhiaro> ... where the pubsub spec defines the document inside there
16:36:10 <rhiaro> tantek: that's not unique to pubsub, adding one more step to discovery
16:37:03 <jasnell> jasnell has joined #social
16:37:07 <rhiaro> aaronpk: we solved for webmention with not supporting wellknown, and whole domain delegation, at an http header level
16:37:50 <rhiaro> ... We don't support per-document discovery on non-xml content types, but the assumption was the majority of the use cases for that could be solved with headers
16:37:51 <cwebber2> that requires that you control the web server, so it wouldn't work with something like github pages right?  which is probably fine
16:37:55 <cwebber2> oh there we go :)
16:38:16 <rhiaro> eprodrom: What we're trying to do is do discovery on name.example/something.jpg
16:38:24 <rhiaro> ... Can we say that if you can'tn do any discovery on something.jpg you can do it at the host name leveL?
16:38:29 <rhiaro> ... Is that a fair way to do it?
16:38:47 <rhiaro> ... If you can't do discovery on name.example/something.jpg try doing discovery on name.example/
16:38:55 <rhiaro> aaronpk: you wouldn't find the self url
16:38:58 <rhiaro> ... and doesn't solve it for github
16:39:04 <rhiaro> ... oh right subdomains on github
16:39:21 <rhiaro> sandro: you don't seperate subscribing to root from subscribing to everything else
16:39:24 <rhiaro> eprodrom: good point
16:39:58 <rhiaro> julien: why do we have to define discovery, why isn't there a discovery spec?
16:40:03 <rhiaro> aaronpk: that is kind of host meta...
16:40:26 <rhiaro> tantek: we did roughly define our own discovery guidelines in this group, across all the different approaches
16:40:31 <rhiaro> aaronpk: that doesn't solve this particular use case
16:40:38 <rhiaro> tantek: I think that was considered, this isn't a new use case
16:40:42 <rhiaro> ... There's not enough new information to bring it up from two years ago
16:40:53 <rhiaro> eprodrom: Link header and then link tag is going to discover somewhere north of 95% of cases
16:41:08 <rhiaro> ... So it might not be worth doing anything more than punting and saying go look around the web and see what other discovery mechanisms there are
16:41:27 <rhiaro> aaronpk: Here's my concern. It makes writing subscribers harder. As a subscriber it's nice ot know when you've checked all the possible ways to find a thing
16:41:48 <rhiaro> julien: a long time ago, the discovery mechanism itself can be extracted into a custom service. Can just be a library that people can reuse
16:41:56 <rhiaro> ... I wrote a service a couple of years ago called feed discovery..
16:42:05 <rhiaro> ... It's harder to implement, but it's a matter of just using a library that does it
16:42:13 <rhiaro> aaronpk: the reason that we have to talk about it is because it is in the spec already
16:42:17 <rhiaro> ... We're not talking about adding it
16:42:22 <rhiaro> ... hostmeta has been in the spec since the beginning
16:42:31 <rhiaro> julien: a lot of peopel who host a jekyll site on github have asked about it
16:42:43 <rhiaro> sandro: one other discoveyr technqiue, used in csv on the web recs, is
16:42:53 <rhiaro> ... if you have a cvs file you're suppose dto look for -metadata.json
16:42:57 <rhiaro> ... and also csv-metadata.json
16:43:23 <rhiaro> tantek: wat
16:43:43 <rhiaro> various: wat?
16:43:53 <rhiaro> ... *descends into silliness*
16:44:03 <rhiaro> tantek: So who implements hostmeta discovery for pubsub?
16:44:05 <rhiaro> julien: no-one
16:44:15 <rhiaro> ... I have email of people asking me how I do this on github with jekyll
16:44:24 <rhiaro> ... I say you can't. it's excluding them, and then saying oh well nobody is doing it
16:44:52 <rhiaro> ben_thatmustbeme: It's the subscribers we need to know if they do it
16:45:06 <rhiaro> ... With webmention we don't want to add it cos every single implementation would have to update
16:45:16 <rhiaro> ... But with pubsub if it's been in the spec since the beginning that's not the case
16:45:43 <rhiaro> aaronpk: My issue is as an implementor I look at this sentence I don't immediately see how to implement it
16:45:54 <rhiaro> ... I want to see the URL I request, the response body taht I get, and then I'll understand the question
16:46:04 <rhiaro> tantek: I'm asking are there any implementations of subscribers that do discovery this way
16:46:14 <rhiaro> ... We knew for webmention was 0 so we could easily make a decision
16:46:17 <rhiaro> julien: I don't know.
16:46:31 <rhiaro> tantek: are there any publishers that implement this?
16:46:33 <rhiaro> julien: We don't know
16:46:39 <rhiaro> aaronpk: hard to know, we'd have to survey the whole web..
16:47:14 <rhiaro> tantek: follow up is that are these publishers depending on it
16:47:30 <rhiaro> julien: people are asking me about it because it's the only option for them
16:49:03 <rhiaro> sandro: it's a thing that's in the spec but there's not enough guidence
16:49:09 <rhiaro> julien: we can definitely put it as at risk
16:49:58 <rhiaro> aaronpk: looks like hostmeta was added in 0.4
16:50:15 <rhiaro> ... The other thing is that it doesn't link to the hostmeta spec, it links to the wellknown spec
16:50:17 <rhiaro> julien: that's not right
16:50:43 <rhiaro> aaronpk: So I suspect there are few imlpementations because of that
16:50:59 <rhiaro> tantek: so it's underspecified. Implementation status is unknown. We can specify it in more detail and put it at riks.
16:51:02 <rhiaro> s/riks/risk
16:51:37 <rhiaro> tantek: that's an exception from the prior resolution of FYN
16:51:43 <rhiaro> aaronpk: It's an exception becasue it was already in the spec
16:51:48 <rhiaro> ... It's not being added
16:51:48 <cwebber2> of course, At Risk, it's not very at risky, because it has implementations :)
16:51:57 <rhiaro> ... Putting it at risk is bringing it closer to our earlier resolution
16:52:13 <rhiaro> ... and I'll check in the test suite if people ar eusing it
16:52:19 <ben_thatmustbeme> cwebber2, do you have examples of where it has implementations?
16:52:38 <cwebber2> oh
16:52:41 <cwebber2> nm maybe I'm wrong
16:53:06 <tantek> cwebber2: in the room we have no knowledge of any PuSH publishers or subscribers that implement host meta discovery
16:53:20 <tantek> if you know of one, definitely say something!
16:54:25 <cwebber2> I misunderstood, sorry!
16:55:29 <eprodrom> I need to step away at noon for 15 minutes
16:56:06 <wilkie> wilkie has joined #social
16:57:05 <jasnell> jasnell has joined #social
16:57:53 <KevinMarks> KevinMarks has joined #social
16:57:55 <rhiaro> aaronpk: My problem with hostmeta is the spec gives you 5 different ways to find the hostmeta
16:58:00 <rhiaro> ... Conneg, there may be a .json version fo the file
16:58:06 <rhiaro> ... I don't feel comfortable recommending that to people using pubsub
16:58:10 <rhiaro> ... pubsub right now does not recommend that
16:58:26 <rhiaro> ... there are so many way sit can work, makes discovery very difficult
16:58:35 <rhiaro> ... I think there are much better ways to solve the use case the hostmeta is tryign to do
16:58:40 <timbl> timbl has joined #social
16:58:41 <rhiaro> ... One of those is to define our own pubsub .well-known
16:58:45 <rhiaro> ... It's much clearer
16:58:47 <rhiaro> ... BUT
16:58:51 <rhiaro> ... that is a big change to the spec
16:58:54 <rhiaro> ... We know nobody is doing it
16:59:02 <rhiaro> ... Adding that is a big deal
16:59:10 <rhiaro> ... That breaks every existing subscriber
16:59:15 <rhiaro> ... But that is a better solution to the technical problem
16:59:23 <rhiaro> ... However completely delegating to the hostmeta spec is also a terrible solution
16:59:27 <rhiaro> ... and will also break subscribers
16:59:42 <rhiaro> ... The only solution that doesn't break *possible* implementations that we haven't confirmed, is to harden the aspect of hostmeta that the spec does *already* refer to
16:59:49 <rhiaro> ... Only looking for the xml format in the hostmeta file
16:59:59 <rhiaro> ... If there are implementations they did it that way, cos that's all the spec hinted at
17:00:03 <rhiaro> tantek: or we drop it right now.
17:00:13 <rhiaro> aaronpk: Or because we don't know any implementations we drop it from the spec
17:00:20 <rhiaro> sandro: Sounds like the right solution is a .well-know extra headers
17:00:29 <rhiaro> ... as a workaround for these stupid things that don't let you provide headers
17:00:35 <rhiaro> aaronpk: where you can put in literal text of http headers
17:00:37 <rhiaro> various: lol
17:01:37 <rhiaro> aaronpk: I would rather drop it, but am okay with restricting to xml, to support the use case that has technically been supported before this group adopted it
17:01:53 <rhiaro> julien: I want the mechanism to exist for these people
17:02:19 <rhiaro> ... Opposed to dropping
17:02:29 <rhiaro> ben_thatmustbeme: I'm okay with any of them
17:02:48 <rhiaro> rhiaro: I agree with julien
17:02:55 <cwebber2> no objections
17:02:58 <rhiaro> tantek: cwebber2 do you have an objection to either way?
17:03:24 <rhiaro> ... I'm going to declare consensus on aaronpk's proposal, of restricting the scope to what it seems the pubsubhubbub spec intended, and marking it as at risk
17:03:45 <rhiaro> ... And indicate in the spec that we know of no known implementations, and if you have an implementation the group stronglyr equests your input on this issue in particular
17:03:55 <rhiaro> ben_thatmustbeme: I think the most important feedback is from subscribers to know that they're all checking for it
17:04:02 <rhiaro> ... If nobody is checking for it, what's the point of specifying it?
17:04:06 <rhiaro> ... In this version
17:04:26 <rhiaro> aaronpk: we can solve it a better way in a future version
17:04:56 <rhiaro> tantek: we're asking for an extension for this spec in particular, so if anyone decides to look through with a fine tooth comb, one they will look for is narrowing scope, not adding new features
17:06:07 <sandro> https://twitter.com/sandhawke/status/799297395519582208
17:06:07 <Loqi> [@sandhawke] Any workaround for sites (@github) which don't let you set HTTP Link headers? I find myself sadly wanting .well-known/extra-http-headers.txt
17:06:18 <rhiaro> ... So.. what do we need to get to CR? Have we covered all issues?
17:06:19 <rhiaro> julien: yes
17:06:40 <rhiaro> tantek: Continue with taking pubsub to CR discussion after lunch
17:06:51 <rhiaro> TOPIC: Lunch
17:07:17 <cwebber2> yup
17:07:29 <aaronpk> k
17:07:31 <cwebber2> ty
17:07:37 <aaronpk> 👍
17:21:55 <KevinMarks2> KevinMarks2 has joined #social
17:39:25 <KevinMarks> KevinMarks has joined #social
17:42:11 <tantek> aside: Snowden advocated federation: http://werd.io/2016/i-missed-this-snowden-advocated-federation-as-an-antidote-to
17:42:15 <Loqi> [Ben Werdmüller] I missed this: Snowden advocated federation as an antidote to filter bubbles. http://www.scribblrs.com/snowden-stop-relying-facebook-news/ #indieweb #decentralize...
17:54:10 <jasnell> jasnell has joined #social
18:00:20 <jasnell_> jasnell_ has joined #social
18:02:14 <cwebber2> tantek, nice to see
18:21:01 <KevinMarks> KevinMarks has joined #social
18:21:24 <rhiaro> hey cwebber2 we're doing the group photo, any chance we can get you on video?
18:21:40 <rhiaro> otherwise we'll hold a laptop with a blank screen and shop you in later :)
18:21:58 <cwebber2> rhiaro: shop me in later!
18:22:26 <cwebber2> no viable webcam option right now, so if yer gonna fake it, post-production is just as good
18:22:35 <cwebber2> rhiaro: or, hilariously, you could load this image:
18:22:56 <cwebber2> http://dustycloud.org/gfx/goodies/gavroche-wip15.jpg
18:23:00 <cwebber2> just as good, looks just like me
18:25:11 <wilkie> you're looking a bit untextured
18:25:34 <tantek> wilkie are you joining us remotely?
18:25:43 <tantek> we are about to resume
18:25:48 <tantek> cwebber2 can you reconnect?
18:25:50 <tantek> call aaronpk
18:25:51 <cwebber2> yep
18:26:04 <cwebber2> wilkie: yeah it was for a 3d print from the mediagoblin campaign rewards
18:26:23 <cwebber2> never got around to texturing
18:26:35 <wilkie> looks good
18:26:49 <tantek> cwebber2: focus :)
18:27:42 <rhiaro> scribenick: rhiaro
18:28:16 <rhiaro> julien: what to do to get to CR
18:28:21 <rhiaro> tantek: A test suite, or plan, or start, which we have
18:28:38 <rhiaro> aaronpk: yeah the publisher and subscriber tests are done, the hub is in progress
18:28:46 <rhiaro> tantek: Plan?
18:28:48 <rhiaro> aaronpk: yep
18:28:49 <rhiaro> tantek: where?
18:28:53 <rhiaro> aaronpk: github issues on tests repo
18:29:29 <rhiaro> tantek: Implementation report template?
18:29:32 <rhiaro> aaronpk: It is part of the test plan
18:30:45 <rhiaro> tantek: You can use the CR to go to implementors and say you need ti either implement this to the spec or say why you can't
18:30:53 <rhiaro> ... The implementation report template is a requirement to enter CR in other specs
18:31:00 <rhiaro> ... So that as soon as we ask for impleemntations they have a way to provide reports
18:31:05 <rhiaro> aaronpk: It is better to have it that way
18:31:36 <rhiaro> tantek: Do we have conformance criteria?
18:31:38 <rhiaro> aaronpk: I don't think so
18:31:48 <rhiaro> sandro: Do we have the three conformance classes of publishers, subscriber and hub?
18:31:50 <rhiaro> aaronpk: yep
18:31:56 <rhiaro> sandro: different kinds of hubs?
18:31:59 <rhiaro> aaronpk: Not in this spec
18:32:12 <rhiaro> ... It's actually pretty small. Not a lot of options for each of them. Conformance criteria is not much more than the spec itself
18:32:24 <rhiaro> sandro: *explains conformance criteria*
18:32:38 <Zakim> Zakim has left #social
18:32:39 <rhiaro> tantek: should be a summary of features
18:32:44 <Loqi> good riddance
18:32:50 <rhiaro> aaronpk: sometimes it's more obvious that some parts of the spec are optional or only apply to certain roles
18:32:58 <rhiaro> Zakim, you were never needed. Best wishes.
18:33:03 <Zakim> Zakim has joined #social
18:33:15 <rhiaro> We missed you Zakim
18:33:40 <rhiaro> tantek: Is there CR exit criteria in the spec?
18:33:51 <rhiaro> sandro: Our standard boilerplate is two implementations of every feature passing the tests
18:33:57 <rhiaro> tantek: interoperable implementations
18:34:17 <rhiaro> sandro: the higher bar we could go for is two implementation with all the features
18:34:23 <rhiaro> ... 2 hubs that do everything a hub is supposed to do
18:34:59 <rhiaro> aaronpk: a great example of criteria for the hub is that it must support signatures, whereas the subscribers doesn't
18:35:10 <rhiaro> tantek: file issue for CR exit criteria in the spec
18:37:08 <rhiaro> aaronpk: example of feature is hostmeta discovery
18:37:31 <rhiaro> ... we might not get two implementations of that
18:37:46 <rhiaro> ... i actually do have the feature list
18:37:54 <rhiaro> ... 4 discovery methods, headers xml tags html tag, hostmeta
18:39:54 <rhiaro> ... Let's set the bar of two implementations of each feature
18:47:50 <cwebber2> ben_thatmustbeme: softflex gloves from the ergoguys store; you can also get them on amazon
18:47:53 <rhiaro> varoius: *discussion about publication process*
18:49:02 <rhiaro> various: *discussion of github's partial implementation of pubsub*
18:50:05 <rhiaro> tantek: it's almost like a different class of conformance that's beyond the scope of the spec
18:50:13 <rhiaro> ... authenticated subscriptions
18:50:25 <rhiaro> ... a future version of pubsub could specify if you want to only allow authenticated subscribers, here are some mechanisms
18:50:33 <rhiaro> ... sounds like their use case is different from what we're speccing
18:50:42 <rhiaro> julien: requiring authentication makes a lot of the things we do irrelevant
18:51:07 <rhiaro> ... facebook do the verification step even though they know you did it with your credentials
18:51:16 <rhiaro> ... In the past, it works to say this will make their thing work with other apis
18:51:38 <rhiaro> ... Github could let you subscribe to a repo by html without authentication
18:51:43 <rhiaro> ... But currently the API is behind authentication
18:52:03 <rhiaro> sandro: for github pages, they could provide a link header to their own hub
18:52:15 <rhiaro> aaronpk, julien: that would be great
18:52:29 <rhiaro> julien: medium has its own hub for all of the feeds (superfeedr)
18:52:39 <rhiaro> ... We don't have an API for reading, we just have feeds
18:53:02 <rhiaro> ... I can see where we might eventually have some things not available as feeds to be available through pubsub. I'm fighting hard against auth for that
18:54:01 <rhiaro> q+ to say evidence of wide review
18:54:29 <rhiaro> aaronpk: There was text modified to make it clear to send the full page as the notification payload. Are will leaving it open to send diffs?
18:54:34 <rhiaro> julien: diffs are the widest thing implemented
18:54:42 <rhiaro> aaronpk: you still send an atom feed, it just only has one item in it
18:54:46 <rhiaro> ... you send a wrapped feed
18:54:55 <rhiaro> ... So the actual diffing mechanism is not in the spec
18:55:05 <rhiaro> julien: I think we should remove it from the spec, but I still want a trace in here because people will ask about it
18:55:16 <tantek> q?
18:55:39 <rhiaro> aaronpk: Add it to the test tool to check if it's being done, so we can keep track of it
18:55:57 <rhiaro> ... If the actual diffing mechanism is not in the spec, how do people know what to do and what to expect from the payload
18:56:03 <rhiaro> ... Can we say here is where to go to learn about what to expect?
18:56:17 <rhiaro> sandro: in practice, when people get the new version of an rss feed, they don't actually get it, they get a stripped down verson that only has the new stuff?
18:56:21 <rhiaro> julien: yes, only the new entries
18:56:29 <rhiaro> aaronpk: 0.3 specified diffing for rss and atom
18:56:36 <rhiaro> ... it said send the feed with only new items
18:56:42 <rhiaro> eprodrom: people tend to mess that up
18:56:49 <rhiaro> aaronpk: it was written in 0.3
18:56:54 <rhiaro> ... it got explicitly taken out in 0.4
18:57:00 <rhiaro> ... so now there's no clue what to expect about a diffd payload
18:57:03 <rhiaro> ... Where do we point people to?
18:57:10 <rhiaro> ... if it's a MAY be a diff
18:57:19 <rhiaro> julien: ..define a diff. It's a subset
18:57:23 <rhiaro> ... I thikn it's still fine
18:57:35 <rhiaro> aaronpk: Right now as the spec is written it's not clear what implementors should expect
18:57:37 <rhiaro> ... to receive or send
18:57:43 <rhiaro> sandro: sounds like it's not in conformance to the spec
18:57:49 <rhiaro> ... I imagine it says the fat ping is the content that is being published
18:57:58 <rhiaro> ... It sholud say it's either the content being published, or the subset appropriate for that media type
18:58:44 <julien> julien has joined #social
18:58:46 <julien>  <p>A content distribution request is an HTTP [[!RFC7231]] POST request from hub to the subscriber's callback URL. The HTTP body of the POST request MUST include the payload of the notification. This request MUST have a <samp>Content-Type</samp> Header corresponding to the <samp>Content-Type</samp> of the topic, and SHOULD contain the full contents of the topic URL. The hub MAY reduce the payload to a diff between two consecutive versions if its format allo[CUT]
18:59:20 <aaronpk> if its format allows it
18:59:37 <rhiaro> sandro: I'd use the word subset not difff
18:59:48 <rhiaro> aaronpk: the point is that the actual, now you can't even tell what the payload is going to be
18:59:56 <rhiaro> ... "subset or diff" are not actual spec words (not defined)
19:00:04 <wilkie> RSS/Atom is fairly straightforward, too. if you know what RSS is, then you can tell when an entry is an entry you've never seen before. So you just always treat the incoming data from PuSH as a subset and just take what you need.
19:00:14 <rhiaro> sandro: so, for formats that are a set of items, this may be reduced to only the changed items
19:00:26 <rhiaro> aaronpk: to better define the 'diffing mechanism' in generic terms?
19:00:46 <rhiaro> eprodrom: what about defining the diff for... it's such a common use case that we've got, using rss items and atom entries, it seems worthwhile to.. it would take two sentences to define it
19:00:57 <rhiaro> aaronpk: the problem is that for the content types that aren't those, what is expected?
19:01:00 <rhiaro> eprodrom: figure something out
19:01:06 <rhiaro> tantek: the answer is not implemented
19:01:09 <rhiaro> eprodrom: it could be a diff
19:01:12 <rhiaro> julien: a subset
19:01:36 <rhiaro> eprodrom: it could be a subset. For rss it's an item, for atom it's an entry, for AS2 it could be a single activity
19:01:37 <wilkie> if you let people know that a subset that is based on the content type is how it is expected to work, I don't think people will be confused to that purpose
19:02:01 <wilkie> if you understand the content type (RSS or AS2) you won't find a subset surprising or hard to deal with, basically
19:02:12 <rhiaro> sandro: if the topic is a json document and the top level si an object and one key value has changed can you just send that key value?
19:02:14 <rhiaro> julien: no
19:02:17 <rhiaro> ... we're back to diffing
19:02:31 <eprodrom> q+
19:02:31 <rhiaro> aaronpk: what I would like to see from the spec and as an implementor, I want to see exactly what to do and I don't want any wriggle room
19:02:36 <ben_thatmustbeme> scribenick: ben_thatmustbeme
19:02:52 <ben_thatmustbeme> rhiaro: i was queued to continue answering what is needed for CR
19:03:07 <tantek> q?
19:03:16 <tantek> ack eprod
19:03:17 <rhiaro> scribenick: rhiaro
19:03:41 <rhiaro> eprodrom: RSS, Atom and undefined would get us pretty far
19:03:45 <tantek> q+ to mention implementations of specific subset items vs at-risk for anything else
19:03:49 <rhiaro> aaronpk: I would say RSS, Atom and "don't do it" is a better option
19:03:55 <rhiaro> eprodrom: I'm fine with that
19:04:03 <rhiaro> julien: Do we even want to open the door for RSS/Atom?
19:04:16 <rhiaro> eprodrom: yeah. Subscribers SHOULD be able to the whole content, or a subset
19:04:22 <rhiaro> sandro: but the subscriber doesn't get to pick, and can't tell what it's getting
19:04:44 <aaronpk> https://github.com/w3c/pubsub/issues/27
19:04:50 <wilkie> yeah, a general diff may just be too complicated to get right. noting that a formalized subset defined elsewhere is to be expected seems to be a good note in the spec, giving RSS/Atom as an example.
19:04:51 <rhiaro> julien: you havea feed with ten entries, all new you get ten. You have a feed with 100, 10 new, you get 10. The subscriber doesn't know
19:05:09 <rhiaro> eprodrom: I think we always did exactly one
19:05:13 <rhiaro> julien: superfeedr as well
19:05:25 <rhiaro> tantek: sounded like consensus forming about what to specify for rss/atom vs other formats
19:05:34 <rhiaro> aaronpk: I want clarity on th enotification payload when it's not the full contents
19:05:43 <rhiaro> ... We can describe what to do for RSS/Atom
19:05:57 <rhiaro> ... We know that we have implementations of hubs that send individual entries within an RSS/Atom feed
19:06:04 <rhiaro> ... We don't know and I doubt there are implementations of other diffing mechanisms
19:06:15 <rhiaro> ... I think it would be very reasonable to put in a setnece or two for RSS/Atom
19:06:19 <rhiaro> ... Subscriber MUST be able to handle that
19:06:23 <rhiaro> ... But the hub doesn't have to
19:06:33 <rhiaro> julien: practically it doesn't change anything for the subscriber
19:06:38 <rhiaro> sandro: they ahve to not delete what they've already got and replace it
19:06:44 <wilkie> brand new subscriptions only got the latest 3 entries for my implementation as their initial data, and then just the new ones.
19:06:44 <rhiaro> julien: depends what they're doing
19:06:48 <rhiaro> ... sometimes it's a mirror or an archive
19:06:52 <rhiaro> aaronpk: very application specific
19:07:15 <rhiaro> sandro: I could have a completely broken implementation without realising it. I might think th ehub is broken because it's sending only soe of it
19:07:32 <rhiaro> ... Every consumer has to be written with this awareness, that if it's RSS/Atom it might not be getting the full content
19:08:18 <rhiaro> aaronpk: the alternate is that you assume you're getting the complete feed and don't dedup
19:08:45 <rhiaro> sandro: I could be building a subsystem, a fetch module, you give it a url and it gives you back the content, and I want to add pubsub discovery rather than a polling mechanism
19:09:04 <rhiaro> ... not rss/atom. A web mirroring system. It turns out that pubsubhubbub on two media types do somethign different than pure mirroring
19:09:07 <rhiaro> ... I have to know that
19:09:23 <rhiaro> tantek: if you're looking to mirror you have to go get the actual resource
19:09:31 <rhiaro> sandro: the point of fat pings in pubsub is I don't have to do that
19:09:37 <rhiaro> tantek: but the point of fat pings is not to support mirrors
19:09:51 <cwebber2> q+
19:09:56 <rhiaro> julien: you're never able to guarantee you get the full mirror of a feed
19:10:14 <rhiaro> sandro: as someone writing a consumer I just have to know that for rss/atom the hub is not bit true
19:10:17 <rhiaro> tantek: the fat pings are not bit true
19:10:23 <rhiaro> sandro: there are no bits if it's not fat pings
19:10:31 <rhiaro> ... fat pings for feed formats, the hub messes with you (in a good way)
19:10:36 <tantek> q?
19:10:42 <rhiaro> julien: if you ask for a feed then you sholuld expect a window in a stream
19:10:47 <rhiaro> ... whether one or ten is not something you can control
19:10:52 <cwebber2> I forget, can pubsubhubbub be reasonably used for delivering private data?  it needs salmon for that to work, right?
19:10:53 <rhiaro> ... It's hard to build a mirror of an infinite stream
19:10:56 <rhiaro> .. you can only get mirrors as windows
19:10:58 <wilkie> this has nothing to do with the protocol itself, either. my implementations may only choose to publish a max number of entries to a hub.
19:10:58 <cwebber2> it's pretty much only for public info right?
19:11:07 <rhiaro> tantek: sounds like an informative note in the section on fat pings could address this
19:11:29 <tantek> ack cwebber2
19:11:35 <tantek> ack cwebb
19:11:51 <rhiaro> cwebber2: can pubsubhubbub be reasonably used for delivering private data?
19:11:58 <rhiaro> aaronpk: implementaitons so far have only used it for public feeds
19:12:02 <rhiaro> julien: no, there's a lot of private stuff
19:12:09 <rhiaro> tantek: this is a new topic
19:12:30 <rhiaro> cwebber2: if there's an expectation that you have to jump back to very correctly get the content if it's somethign that was private I guess it has to be both private and transient for that to be an issue
19:12:39 <rhiaro> ... But if that's an issue there's not any guarantee you can fetch it again
19:12:43 <rhiaro> ... But maybe that's not a pubsub issue
19:12:54 <rhiaro> ... It's an issue we have in AP, but I don't htink pubsub is bein gused for this
19:13:05 <rhiaro> julien: there is a lot of private data, obfuscated not behind authn
19:13:13 <rhiaro> ... you had an rss feed in your gmail inbox, that was a public url, a capability url
19:13:18 <rhiaro> ... peopel plugged that into services like superfeedr
19:13:26 <rhiaro> ... we were technically accessing thousands of people's emails as rss
19:13:34 <rhiaro> ... it's private because of the content, but not behind authentication
19:14:22 <rhiaro> tantek: facebook, foursquare, still have stuff like this
19:14:27 <tantek> q?
19:14:31 <cwebber2> so, the reason I raised this was we realized if you had private *and* transient data flying across the wire, you won't be able to fetch it again... which is possible in activitypub
19:14:43 <rhiaro> aaronpk: Summary
19:14:44 <cwebber2> which means that a partial update would have to be sure how it worked
19:14:53 <cwebber2> which, we dropped partial updates for federation so its no problem
19:14:56 <rhiaro> ... We will add to notification payload section describing how to send changes in the feed for RSS and Atom specifically
19:15:01 <ben_thatmustbeme> cwebber2, thats what i was going to say, but i figured you were getting to understand that as well
19:15:04 <rhiaro> ... For any other content type you must send the full original content
19:15:12 <cwebber2> but just saying to the "if you're mirroring you should go back and fetch"
19:15:14 <rhiaro> tantek: I heard a different suggestion from eprodrom
19:15:21 <ben_thatmustbeme> correct, you cannot re-fetch the content other than going to the source
19:15:30 <rhiaro> ... In addition to those content types, to consider putitng in at risk how to also do it for AS2
19:15:41 <rhiaro> ... And frankly any other format that pubsub consumers are consuming right now
19:15:43 <rhiaro> ... eg. h-feed
19:15:50 <rhiaro> ... You might get a subest h-feed with only h-entries
19:15:57 <rhiaro> ... but at risk
19:16:07 <rhiaro> aaronpk: the way sandro described it was a generic term for all of these things
19:16:12 <rhiaro> ... If the URL is a collection of items
19:16:18 <rhiaro> ... but it's very clear for implementors what to do for their content type
19:16:23 <rhiaro> ... If you are an ical feed of a bunch of events
19:16:29 <rhiaro> ... it's very obvious that you can send only the feed with the new events
19:16:40 <rhiaro> ... if you're an RSS feed it's very obvious that the items are the individual things to send
19:16:43 <rhiaro> tantek: i half agree with that
19:16:55 <rhiaro> ... ical there is the implicit assumption that if an event is not there it's not in your calendar
19:17:06 <rhiaro> ... it would just delete the event, it wouldn't treat it as an update mechanism
19:17:10 <rhiaro> aaronpk: that was a bad example
19:17:19 <rhiaro> ... The concrete example of rss/atom would be useful, and then the generic text about items in collections
19:17:26 <rhiaro> tantek: again I'm going to say that generic ttext is a bad idea
19:17:48 <rhiaro> julien: If peopel go away from RSS/Atom we can remove it from the spec?
19:17:55 <rhiaro> sandro: It'll be hard for peopel to go away from that
19:18:00 <rhiaro> julien: it was implemented becasue it was in the spec
19:18:16 <rhiaro> tantek: the could have always provided the full feed, they didn't need to do the subset thing
19:18:28 <rhiaro> julien: My point is in the end it's the same amount of processing for the subscriber whether it's a diff or the full feed
19:18:30 <sandro> "If the content type represents a 'feed' of items, such as RSS, Atom, and AS2, then the hub MAY trim pre-existing items from the feed."
19:18:34 <rhiaro> ... Except that it introduces uncertainty as sandro said
19:18:42 <rhiaro> ... The subscriber doesn't know if it's the content of the resource at this point
19:18:45 <rhiaro> tantek: that warning is useful
19:18:51 <rhiaro> ... that's where the generic terminology might be good
19:19:08 <sandro> tantek: unchanged
19:19:22 <rhiaro> sandro: If the content type represents a 'feed' of items, such as RSS, Atom, and AS2, then the hub MAY trim pre-existing items from the feed.
19:19:29 <rhiaro> s/pre-existing/unchanged
19:19:46 <rhiaro> aaronpk: I would still like to see the concrete description of RSS and Atom since they have been implemented
19:19:53 <rhiaro> tantek: for anything else we include we list as at risk
19:20:02 <rhiaro> aaronpk: we won't describe the specific mechanism for any other formats
19:20:02 <Loqi> Scapadis made 2 edits to [[Socialwg/2016-11-17]] https://www.w3.org/wiki/index.php?diff=100738&oldid=100727
19:20:02 <Loqi> Tantekelik made 7 edits to [[Socialwg/2016-11-17]] https://www.w3.org/wiki/index.php?diff=100754&oldid=100738
19:20:02 <Loqi> Tantekelik made 1 edit to [[Socialwg/DocumentStatus]] https://www.w3.org/wiki/index.php?diff=100753&oldid=98359
19:20:03 <Loqi> Abasset made 1 edit to [[Socialwg/2016-11-17]] https://www.w3.org/wiki/index.php?diff=100743&oldid=100739
19:20:03 <Loqi> Rhiaro made 1 edit to [[Socialwg/push-name]] https://www.w3.org/wiki/index.php?diff=100746&oldid=100709
19:20:08 <rhiaro> julien: we're adding more uncertainty
19:20:23 <rhiaro> sandro: we have the uncertainty of all feeds, or only rss and atom
19:20:43 <sandro> eprodrom: Nah, don't trim AS2.
19:20:59 <rhiaro> eprodrom: one possibility is that people do implement it with one Activity in a feed, at which point we document it
19:21:08 <rhiaro> julien: there are things where the size of the feed is not fixed
19:21:41 <rhiaro> ... It's hard to know what the 'full feed' is
19:21:49 <rhiaro> ... I wish for RSS and Atom we consider it a subset of the global stream no matter what
19:22:21 <rhiaro> eprodrom: If I get 5 entries, i check each of their ids against what I already have, if I don't have it if it's new, if I do see if it changed
19:22:28 <rhiaro> julien: the subscriber can't rely on jus tgetting the new version from the hub
19:22:41 <rhiaro> tantek: I would agree with syndication feeds and search results
19:22:45 <rhiaro> ... I would disagree with calendar events
19:22:47 <sandro> tantek: syndication feeds and search results, not calendar events
19:23:05 <rhiaro> sandro: a flag would be great
19:23:08 <rhiaro> tantek: now we're talking new features
19:23:30 <rhiaro> julien: you can have very large requests that need trimming
19:23:49 <rhiaro> tantek: I think the assumptions you have for rss and atom consumers for pubsub
19:23:52 <rhiaro> ... probably the same for h-feed
19:24:04 <rhiaro> aaronpk: more challenging with h-feed because consumers of h-feed are usuallyd ealing with the parsed result of the page, not the html itself
19:24:18 <rhiaro> ... however it's challenging for the hub to reduce the html minus specific items, can't do it at the json level
19:24:22 <rhiaro> tantek: it could
19:24:24 <rhiaro> aaronpk: no
19:24:27 <rhiaro> ... it has to send html if the topic is that
19:24:36 <rhiaro> ... It's a lot more work
19:24:58 <rhiaro> ben_thatmustbeme: extensions for how to handle certain content types in smarter ways
19:25:04 <wilkie> the publisher would do that, not a hub?
19:25:09 <rhiaro> tantek, julien: subscriber has the same code no matter what
19:25:13 <rhiaro> aaronpk: maybe that's the way to word it
19:25:25 <rhiaro> ... If the hub is going to manipulate the contents, it must do so in a way that the subscriber does not have to change its behaviour
19:25:46 <rhiaro> sandro: if the subscriber in the subscriptionr equest could say trim feeds yes/no/don't care
19:25:51 <rhiaro> ... Can we add that?
19:25:54 <rhiaro> tantek: trying to add more features?
19:26:05 <rhiaro> julien: adds complexity
19:26:12 <rhiaro> ... Doesn't matter if the hub sends a full or truncated version
19:26:16 <rhiaro> ... as long as it does it in a subset way
19:26:50 <rhiaro> sandro: if I get an html page I din't know it has hentries on it, but the hub knows that and trims it, but I don't know it has h-entry, I'm screwed
19:27:02 <rhiaro> julien: yeah. Subscribers SHOULD NOT care wehther the feed is truncated or full. For RSS and Atom
19:27:14 <rhiaro> aaronpk: subscribers should not make any assumptions about whether the feed has been truncated or not
19:27:23 <rhiaro> tantek: reducing the scope to two specific content types
19:27:23 <sandro> -1 to triming HTML h-entry
19:27:29 <rhiaro> aaronpk: yes
19:27:32 <sandro> because it would screw up HTML without me knowing it
19:27:32 <tantek> q?
19:27:39 <wilkie> subscribers would just parse it and pull out anything it sees that's new
19:27:39 <tantek> sandro - sounds reasonable
19:27:49 <rhiaro> ... The only potential situation where we may want to reconsider the feature is with AS2 feeds because they are intended to work like RSS/Atom feeds, only json
19:27:57 <rhiaro> sandro: we could do an at risk thing around as2 and get some experience
19:28:25 <rhiaro> aaronpk: An AS2 object  has the same content type as a Collection
19:28:52 <rhiaro> julien: don't include it
19:28:54 <rhiaro> ... only RSS/Atom
19:29:01 <rhiaro> aaronpk: just saying AS2 this is probably going to come up again
19:29:10 <rhiaro> julien: RSS/Atom are not a good role model, do not mimic them
19:29:20 <rhiaro> eprodrom: just document existing practice where people send entries, and don't recomend it for other mime types
19:29:23 <rhiaro> ... I think that's fine
19:29:38 <rhiaro> sandro: maybe a sentence about a patch based extension some day
19:29:39 <rhiaro> various: no
19:29:46 <rhiaro> sandro: to head off all the comments
19:29:58 <rhiaro> julien: I can see how we might have comments but it's the opposite of a good idea, it adds so much complexity
19:30:05 <rhiaro> eprodrom: It in no way makes up for the bandwidth
19:30:18 <rhiaro> sandro: where do we say we've thought about it and that it's a bad idea
19:30:36 <rhiaro> ben_thatmustbeme: we can say we included it for legacy reasons, but don't do it for other content types
19:30:38 <rhiaro> ... in a note
19:31:08 <rhiaro> aaronpk: we're going to describe what RSS/Atom are doing for fat pings, describing actual thigns people may be receiving, and say they are there for legacy reasons and say you must not modify the topic URL for any other content types
19:31:13 <rhiaro> ... Hub should never modify it
19:31:18 <rhiaro> ... and subscriber sshould never assume it's truncated or not
19:31:26 <tantek> q?
19:31:29 <sandro> where "should" should be "must"
19:31:31 <tantek> ack tantek
19:31:31 <Zakim> tantek, you wanted to mention implementations of specific subset items vs at-risk for anything else
19:33:06 <ben_thatmustbeme> scribenick: ben_thatmustbeme
19:33:09 <tantek> ack rhiaro
19:33:09 <Zakim> rhiaro, you wanted to say evidence of wide review
19:33:27 <ben_thatmustbeme> rhiaro: one of the things for getting to CR is we need evidence of getting wide-review
19:33:39 <ben_thatmustbeme> ... we need to count the number of issues from outsiders
19:33:53 <ben_thatmustbeme> ... i've done a lot of this after the fact, and its easier to do it now
19:34:05 <ben_thatmustbeme> tantek: to that i would add that we should start the wiki page for that
19:34:14 <tantek> the CR transition wiki page for PubSub
19:34:19 <ben_thatmustbeme> rhiaro: activitypub has a really good wiki page for that, that might bne good to copy
19:34:58 <ben_thatmustbeme> ... it would be good to start capturing those now so we don't lose track of any of them
19:34:58 <sandro> The group is clearly RESOLVED even though Tantek doesn't want it on the record as a RESOLUTION.   Aaron has now documented it at https://github.com/w3c/pubsub/issues/27
19:35:19 <ben_thatmustbeme> <ben_thatmustbeme> sandro++
19:35:40 <sandro> RRSAgent, pointer
19:35:40 <RRSAgent> See http://www.w3.org/2016/11/17-social-irc#T19-35-40
19:36:00 <ben_thatmustbeme> tantek: this means we can go to outside groups and get them looking at the groups
19:36:55 <sandro>     For RSS and Atom, we will add a sentence like 0.3 had, describing how to deliver partial feeds with only the new items.
19:36:55 <sandro>     For other content types, the hub MUST NOT modify the document that it retrieved from the topic URL.
19:37:21 <ben_thatmustbeme> rhiaro: we need to find all the review from other groups and get those links together at least
19:37:38 <tantek> RESOLVED: aaronpk's proposal as documented at the comment https://github.com/w3c/pubsub/issues/27#issuecomment-261345764 (and as copy/pasted above by sandro)
19:38:15 <ben_thatmustbeme> tantek: note that this is in the IRC, and if that comment changes, they can see it there
19:39:46 <ben_thatmustbeme> discussion of getting reviews from other groups
19:40:10 <ben_thatmustbeme> rhiaro: i asked internationalization for review of the spec, we haven't done others yet
19:40:38 <ben_thatmustbeme> rhiaro: i can send the emails to accessibility and security
19:40:49 <ben_thatmustbeme> tantek: i think that brings us to the last big issue for pubsub
19:40:53 <tantek> https://github.com/w3c/pubsub/issues/10
19:41:05 <tantek> https://www.w3.org/wiki/Socialwg/push-name
19:41:13 <tantek> q?
19:41:28 <ben_thatmustbeme> tantek: last time we had no concensus
19:41:46 <ben_thatmustbeme> ... would anyone like to choose a name to advocate?
19:41:57 <ben_thatmustbeme> rhiaro: hubbub? it was a joke before but now i kinda like it
19:42:06 <eprodrom> https://gist.github.com/evanp/4b0ad60266fca915c54aa3e2310d79e4
19:42:14 <ben_thatmustbeme> aaronpk: what was the original problem with pubsubhubbub?
19:42:44 <ben_thatmustbeme> julien: it sounds like a joke, its hard to pronounce
19:42:51 <ben_thatmustbeme> ... it kind of was a joke
19:42:56 <wilkie> I like hubbub. it has grown on me immensely. or just keeping it PuSH. anything but pubsub lol
19:43:08 <ben_thatmustbeme> aaronpk: thats obviously totally valid criticism
19:43:37 <cwebber2> I'm ok with a change but I can live with pubsubhubbub :)
19:43:37 <ben_thatmustbeme> julien: i can live with anything at this point
19:43:59 <cwebber2> pshh
19:44:01 <ben_thatmustbeme> rhiaro: typing pubsubhubbub or PuSH are both horrible to minute
19:44:33 <ben_thatmustbeme> aaronpk: i agree with the points that have been brought up against pubsub
19:45:11 <KevinMarks> KevinMarks has joined #social
19:48:27 <ben_thatmustbeme> aaronpk: we can drop things that are have multiple people against
19:48:29 <eprodrom> Unfortunately I have to step away for 1h
19:49:18 <aaronpk> oh yeah sorry. i can try calling into the conference line
19:50:31 <KevinMarks2> KevinMarks2 has joined #social
19:50:58 <cwebber2> q+
19:51:14 <eprodrom> tantek: unfortunately I have to step away until after 4
19:52:49 <aaronpk> i can't find the conference number, hang on
19:54:11 <aaronpk> found it
19:56:47 <aaronpk> sorry cwebber2 sandro is starting the meeting
19:57:19 <aaronpk> i didn't realize it wasn't always active
19:59:09 <aaronpk> cwebber2, i'm in now
20:03:37 <ben_thatmustbeme> <ben_thatmustbeme>
20:03:59 <ben_thatmustbeme> <ben_thatmustbeme> +1 to any item not crossed out on the board
20:05:50 <cwebber2> wilkie, btw, not sure you noticed ^^^
20:10:48 <KevinMarks2> Hm, I'm late here, but didn't as1 solve pagination of a list of items with the subset expressed?
20:12:55 <aaronpk> what issue is that about?
20:14:18 <KevinMarks2> The discussion of feeds of items in pubsub
20:14:35 <aaronpk> oh, sure, but it's a new feature from the perspective of PubSub and we are trying to not add new features if possible
20:16:01 <wilkie> I think PuSH just needs to operate at the item level and not the feed level and that "fat pings" are just the sending of multiple yet distinct entries instead of trying to syndicate a feed which is apparently impractical/unnecessary
20:16:06 <wilkie> so maybe that's an extension
20:16:29 <ben_thatmustbeme> tantek: i've udpated the wiki page with candidates and rejected
20:17:22 <cwebber2> I don't really care anymore :)
20:17:27 <cwebber2> pick a name!
20:18:26 <ben_thatmustbeme> tantek: we are agreeing to reject all those others and we are not going to revisit those
20:18:28 <wilkie> I like hubbub. it sounds reasonably ambiguous and apolitical
20:18:45 <wilkie> anything but pubsub
20:19:09 <ben_thatmustbeme> ... we will choose from those 3 or any new ones
20:20:18 <julien> julien has joined #social
20:20:46 <KevinMarks> KevinMarks has joined #social
20:20:56 <cwebber2> is it time to bring out my dice
20:21:11 <cwebber2> we can narrow this down fast with some dice rolls
20:21:19 <ben_thatmustbeme> PROPOSED: We reject all pre-exisitng names before today, and we will pick from between WebSub, WebSubscribe, and WebFollow barring any new better names
20:21:31 <julien> WebSubscribe++
20:21:31 <Loqi> websubscribe has 1 karma
20:21:39 <tantek> +1
20:21:46 <julien> +1
20:21:49 <rhiaro> +1
20:21:55 <aaronpk> +1
20:21:56 <sandro> +1
20:21:57 <wilkie> +1
20:22:20 <cwebber2> +1
20:22:35 <mattl> +1
20:22:59 <ben_thatmustbeme> RESOLVED: We reject all pre-exisitng names before today, and we will pick from between WebSub, WebSubscribe, and WebFollow barring any new better names
20:26:17 <ben_thatmustbeme> PROPOSED: add aaronpk as a co-editor for PubSubHubbub / PubSub / whatever we name it
20:27:28 <ben_thatmustbeme> <ben_thatmustbeme> +1
20:28:25 <rhiaro> +1
20:28:25 <aaronpk> +1
20:28:28 <ben_thatmustbeme> RESOLVED: add aaronpk as a co-editor for PubSubHubbub / PubSub / whatever we name it
20:28:37 <ben_thatmustbeme> tantek: i'm not hearing any objections
20:28:46 <ben_thatmustbeme> ... could you prepare a new WD?
20:29:24 <ben_thatmustbeme> aaronpk: i think after we get through the stuff we discussed today, I publish a new WD
20:30:51 <ben_thatmustbeme> julien: i can probably get the changes proposed done for next tuesday which will then be available to publish a new WD
20:31:33 <aaronpk> http://pin13.net/echidna/
20:32:34 <ben_thatmustbeme> tantek: we should resolve the new name before we publish the new WD
20:33:45 <ben_thatmustbeme> TOPIC: break until 3:45
20:40:49 <swwg_laptop_> https://docs.google.com/document/d/1gfCzLKbH8iVT1MviEU_5Mcgh-OdBtllp5bKZUcgOfuA/edit
20:52:08 <cwebber2> pubsubdubstep
20:57:05 <cwebber2> I said I wanted to go after micropub
20:57:18 <sandro> do you still?
20:57:25 <cwebber2> I don't care really now
20:58:08 <ben_thatmustbeme> scribenick: ben_thatmustbeme
20:58:40 <ben_thatmustbeme> TOPIC: micropub
20:59:01 <sandro> scribenick: sandro
20:59:09 <sandro> tantek: test suite status?
20:59:12 <aaronpk> https://micropub.rocks/reports
20:59:28 <sandro> aaronpk: It covers every feature
20:59:40 <sandro> .. of servers
20:59:50 <sandro> .. you could test clients
21:00:06 <sandro> tantek: do you have a plan?
21:00:14 <sandro> .. for testing clients
21:00:27 <sandro> aaronpk: I have a rough outline, in an issue
21:00:31 <sandro> tantek: timeline?
21:00:52 <sandro> aaronpk: I've let this sit while working on pubsub
21:02:27 <sandro> tantek: getting to CR seems like the priority
21:02:53 <sandro> tantek: implementation report templates set up, etc
21:03:00 <sandro> aaronpk: I'd like it to be automatic
21:03:15 <sandro> aaronpk: but that's an additional step
21:03:26 <ben_thatmustbeme> q+
21:03:29 <sandro> .. I could make a manual checklist quickly
21:03:40 <sandro> sandro: why get to CR quickly
21:05:31 <sandro> sandro: I suggest we have the test suite in nice shape before we outreach to existing imeplentations
21:05:32 <tantek> q?
21:05:34 <tantek> ack cw
21:05:48 <cwebber2> oops
21:05:49 <cwebber2> q-
21:05:53 <sandro> .. make the story be "There's finally a test suite!  Try it!"   No need to even read the spec.
21:05:55 <tantek> ack ben_thatmustbeme
21:06:18 <sandro> ben_thatmustbeme: Do we have an impl report for mp that's not in the test suite?
21:06:38 <sandro> aaronpk: If you go to the site you can see what everyeone's done.
21:06:43 <sandro> ben_thatmustbeme: do we want one?
21:06:52 <sandro> sandro: *shrug*
21:07:19 <sandro> ben_thatmustbeme: if we have an offline one, a template, then people have more options
21:07:31 <sandro> aaronpk: I have to write it first anyway; I can publish it
21:08:38 <tantek> eprodrom returns
21:09:23 <sandro> aaronpk: I'll write pubsub impl template first, then finish test suite for pubsub, then finishih autmatic impl report submission for pubsub,
21:09:30 <sandro> .. THEN go backt o micropub and add client tests
21:09:34 <sandro> .. with impl report
21:10:22 <sandro> aaronpk: I'm moving soon
21:10:30 <sandro> .. so next week is out
21:11:45 <sandro> tantek: goal one - get pubsub to CR, maybe with a nice test system
21:11:49 <sandro> .. try by end of year
21:12:16 <sandro> .. so resolve CR within 19 days - by Dec 6)
21:12:39 <sandro> aaronpk: that's a bit of a stretch
21:13:31 <sandro> tantek: with publication Dec 15
21:14:33 <sandro> julien: Google has a hub, and WordPress has multiple hubs
21:15:12 <sandro> julien: AMP might be a way to show Google the value here
21:15:42 <sandro> julien: AMP has no distribution mechanism -- it's aggressive fetching
21:16:25 <sandro> tantek: google is crawling amp pages, and if they could subscribe, that could be good
21:17:13 <sandro> julien: because they're serving the cached content, they crawl often, like on average four times per day
21:17:36 <KevinMarks> Well, Google is crawling everything.
21:18:01 <sandro> tantek: I don't want to hold up for hub testing
21:18:25 <sandro> aaronpk: Yes, I'll focus on auto submission of consumer and producer tests.
21:18:33 <sandro> tantek: and they hub tests can be done during CR
21:18:49 <sandro> tantek: closer to pubsub CR in December?
21:18:58 <tantek> by Dec 6
21:19:21 <sandro> aaronpk: Yes.   I can have this ready for users by Dec 15
21:19:50 <sandro> tantek: document edits too?
21:19:57 <sandro> aaronpk: yep
21:20:25 <sandro> tantek: pubsub to CR is priority.    then micropub.
21:20:55 <sandro> aaronpk: then I can go back to hubs
21:22:11 <sandro> aaronpk: 1.5 - 2 weeks
21:22:43 <sandro> aaronpk: client test -- walks you through what you need to tell the client to do, and then knows on the server what's been done.
21:22:57 <sandro> sandro: sounds fun/compelling
21:23:13 <sandro> aaronpk: yes, check boxes are very motivating
21:23:23 <sandro> tantek: where are we on server tests?
21:23:39 <sandro> aaronpk: five implementation reports.    four other than me.
21:23:46 <sandro> aaronpk: three outside wg
21:24:05 <sandro> aaronpk: interop : every feature has two or more implementations.
21:24:36 <sandro> .. everyone supports everything, except my server doesn't do alt text yet.
21:24:57 <sandro> tantek: any non-editorial issues raised?
21:25:02 <sandro> aaronpk: no
21:25:02 <tantek> https://github.com/w3c/Micropub/issues
21:25:28 <sandro> aaronpk: still waiting for response about alt-text from a11y group
21:25:45 <tantek> https://github.com/w3c/Micropub/issues/34
21:26:05 <sandro> tantek: Can you add to issue-34 what we just discussed about MP server implementations, and see if that spurs a response
21:28:17 <sandro> tantek: Our expectation is to exit CR on MP in January
21:28:48 <sandro> .. because we're there on the servers; don't yet know about the clients
21:29:17 <sandro> aaronpk: There are several clients, but I don't know if we have two that support editing
21:29:54 <tantek> q?
21:30:53 <sandro> topic: ActivityPub CR
21:31:24 <sandro> eprodrom: How are we on testing?
21:31:36 <sandro> cwebber2: I still need to write the test infrastructure
21:31:41 <sandro> .. or impl report template
21:31:52 <sandro> .. we just hit CR and I haven't done that stuff
21:32:17 <sandro> eprodrom: Are you planning to use activtypub.rocks/test for the testing?
21:33:00 <sandro> cwebber2: I might have folks download stuff and run things locally, but I like what Aaron's been doing,
21:33:09 <sandro> eprodrom: esp with automated implementation report
21:33:33 <sandro> eprodrom: so you're building that out.   do you need any guidance?
21:33:39 <tantek> chair: eprodrom
21:33:50 <sandro> cwebber2: I think I just need to do it.   If I need to, I'll reach out.
21:33:58 <sandro> .. I haven't started, so not sure
21:34:12 <sandro> eprodrom: test for clients and server?
21:35:05 <sandro> eprodrom: web based client
21:35:38 <sandro> aaronpk: my testing tool can't always tell if the right end result happened, so it asks the user, with a check box, like "Does the photo now appear...."
21:35:57 <sandro> .. the test tool becomes the consisten payload sent to the server, then have the human check the box, if you can't tell
21:36:03 <sandro> .. still very very helpful
21:36:19 <sandro> cwebber2: Okay, I'm planning to move forward, now that other things are cleared off
21:36:28 <sandro> eprodrom: implementation report template?
21:36:42 <sandro> cwebber2: yep, will do
21:36:58 <sandro> eprodrom: Outstanding issues?
21:37:04 <sandro> cwebber2: all editorial
21:37:08 <cwebber2> https://github.com/w3c/activitypub/issues
21:37:17 <KevinMarks> KevinMarks has joined #social
21:37:36 <sandro> cwebber2: except for change tracking, which we said it out-of-scope, all of these are editorial
21:37:55 <sandro> cwebber2: I plan to handle them before CR
21:38:00 <sandro> s/CR/PR/
21:38:13 <sandro> eprodrom: Anything we can help with?
21:38:29 <sandro> cwebber2: could use clarification on questions from pump.io
21:39:04 <sandro> cwebber2: they're thinking of doing the re-write -- would that count as independent implementation?
21:39:06 <sandro> eprodrom: yes
21:39:08 <sandro> sandro: yes
21:39:28 <sandro> cwebber2: got a pile of things to do
21:39:34 <sandro> eprodrom: implementations?
21:39:46 <sandro> cwebber2: pubstrate is mine
21:39:53 <sandro> eprodrom: pump.io as a second one
21:40:13 <rhiaro> hackertribe
21:40:19 <sandro> cwebber2: someone said something, ... hackertribe
21:40:33 <sandro> .. dunno if they've started
21:40:57 <sandro> .. other than that, we also have Amy's work, and BenGo started something.
21:41:05 <sandro> .. those are what I know of
21:41:16 <sandro> .. I haven't started converting MediaGoblin
21:41:29 <sandro> sansdro: connection between MG and pubstrate?
21:41:37 <csarven> beep beep beep
21:41:43 <sandro> cwebber2: None.   pubstrate is a clean codebase.
21:42:20 <sandro> sandro: what about gnusocial?
21:42:23 <sandro> cwebber2: I dunno
21:42:31 <sandro> eprodrom: Diaspora?   Friendica?
21:43:01 <KevinMarks> Mastodon?
21:43:19 <sandro> cwebber2: Diaspora-- we had Jason Robinson for a while -- I think he lost some time, and was disappointed we didnt do signatures, but we did address some things, so they COULD implement them
21:43:26 <sandro> .. no commitment they will
21:43:33 <sandro> .. but I heard they were maybe doing their own stuff
21:44:00 <sandro> .. I got the impression they had gone a different direction
21:44:05 <sandro> eprodrom: one way to find out!
21:44:11 <KevinMarks> Mastodon.social interoperates with gnu social
21:44:17 <sandro> cwebber2: yes, worth a try, I'll reach out
21:44:23 <KevinMarks> And supports pubsubhubbub
21:44:29 <sandro> eprodrom: wordpress, other publication apps
21:44:46 <sandro> cwebber2: gitlab maybe
21:45:31 <rhiaro> cwebber2: mattl is in the WG and works for gitlab. He was here earlier but just left
21:45:35 <sandro> sandro: (mastadon.social)
21:46:08 <sandro> cwebber2: Great, I'll do some outreach!
21:46:37 <sandro> eprodrom: timing?
21:47:22 <sandro> eprodrom: to implementations of each feature....    pubstrate + pump.io ...
21:47:53 <sandro> strugee,
21:48:15 <sandro> cwebber2: strugee sounds energized to run with it in pump.io
21:48:36 <sandro> eprodrom: think we'll have the testing system up in a couple weeks?
21:48:41 <KevinMarks> You typoed it, sandro
21:48:57 <sandro> cwebber2: that would be nice.   I also have some contracting work.
21:49:51 <sandro> cwebber2: a couple weeks is probably over optimistic, but I'll try
21:51:04 <sandro> cwebber2: January for AP CR-exit, not impossible, but I wouldn't give a confident commitment.
21:51:34 <sandro> .. the whole gammut probably by the end of January, but probably not the beginning of January
21:52:01 <sandro> cwebber2: I think February is feasible
21:53:28 <sandro> eprodrom: that's it for AP, and we're done for the day
21:54:30 <sandro> rhiaro: We've all been invited to an art party thing after dinner
21:54:34 <wilkie> but what do we call dinner?
21:54:45 <aaronpk> PubSubYumYum
21:54:47 <KevinMarks> s/mastadon/mastodon/
21:55:03 <wilkie> aaronpk++
21:55:03 <Loqi> aaronpk has 69 karma in this channel (1141 overall)
21:55:13 <wilkie> anything but PubSub
21:55:22 <tantek> time for YumYum
21:55:29 <wilkie> enjoy
21:55:32 <sandro> rhiaro: dinner at VeggieGalaxy, then people can hop on T to party or wherever
21:55:39 <KevinMarks> I was going to suggest "flowpast" as a pubsubhubbub name, but looks like Google expired the domain on me
21:59:12 <cwebber2> strugee: eprodrom said he'd stay out of your way so it can be an independent implementation :)
21:59:50 <strugee> excellent. I read some of the log but must have missed that part
22:00:28 <cwebber2> eprodrom might have just said it on the call :)
22:00:52 <sandro> strugee, eprodrom says: "please thunder forward as fast as you can!"
22:00:56 <sandro> (reading over my shoulder)
22:01:04 <strugee> hahahahaha
22:01:08 <Loqi> nice
22:01:09 <strugee> I LOVE it
22:02:11 <strugee> eprodrom++
22:02:11 <Loqi> eprodrom has 41 karma in this channel (42 overall)
23:26:24 <jasnell> jasnell has joined #social
23:26:27 <jasnell_> jasnell_ has joined #social