Socialwg/2016-10-04-minutes

From W3C Wiki

Social Web Working Group Teleconference

04 Oct 2016

See also: IRC log

Attendees

Present
rhiaro, sandro, aaronpk, tantek, annbass, ben_thatmustbeme, cwebber, csarven, julien, akuckartz, bengo, wilkie
Regrets
Chair
eprodrom
Scribe
rhiaro



<aaronpk> good morning

hola aaronpk

<julien> hey. do we have the call today?

<sandro> Yes

<cwebber2> hi, dialing in

<julien> what's the dial in info?

<tantek> good morning #social!

<aaronpk> i'll PM you julien

<aaronpk> oh good, I see we have "spotty wifi" on the call

<bengo> k

<ben_thatmustbeme> preset- call (spotty wifi)

<aaronpk> tantek++

<Loqi> tantek has 306 karma (47 in this channel)

<eprodrom> hi all

<annbass> yo eprodom

<sandro> eprodrom, you on phone?

<cwebber2> I should have put AP on the agenda

<cwebber2> anyone mind if I toss it on now?

<tantek> cwebber2: still time to do so - add to end of discussion items

<annbass> hi julien

<eprodrom> I am now

<ben_thatmustbeme> do we have a scribe?

<eprodrom> PROPOSAL approve https://www.w3.org/wiki/Socialwg/2016-09-13-minutes as minutes for 9/13/2016 meeting

I normally go through and clean the f2f minutes up but I haven't had chance to do that yet

<scribe> scribenick: rhiaro

<tantek> rhiaro - shall we postpone f2f minute approval to next week then?

<eprodrom> +1

<cwebber2> +1 with endorsement for rhiaro to do any cleanup she feels like if she wants to still

<aaronpk> +1

eprodrom: please review Sep 13 minutes

<rhiaro> +1

<annbass> +1

<tantek> +1

<wilkie> +1

<csarven> +1

<eprodrom> RESOLVED approve https://www.w3.org/wiki/Socialwg/2016-09-13-minutes as minutes for 9/13/2016 meeting

eprodrom: For the f2f minutes it sounds like based on irc discussion that they haven't been cleaned up yet and tantek suggested that we postpone til next week
... any objections to that?
... Okay, postponed to next week

<eprodrom> TOPIC November face-to-face details

Next f2f

UNKNOWN_SPEAKER: Planning on doing our last f2f in November
... Sandro?

sandro: at the last f2f we worked through dates and possibilities and came to Nov 17 and 18 in Boston or SF
... I mentioned that on email and people expressed preferences to Boston
... tantek and I talked this over, so unless someone has a last mintue problem with boston vs SF, that's what we'll do
... Anyone?
... eprodrom, you're the one haven't heard from

eprodrom: isn't that thanksgiving?

tantek: week before

aaronpk: thanksgiving is the 24th

eprodrom: then no problems, let's do it

tantek: get +1s?

<annbass> +1 .. altho not sure I'll make it

<eprodrom> PROPOSED f2f meeting on 17 and 18 Nov 2016 in Boston

<sandro> +1 I'll be there (hosting)

<eprodrom> +1 will attend

<ben_thatmustbeme> +1 will be there in person

<cwebber2> +1 (and I intend to attend)

sandro: on your +1s say whether you expect to attend

<aaronpk> +1 will attend

<tantek> +1 will attend

<wilkie> +1 will attend

<rhiaro> +1 will attend pending funding

<cwebber2> just got booted from call

<cwebber2> re-calling

<eprodrom> RESOLVED f2f meeting on 17 and 18 Nov 2016 in Boston

<wilkie> rhiaro: boston is easy!

eprodrom: any other discussion we need to have about this?

<annbass> thanks tantek

tantek: I can create the boilerplate wikipage and sandro can update as host

<cwebber2> back

sandro: It'll be in the room called Kiva at MIT

<ben_thatmustbeme> When reading the minutes, i'm assuming its okay to have a 4th F2F in a year?

<sandro> Meeting will be in G449 (Patil/Kiva room)

<cwebber2> it would be nicer if the group had an extension and we could meet in early 2017 ;)

tantek: the charter says we should have 3 per year, so if anyone wants to object they can
... but we haven't had any objections so far
... but if anyone does feel strongly we should not meet, please speak up, it's your right per the charter

<eprodrom> TOPIC Micropub update

aaronpk: just a quick update. I did the security and privacy review for it and that's not incorporated into the latest ED

<aaronpk> https://micropub.net/draft/#security-and-privacy-review

<Loqi> [Aaron Parecki] Micropub

aaronpk: Would love some feedback on that
... One thing from that is it seems to be written assuuming the thing being reivewed is written as part of the browser, so some of the questions were challenging in that context
... The other micropub update is that I've been making progress on the test suite
... micropub.rocks is up and running now
... It has tests for creating posts in form encoded and json, and also updating
... just working through tests based on the issues

<aaronpk> https://micropub.rocks/

aaronpk: So if you do have a micropub implementation please feel free to take a look at that
... The other thing point out is that it stores the test results itself so creating the implementation report summary will be easier becasue allt he data will be in that website already

eprodrom: that's excellent, what a good idea
... how do you format it?
... is it a copy and paste kind ofthing?

aaronpk: It's just stored, each test has a nubmer so I can store whether it passed or failed each test
... So I'll be able to generate that in whatever format we need

eprodrom: any more on micropub?

<Zakim> tantek, you wanted to discuss security reviews browser vs what we spec

tantek: the thing about the security and privacy questionnaire mostly sounding like it's been written from a browser perspective is accurate
... that was the driving force behind writing it up
... getting editors aware of security and privacy implications implementing w3c specs in the browser
... but we shoould be interpreting those questions liberally
... and think about the intent, what are they getting at in terms of vulnerabilities
... so even if it seems like it's browser specific, broaden the scope of that in your mind and consider what is the equivalent from the server perspective as well
... concerns about cookies, or implementations being stored on the browser, eg. for private browsing mode
... the equivalent for a server would be the server maintaning user data or stats or cookies or logs which are actually important to call out
... in some juristictions there are rules about that
... eg. europe, the ability to be forgotten by the server
... anything that sounds browser specific, think about what it measn for the server to have to do the equivalent
... I'll take a look at those answers and in places where some feedback will help with the privacy and security questionnaire I'll also push some of thsoe changes to the questions upstream and update the questionnaire itself
... It'll help to have examples in our specs where we're doing that

<eprodrom> TOPIC Webmention update

<eprodrom> I hear it too

<aaronpk> https://webmention.net/draft/#security-and-privacy-review

<Loqi> [Aaron Parecki] Webmention

aaronpk: Did the security and privacy questionnaire for webmention as well

<AdamB> i hear it a little, not too much

aaronpk: would love feedback on results

<aaronpk> https://docs.google.com/spreadsheets/d/1kH385v6skHbMre_bmz1Vyma8BDemt7WHlM0ZQwVXBOo/edit?usp=sharing

aaronpk: the other thing with webmention is I took all of the implementation reports that are submitted and complied into a spreadsheet
... there are 8 senders and 7 receivers recorded
... what I did is marked for each test whether the person had reported it passing
... and column B is the percent of implementatons that passed each test
... With senders they're all essentially 75% and higher implemented.
... With receivers, everything except 2 features have more than one implementation, marked in yellow

<sandro> +1 Bravo aaronpk Very Nice

<eprodrom> Thumbs up

aaronpk: they're the only two that are red flags for those features
... very happy to see there are already 2+ implementations of everything in the sepc

eprodrom: impressive
... private webmention?

aaronpk: after the f2f we had an indiewebcamp in brighton
... a few of us brainstormed extension to webmention that would allow it to work for URLs that require access control
... My hackday project was to write it up as a spec

<aaronpk> https://indieweb.org/Private-Webmention

aaronpk: this is written as an extension
... a couple of extra things before the webmentino processing, then it hands off to regular webmention processing
... excited about this, and we already have implementations started
... three combinations of sending and receiving right now
... happy to be able to say that there will be an answer to how webmention works with private content
... once it has more implementations we'll add it to the list of extensions on the spec

eprodrom: So I've made a post, you've sent me a webmention and I'll show the response... is the intention that the response would not be shown on my site?

aaronpk: that's typically how webmentions are used, but similar to how the webmention spec doesn't actually say you have to show a comment, it leaves that out, and the goal of this spec is getting the verification to work
... a separate issue is what people do with that
... my intent is not to specify how or when peopel should show comments
... that will depend on why the post is private and what audience it's for
... I expect now that implementations would not show them as comments except maye for the owner of the site
... but I want to leave that open for more intelligent display of received comments
... the whole goal o fthis spec was to get the verification to work with authenticated content

eprodrom: specifying the intention early might be good to avoid mistakes
... if I were to send you a webmention form my site and my intention is that it would have the same access control as I have on my site
... if I haven't made it public to the whole world, you wouldn't make it public to the whole world either. If you did do that it would be contrary to my intention
... What scenario would there be where I have it private on my site but you can make it public on yours?

aaronpk: I would expect it to have the same access control as the source
... I don't want to get into ACL stuff with this, but I would epxect that anyone in the group who could see the original could see the comment on the other site as well

eprodrom: it seems like being more conservative in this case might be better, but it's obviously up to you how people use it
... but sounds very interesting
... Anything else?

<cwebber2> nope

<cwebber2> refresh!

ActivityPub update

<cwebber2> http://w3c.github.io/activitypub/

cwebber2: There have been a number of changes to AP and when we spoke at the f2f we talked about publishing a new WD
... There's a new ED with a changelog of all the changes
... Probably the biggest change is adding the soure field stuff as discussed at the f2f, and adding that and the binary data mechanism as at risk
... Other than that mostly editorial
... but I would like to propose releasing a new WD

<tantek> link to change log?

<cwebber2> http://w3c.github.io/activitypub/#changes-from-13-september-2016-to-present-version

PROPOSAL: Publish new WD of ActivityPub

<cwebber2> +1

<eprodrom> +1

<sandro> +1

<rhiaro> +1

<annbass> +1

<akuckartz> +1

<wilkie> +1

sandro: the plan is still to vote on CR a week from now?

cwebber2: yes that's the plan

<bengo> +1

<aaronpk> +1

tantek: the changes look really good
... my outstanding question regarding voting for CR next week is I did see a bunch of the i18n folks filing issues, do you expect to have responses to those by next week?

<tantek> +1 publish new WD!

cwebber2: I've already closed 1, and the other 2 I know what's happening, so I'm pretty confident

RESOLUTION: Publish new WD of ActivityPub

cwebber2: Bringing AP to CR and the steps I'm taking towards that
... I am working to make sure that everythign is in the right state for ??
... security and privacy section was added, planning on adding to the CR wiki page
... I'm not sure if this should be on the document itself, the testing plan
... I do have a general sense of what that's gonna be
... I have also sent the requests for horizontal review, and we've already got responses from i18 and a11y (off list)
... I'm not sure when it will be on list
... they're fine with it
... that's good news
... I've sent out stuff for wide review and I've been starting to get feedback, and going to make a mediagoblin blog post to day and asking our donors for additional review
... we've already got a good amount, not all on the wiki page yet

<cwebber2> https://www.w3.org/wiki/Socialwg/ActivityPub_wide_review

cwebber2: will be working on that today, and collapsing tha tpage into the CR page on the wiki
... I have been getting feedback, the majority was people concerned about the cryptographic integrity of the document
... so this might be partly because of the people who are paying most attention to AP are in the federated social web space and are concerned about decentralisation from that kind of perspective
... there were a couple of peopel from diaspora who had weighed in before, that were about how diaspora has done sigantures and asking that we do the same
... I don't think signatures are going to make it in, but I've left text on how that might be done
... Cleared it up so the method of verification is left open
... That was surprising so far, but they seem very interested in that
... And some other feedback I'll be getting to over the week
... I'm pretty confident about us being able to hit CR next week

eprodrom: good news. Anything more?

<cwebber2> eprodrom, tantek is on the queue

<Zakim> tantek, you wanted to ask if signatures could be done as an extension? and does this relate to private webmentions at all? should it?

tantek: I tried to follow some of those conversatiosn about signatures, I think you're doing the right hting Chris, but is that something we could write up or add later as an extension?
... That if servers decided to adopt that extension they'd have some way of discovering that they are talking to someone who supports signatures?
... And potentially satisfy the commenter concerns in that way?
... Part 2 of this question is from hearing aaron's discussion about private webmention, is there / shoulld there be relation?
... or is that only high level?
... you two can figure that out

cwebber2: Yes I think it can be done as an extension
... I'm interested in continuing that conversation
... Especially after the group winds down
... We've all elft this space open in our specs
... to leave verification somewhat ambiguous with some proposed methods for doing so
... the most basic being checking the source content. But having left it open we can define that as an extension and make sure it's compatible going into the future
... So yes I'm interested in collaborating with aaron and anyone who is interested
... and whether or not it applies to the private messaging stuff
... it definitely applies there, and as a means of verification, another place where it was brought up is that some of you might remmeber that amy and I put a mechanism for forwarding messages into the AP spec so you wouldn't have the problem that pumpio currently has
... where if you send a message to someone' sfollowers and someone replies and people up the chain don't see it

<eprodrom> I got kicked off the call

<eprodrom> One moment

cwebber2: so weh ave a forwarding mechanism but without a clear way of identifying that a message really came from that person
... the disapora people emphasised that
... it's an interesting point, they really rely on that
... there are multiple reasons to want that, but we don't need to solve that in the time of this group, we can work on it going forward

tantek: we are talking about the winding down of the wg, but after the f2f we did agree to start a CG and this is a perfect candidate to be discussed
... and worked on in the context of that CG
... that's the right thing to do
... we figured out a bunch of things, and we're taking them to CR, and anything else is a bit more experimental and that's the perfect use of a CG is to take this ideas and start to incubate them there
... without a particular timeline or deadline
... which is nice
... and if at some point in the future we have enough critical mass tow rite up normatively we can go through another wg process
... but I don't want to get ahead of myself
... Just for folks who weren't at the f2f, we did decide to create a CG
... and transition any new work into that CG
... we agreed not to start any new drafts at the f2f
... so we do have a continuity story, just not in this WG

<eprodrom> TOPIC Activity Streams

eprodrom: i had a task to take on some of the outstanding bugs on the validator
... I'll be doing that this week

<cwebber2> oh

eprodrom: And that takes us to the end. Anything else?

<Zakim> annbass, you wanted to say something about next steps (when this topic is done)

annbass: We agreed at the f2f to start a CG to continue the follow on

<julien> Maybe PubSubHubbub? (not that I have nything special to say though...)

annbass: I've been chatting with akuckartz who is cochair of the federated socweb CG (with evan) and andreas questions if we should close that or repurpose that

<cwebber2> notably I also surprisingly bumped into https://www.w3.org/community/activitypub/ today :)

annbass: we can continue to conversation on the followon by email
... andreas says there are people in that CG who are interested and might want to re-engage

<ben_thatmustbeme> cwebber2, i brought that up when we first changed the name, no one responded

<cwebber2> my response was not to this

<cwebber2> so do tantek first

tantek: I think as far as we discussed at thef2f, part of the intent of creating the social web incuabor group was to... we discussed closing down a number of CGs and we'd include their work as part of the new gropu... for example the PuSH CG ... so we can declare that CG succeeded in incubating... part of the point was to provide a continuity of like here is a group that's been active (the WG) and the future of that is to incubate thingse beyond what we've

built recommendations for

scribe: and I feel like we've built 'brand recognition' with the good work the WG has done
... and to keep that and indicate that there's continuity here
... so unless andreas has any objectsion, I think that's a good reason to start the new CG and also it'll be a good announcement that we're starting a new group with the following scope
... what we've done before, plus the other CGs
... I think it woulld be better to bring those under one umbrella, make a new brand we can announce and get people excited again, rather tahn attempting reuse of an existing one
... I hope that clarifies some intent

eprodrom: that makes sense

akuckartz: I think we should discuss this by mail
... I think the fact that there are more than 120 members of the fedsocweb CG
... Almost all of them were becoming members over a long period of time because they're itnerested in decentralised social web, and I think this should be a factor in deciding the future of how to build a new CG

<tantek> note: everyone in all past CGs should absolutely be invited to join the new SWICG

akuckartz: It's completely inactive at the moment

<tantek> to be clear on inclusivity intent

akuckartz: The social IG should take this task, which was closed down

<sandro> https://www.w3.org/community/fedsocweb/ 124 people

akuckartz: To rebuild a CG it will be eaiser than in the past because of the WG, but it still is a lot of effort
... to create a group
... Many of the people who are conerned about the social web, I don't think .. if the active members from the WG join then the CG will become active again
... Regarding the name, I don't care very much about that, federated or not, but the aim is to have a decentralised social web and that should be reflected, even if it's just social
... I think everybody knows the CG will not have the target of creating silos

annbass: seems like we're talking about similar things and we want to capture the members of this group, and the closing IG, and the existing CGS
... we all share an interest in the existing standards, I agree with tantek's point that we want to capitalise on the identity we've built through this group
... Just how to move forward is the quesiton

cwebber2: new topic... I should have put this on the agenda
... There was something that was discussed at the f2f is whether AP coudl bei n the AS2 namespace or in its own namespace
... It significantly simplifies things for AP if it's in the AS2 namespac

e

scribe: then if someone uses the AS2 mime type it will match up
... I forget whether there was a resolution, but neither AS2 editors were present
... it looks like inbox has moved forward with being included in the LDP namespace
... it would be great to knwo if we could work on getting the AP terms into the AS2 namespace
... Especially because it seems like there is precedent to do that rightnow
... this is a quesiton for evan
... I should probably point out taht I do have an issue about this that lists the terms

<cwebber2> https://github.com/w3c/activitypub/issues/132

eprodrom: the ideas is that the activitypub terms that... great... let's get james on this
... and we'll figure out which if any of these are going to go into AS2

<rhiaro> just to note that this isn't about putting them in the AS2 *spec* just the namespace

cwebber2: it's critical that we figure this out before CR

sandro: i thought james chimed in on the issue and said it was okay

cwebber2: I think you're right
... That matches what I remember
... At that point, evan would you available to help move forward with that?
... We just need the promise that it will happen
... We can just switch the context over

eprodrom: you want me to add 13 new properties to AS2? And we have to identify where they fit

cwebber2: they don't have to go into the AS2 spec, just the ns

eprodrom: so we'd have things in the ns document that aren't in the spec?

sandro: the idea is that extensions to AS2 would share the namespace
... and so AP would be the first of those extensions but there could be others
... so people using AS2 with a bunch of extensions don't need a bunch of different namespaces

eprodrom: sounds good. No big objection, just making sure we're on-plan
... So what you're asking is to have these items added to the json-ld context?

cwebber2: that's correct

rhiaro: I'll do that
... we also need a human friendly version of the AS2 namespace, we'll work on that as well

<annbass> thanks a lot rhiaro and eprodrom!

eprodrom: if that's everything, we can close

<eprodrom> trackbot, end meeting

<wilkie> thanks

eprodrom: thanks everyone

<cwebber2> thanks everyone, esp rhiaro and eprodrom !

<julien> Thanks Evan!

Summary of Resolutions

  1. approve https://www.w3.org/wiki/Socialwg/2016-09-13-minutes as minutes for 9/13/2016 meeting
  2. f2f meeting on 17 and 18 Nov 2016 in Boston
  3. Publish new WD of ActivityPub