17:58:53 RRSAgent has joined #social 17:58:53 logging to http://www.w3.org/2017/01/03-social-irc 17:58:55 RRSAgent, make logs public 17:58:55 Zakim has joined #social 17:58:57 Zakim, this will be SOCL 17:58:57 ok, trackbot 17:58:58 Meeting: Social Web Working Group Teleconference 17:58:59 Date: 03 January 2017 17:59:04 present+ sandro 17:59:15 KevinMarks2 has joined #social 17:59:44 tantek has joined #social 18:02:17 hmm - I didn't see anyone create https://www.w3.org/wiki/Socialwg/2017-01-03 18:03:11 present+ 18:04:28 present+ 18:06:25 no official telcon today, but we are unofficially on the call discussing https://github.com/w3c/webmention/issues/84 18:08:25 present+ 18:08:33 present+ 18:10:22 yes 18:10:28 I didn't hear 18:10:32 was plugging in my headphones 18:10:51 https://github.com/w3c/webmention/issues/84 18:12:11 Proposing inserting second bullet point to 4.1: 18:12:26 • Receivers MUST verify Webmentions per section 3.2.2 18:12:27 yeah, i think that makes sense. 18:14:06 Also, move "* Receviers MAY periodically..." to the end of the list 18:15:41 yes, change 'publish' to 'display' 18:16:00 CSRF Is 18:16:06 4.4 18:16:44 i don't see anything about re-verify anywhere 18:16:59 that's a different CSRF 18:17:10 And also, reword "* If a receiver chooses to publish ..." to "* If a receiver chooses to display ..." and move it to right before "* Receivers MAY moderate ..." 18:21:19 cors uses non-normative for CSRF https://www.w3.org/TR/cors/#refsCSRF 18:21:20 sounds good to me, I don't think we need a resolution here either 18:22:05 haha wat. that's an informative reference to an email in a mailing list?! 18:22:11 nice 18:22:15 yeah.... :/ 18:23:50 https://www.w3.org/TR/epr/ even this ... thing. doesn't even have any references to CSRF or XSS 18:23:52 [David Ross] Entry Point Regulation 18:24:19 this looks like a pretty good reference https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet 18:24:32 hey this looks better :P https://en.wikipedia.org/wiki/Cross-site_request_forgery 18:25:04 owasp? 18:25:14 https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) 18:25:16 pretty well known secuity site 18:25:19 no I have :) 18:25:33 i have heard of it before as well 18:25:42 only in passing 18:25:55 https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet 18:26:11 *blinks* 18:26:23 2.84.14 lol 18:26:37 thats a lot of ... yeah 18:26:49 https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) 18:27:19 +1 18:27:23 +1 18:27:28 timbl has joined #social 18:27:50 https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) 18:28:13 and no, i could not find anything referenced for XSS 18:28:56 https://www.owasp.org/index.php/XSS might be more robust 18:29:16 thats the same page 18:29:20 redirect 18:33:43 https://media.aaronpk.com/Screen-Shot-2017-01-03-10-33-40.png 18:33:43 i feel like the security group should publish some note explaining such things, just so there is a normative reference to it 18:33:49 https://media.aaronpk.com/Screen-Shot-2017-01-03-10-33-48.png 18:34:05 I think it's better to cite the expanded URL, the expansion makes it more readable even without clicking 18:34:22 agreed 18:36:04 lol 18:36:07 sandro++ 18:36:07 sandro has 33 karma in this channel (38 overall) 18:41:25 https://media.aaronpk.com/Screen-Shot-2017-01-03-10-41-18.png 18:43:22 "have we finished bikeshedding 4.1 yet" ~tantek just before bikeshedding order more 18:43:36 :P 18:44:47 ben_thatmustbeme: what I was talking to myself included ;) 18:45:05 (this is what chairing does to your brain) 18:46:58 yes, aaronpk is an overachiever 18:47:56 https://media.aaronpk.com/Screen-Shot-2017-01-03-10-47-54.png 18:48:22 +1 18:48:23 +1 18:48:31 +1 18:48:53 +1 seems good 18:50:51 editor's draft is updated https://webmention.net/draft/ 18:50:53 [Aaron Parecki] Webmention 18:52:52 https://webmention.net/draft/#changes-from-01-november-pr-to-rec 18:58:05 sandro: https://github.com/w3c/webmention/commit/6a20994c28ff8ee53e84878206ae4ba67eb88ecb 19:00:09 we had said we would do them once a month in the new year 19:00:46 +1 for a meeting next week and starting that as our one for the month 19:01:46 I'll be around next week 19:01:56 aaronpk, let me know when the 1/5 draft is staged.... 19:02:11 it's there. same URLs as before. 19:03:01 cwebber: can you be on earlier next week? 19:03:10 just making sure 19:03:24 central time, and I can be on earlier 19:03:44 could we do 2 hours earler? 19:05:12 2 hours earlier could work for me 19:05:28 I mean, I could also do 2.5 hours earlier :P 19:05:31 someone should email evan and julien 19:05:38 especially 19:06:19 current time is during lunchtime for me :) 19:06:22 so moving it back works 19:06:48 cwebber, yeah, most weeks i am eating during the meeting 19:07:17 I'm not usually eating, though during boring parts sometimes I do unload the dishwasher ;) 19:11:25 logged an informal summary here: https://www.w3.org/wiki/Socialwg/2017-01-03 19:11:55 prefers 19:12:03 since the change is mainly for her 19:12:12 and it may break schedules for others 19:14:17 go go go, first REC of the new year 19:15:41 https://www.w3.org/TR/2017/WD-html-aria-20170103/ 19:15:44 [Steve Faulkner] Accessible Rich Internet Applications in HTML 19:15:48 oj, just WD 19:15:56 view-source:https://www.w3.org/TR/ 19:16:01 and searching for 2017 19:16:44 tantek: https://www.w3.org/2016/12/open-web-platform.html.en 19:17:25 bye 19:18:44 I've taken the CSS logo on w3.org complaints to #css 19:18:50 to see if anyone there is paying attention 19:37:23 aside: this is pretty cool https://www.owasp.org/index.php/About_OWASP 20:38:10 timbl has joined #social 20:38:45 Zakim has left #social 20:38:57 bye 20:43:13 KevinMarks has joined #social 20:55:44 KevinMarks has joined #social 22:57:09 KevinMarks2 has joined #social