W3C Technical Architecture Group Face to Face - 10 Dec 2008 (Morning)

10 Dec 2008

See also: Agenda 9-11 Dec, IRC log


Tim Berners-Lee, Dan Connolly, Ashok Malhotra, Noah Mendelsohn, David Orchard (by phone), Jonathan Rees, Henry Thompson, Norm Walsh (by phone), Stuart Williams
T. V. Raman
Stuart Williams
Noah Mendelsohn, Ashok Malhotra


<scribe> scribe: Noah Mendelsohn


<DanC_lap> # Next steps (at the f2f, I hope) for URNsAndRegistries-50 Henry S. Thompson (Saturday, 6 December)

<Stuart> http://www.w3.org/2001/tag/doc/URNsAndRegistries-50.html

HT: We had an earlier draft, http://www.w3.org/2001/tag/doc/URNsAndRegistries-50.html

<DanC_lap> v 1.13 2006/08/17 19:23:58 dorchard Exp URNsAndRegistries-50.html

HT: In an email http://lists.w3.org/Archives/Public/www-tag/2008Dec/0059.html I announced a new approach embodied in new draft at: http://www.w3.org/2001/tag/doc/namingSchemes.html First, I tried to clarify the analysis of requirements. Are they complete? Comprehensible? Earlier document was perceived as not sufficiently helpful to intended audience. Consider for example Secretary of State of New Zealand who are considering the need for a new URN subscheme for their documents. Goal: those readers should recognize that this document is meant for them. Then I explore why doing this name assignment can be hard, and I think that's the interesting part of what I've written. Need to decide how to draw this to a conclusion, and what is it when it's finished? So far, we've been at this 3 years, and have produced two documents, both unfinished. So we need to decide where to go?

AM: You mentioned an academic paper, are you going to write an academic paper? I'm concerned that this will be brief and skip details. What will it point to?

HT: Yes, and perhaps that's inescapable.

<Zakim> DanC_lap, you wanted to say yes, it speaks to, e.g., nz govt agency IT decision-makers, provided the legal terms (e.g. consortium) are readable worldwide and to say the thesis of

DC: Regarding target audience (e.g. New Zealand Secretary of State). My feeling is yes mostly it works, but we need to watch a few terms like "consortium" that may or may not work for all.

<DanC_lap> (leasehold and freehold)

<DanC_lap> "But Domain Names are not really owned, only leased"

TBL: There is potential confusion over terms like "leasing", which may have different connotations.

DC: I don't want to stipulate that domain names can only be leased. Gandi claims to sell you ownership?

HT: How do they do it?

TBL: Gandi could stay in business past ICANN, in principle. You haven't paid for perpetual care, but insurance companies could try to support that. I have discussed the possibility of a Top Level Domain in which names would be owned, and backed by insurance, maintained in perpetuity.

<Zakim> DanC_lap, you wanted to say the thesis of this document should be: naming is hard, and using http/dns well is hard, but http/dns meets the requirements [for naming grounded in

DC: I think the theses should be: naming is hard; using http + DNS to meet the requirements can be hard; using http + DNS is the recommended approach; ???

<DanC_lap> "In what follows we'll explore the requirements space and the solution space, and conclude that in a large number of cases both Dirk and Nadia are wrong, because http-scheme URIs provide the best available solution."

TBL: At the point where it says "So who's right?" I'm worried. You need to then say: "...or are they both wrong?" We need to avoid implication that one or the other is generally right.

<Zakim> noah, you wanted to make a few comments

<scribe> scribenick: DanC_lap

DC: or offer a 3rd character that advocates http/dns

NM: I made a note on my copy... "isolate the highlights and put the rest in the appendix" ...

HT: ... section 2 is, fortunately, short ...

NM: under "identifyable", "in the scheme", the choice of 'scheme' conflates terms...

some brainstorming: system, strategy, ...

NM: one role of findings is to teach terminology, so...

HT: yes, I'll give it a think

NM: perhaps "distinguishable" rather than conflate 'identify' under "identifyable"

HST: perhaps "branded"? that's what I hear people use in conversation

NM: hmm... too much commercial overtone? [reads with "distinguishable"...]
... under "resource identification". risk of collision under centralized? counter-intuitive to me

HST: suppose all the names share a domain name...

NM: suggest "if people do distributed allocation ..."

<noah> scribenick: noah

JR: Many of the points, especially toward the end could use examples and/or elaboration. Presumably you're looking for validation from us that you're on the right overall path?

<DanC_lap> (serialized novels came up at dinner last night... wouldn't it be fun to do this that way? even a radio programme...)

HT: Yes, that's what I wanted.

AM: I thought the beginning read very well, then the end sort of petered out.

HT: Yes, any suggestions welcome.

JR: I think this shows lingering signs of earlier defensiveness. Some of the audience includes people who will not approach this with negative preconceptions about our recommendations.

HT: There is an editorial note in the margin on the screen. Do we need to make explicit?

<Zakim> noah, you wanted to say must convince skeptics

<Zakim> DanC_lap, you wanted to suggest tracing just one path thru the requirements, rather than all of them

NM: Yes, target those who aren't expert in the nuances, but do the presentation carefully enough that even skeptics will find it convincing and careful as far as it goes.

DC: Are you doing all possible paths through requirements?

HT: No, and I think it's a mistake to try and do all combinations of requirements. Have to figure out what to do.

DC: You can at least do a specific solution for Dirk and Nadia.

NM: You could have a section at the end briefly indicating some of the sorts of needs that are legitimate for some users, but that are beyond what's dealt with in this note.

TBL: We can see that solving this is a problem for Web science.

DC: I don't want to say that. In practice on the Web, this is a solved problem. We do name allocations.

TBL: Yes, but not always well enough. The challenge is to do it better.

HT: Yes, I remember Ray Denenberg standing up awhile ago and pointing out that from the point of view of people who do name allocations for, e.g. the US Library of Congress, some of the approaches we advocate in the TAG can seem naive at times.
... Another issue that Noah raised with me privately: naming vs identifying

NM: I believe I've heard people claim the difference is interesting, and you say words to the effect of "the URI names X". Are we happy with that?

TBL: Well, if we're going to be pedandic, it would probably have to be "denote", but I'd rather not go there.

NM: Fine with me, I was just checking and trying to learn something.

<Stuart> identifiers:

<Stuart> a = b => a and b denote the same thing

<Stuart> a <> b => a and b denote different things

<Stuart> names:

<Stuart> a = b => inconclusive

<Stuart> a <> b => a and b denote different things

JR: Well, I'm fine leaving things as they are, but if we were trying to be super careful, my preference would be to have the terms not be used interchangeably.

<Stuart> labels:

<Stuart> a = b => inconclusive

<Stuart> a <> b => inconclusive

TBL: We do commonly say things like "he can be identified by his email address", I.e. inverse functional properties.

<DanC_lap> no, stuart, identifiers can be synonyms too.

<DanC_lap> to wit, URIs

<DanC_lap> and names are, by design, not ambiguous in their intended scope

<Stuart> well... those are 3 labelled sets of properties that one could attribute to name like things - we could quibble about the labels

<DanC_lap> ok, yes, you could introduce terms like that, but it seems better to stick with established terms: unambiguous, etc.

HT: Regarding the view that the terms are distinct: a question. Is it the case that either a) a given thing can't have more than one name or b) a given thing can't have more than one identifier.

JR: No to both.

HT: But both tend to have inverse functional properties within a given scope?

JR: Yes.

<Stuart> Well... in some environments they make the Unique Name Assumption.

TBL: You can imagine alternate approaches involving graphs of bnodes with typed links, but I think for our purposes the direction with explicit names/identifiers is a better way to look at it (scribe isn't 100% sure he got the nuance of what Tim said.)

<DanC_lap> (oops; that reminds me... SCUDs are in last call, and at a glance, they don't clearly meet requirements we requested of them. I think that's in the someday part of our agenda and should be on the dated part)

<Zakim> Stuart, you wanted to mention a 'taxonomy' from Brian McBride:

HT: I think that not making the distinction is appropriate at least with respect to the use in the document.

SW: I was having a discussion with Brian McBride that involved comparision semantics. Proposal: for identifiers, if two are the same they definitely denote the same thing; for names that's not true. For labels you can't say much at all.

<DanC_lap> (oops; I missed that context... that the terminology came from a discussion with Brian, Stuart)

AM: Which one is unique?

SW: Identifiers

NM: Well, in the sense that the same ID necessarily denotes the same thing; it seems unquestioned that a given object can be identified by more than one identifier.

<DanC_lap> (historical note: owl:FunctionalProperty and owl:InverseFunctionalProperty were called, in previous drafts, UniqueProperty and UnambiguousProperty)

JR: I've been working with Alan Ruttenberg on a case study that I think is interesting. Science commons focusses on communication, which means I needed things that people will share. Common practice in the community is {DatabaseID, RecordInDB}

NM: Are the DatabaseIDs globally scoped?

JR: Not necessarily, but in practice in this community, yes. There are a limited number (say 50) of these databases and people tend to agree on the names. This is at this point informal. They're called DBXrefs.

DC: Reminds me of how URIs came into existence. We had ftp, mailto, etc.

TBL: Well, URI schemes.

DC: Yes.

JR: We needed a URI-based solution, and we're getting a committee together, and we have acquired a domain name, and will be working together to decide the resolution semantics. The trick is to get real agreement and buyin. Have identified technical principles of 6 or 8 projects that put xrefs in their databases. The lesson is how hard this has been.

NM: What sort of problems are you hitting?

JR: Partly social: we need to get people to talk to each other and to believe that this is important. Trust can be an issue if you need to get people to actually get people to use these things. We're for the moment not incorporating. We're trying to get a prototype done.

HT: Of what?

JR: Of a resolver. All of these URIs will resolve to 303s.

NM: Is it assumed that, if you recognized the URI, that you could avoid doing the dereference?

JR: Yes.

<jar> http://neurocommons.org/page/Common_Naming_Project

HT: I would like to understand how what you've hit lines up with what I've set out as Dirk and Nadia's requirements.

JR: Well, there's at least one that's questionnable. We required a particular kind of openness, I.e. that mirrors can be made of the metadata.

AM: These will link across databases?

<ht> HST notes that a lot of variation can be concealed behind the word 'mirror'. . .

JR: If the DB providers, who are organizationally separate from this effort, adopt this, then yes. But we have no expectation of that. This is really primarily for third parties to cite the database.

AM: If I have in a database multiple records about a person, then...

JR: We're not talking of "about" yet; these things are, for the moment, just identifying "records".

HT: Are you using records in the narrow sense of "row in table", or do you mean in the colloquial higher level sense (a record of this mouse's kidney)?

JR: We assume keys, but not a physical structure.

NM: An abstract dictionary?

JR: Yes.

AM: If I have the kidney record, how I do it?

JR: At a higher level. Either the publisher or a 3rd party can say these two records combine to form a mouse record.

<ht> HST: I hear JR saying that wrt some collection of RDB tables, doesn't matter how many are involved wrt some particular entity, we assume the primary key in one of those tables is "the record identifier" in our sense

NM: So, it's not specifically relational. There is a collection of databases. Each database is an abstract dictionary. If you give it a key, it will give you some data back. Not much is said about a) what the substructure of that data is or b) how these stores full of key-identified data are used for, e.g. storing resumes, mouse kidney records, etc.

<Zakim> ht, you wanted to ask about a relevant TLA

HT: What's the significance, for our discussion, of DOIs?

JR: It's an existing non-URI naming system, that has been embedded in URI-space in at least two ways: info:doi and http://dx.doi.org

HT: I think Jonathan also said that naming schemes based on http to satisfy the needs is difficult, but doi shows that alternate approaches are not necessarily easier. The problems tend to pop up however you do it.

<ht> JR: So all the issues raised in the Dirk and Nadia doc't arise when a publisher moves an identifier out of pure DOI space into the http://dx.doi.org/... space

SW: Next steps?

<DanC_lap> action-33?

<trackbot> ACTION-33 -- Henry S. Thompson to revise URNsAndRegistries-50 finding in response to F2F discussion -- due 2008-12-13 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2001/tag/group/track/actions/33

HT: I got some good advice, I would like to take this forward, and would like an action under which to do it.

<DanC_lap> action-121?

<trackbot> ACTION-121 -- Henry S. Thompson to hT to draft TAG input to review of draft ARK RFC -- due 2008-12-05 -- OPEN

<trackbot> http://www.w3.org/2001/tag/group/track/actions/121

SW: You have ACTION-33 and ACTION-121.

HT: Yes, I have to find the time to do the Ark work someday.

<DanC_lap> action-33 due 1 Feb 2009

<trackbot> ACTION-33 revise URNsAndRegistries-50 finding in response to F2F discussion due date now 1 Feb 2009

HT: OK, let's do it under ACTION-33. I.e. we'll interpret the term "finding" broadly.

DC: Is there a last call pending on the RFC? Is it an RFC?

HT: It's a draft. I think John is working on it when he can.

DC: So, not urgent, but we shouldn't drop it.

<DanC_lap> action-121 due 1 March 2009

<trackbot> ACTION-121 HT to draft TAG input to review of draft ARK RFC due date now 1 March 2009

HT: Ping around 1 March.

NM: Clarification, have we saided what is currently headed toward a finding at this point?

<DanC_lap> action-33?

<trackbot> ACTION-33 -- Henry S. Thompson to revise naming challenges story in response to Dec 2008 F2F discussion -- due 2009-02-01 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2001/tag/group/track/actions/33

HT: The original charge was to make a document that would be a finding. First document stalled. This may get there someday, but not prejudging for now whether it will be labeled as finding.

<DanC_lap> break to 11:00 ET

<Stuart> FYI drafrt-kunze-ark-15 has expired https://datatracker.ietf.org/drafts/draft-kunze-ark/

<DanC_lap> Uniform access to metadata aka issue-57

<DanC_lap> HttpRedirections-57

<DanC_lap> issue-57?

<trackbot> ISSUE-57 -- The use of HTTP Redirection -- OPEN

<trackbot> http://www.w3.org/2001/tag/group/track/issues/57

HttpRedirections-57 and Uniform Access to Metadata (ISSUE-57)

<Stuart> http://www.w3.org/2001/tag/doc/more-uniform-access.html

Discussing: http://www.w3.org/2001/tag/doc/more-uniform-access.html

<DanC_lap> Draft for discussion at TAG F2F (Dec 2008), 25 November 2008.

JR: The objective is, from the draft, to "Establish a uniform, generally applicable method for a user agent to obtain information about a resource, given a URI that names the resource. " So, we're looking for a follow your nose approach that works uniformly.

<jar> http://ashby.csail.mit.edu/tmp/get-descriptor-URI.pdf archival copy on w3.org = graffle

<DanC_lap> (for the meeting record, Somebody Should mail a copy to www-archive; I'm not inspired just now)

<DanC_lap> issue-36?

<trackbot> ISSUE-36 -- Web site metadata improving on robots.txt, w3c/p3p and favicon etc. -- OPEN

<trackbot> http://www.w3.org/2001/tag/group/track/issues/36

JR: Discussing http://ashby.csail.mit.edu/tmp/get-descriptor-URI.pdf There is a proposal for a site meta-file.

<DanC_lap> (timbl's point obliges me to an action to confirm that the POWDER WG knows about this site-meta spec; ah... JR says the archer is in contact with mnot)

JR: The overall story from Mark, Eran, Phil and me is that you can get this metadata in any of a number of different ways. The choice may be application-dependent. Ways include site metatdata, which has it's own RFC, link header will have it's own RFC, and also link element.

<DanC_lap> (what's the discussion forum of choice for the /site-meta spec?)

AM: You'll get the same information in all cases?

JR: Probably a strong SHOULD. Orientation is not so much getting you the metadata itself, but rather getting you a document that holds the metadata.

<Zakim> Stuart, you wanted to as jar whether there is a way to state what realtion is applied in site-meta rules

SW: In that sample metafile, that's in the PDF, will you be able to state the relationship between the resources?

<DanC_lap> q

<Zakim> timbl, you wanted to ask what determines what way is used - server or client ? Is there a single result of this algo?

JR: Yes, you should. It's implicit<meta>


<from> http://example.org/{path}</from>

<to> http://example.org/{path},about</to>



DC: It's one GRDDL transform away.

NM: Ah, so knowning meta/descriptor-uri-rule/from/...your URI template here... allows GRDDL to infer thing described by for all URIs matching the template.

TBL: Do you get the same information in all modes?

JR: Well, some people have access to write site metadata and some don't.

DC: So, "no".

<DanC_lap> tim described a protocol optimization that motivates invariants between the options

<DanC_lap> acn danc

<Zakim> DanC_lap, you wanted to ask to swap in an enumeration of the specific customers and their scenarios and to ask what's the discussion forum of choice for /site-meta

<jar> The intent (Eran's I think) is that if one path works, then you don't have to follow the other one. (path 1 = site metadata + rule, path 2 = link header)

<DanC_lap> JAR: POWDER timeline isn't all that comfortable

DC: The powder marketplace is not happy until this solved. So, there's a timing problem?

<Stuart> jar... wrt to Eran's intent, I assume that either path is ok as the one to try first.

JR: Not sure.

DC: I'm not hearing that every ATOM feed reader is going to change.

JR: Right.

DC: Regarding Mobile Web, POWDER, etc. Are there mobile folks involved in discussions with Mark Nottingham, et. al?

JR: Not that I'm aware.

DC: Mobile is why W3C did POWDER.

<DanC_lap> (jar, thanks for http://www.w3.org/2001/tag/doc/uniform-access.html ; very useful for me as team contact trying to coordinate all this stuff)

TBL: POWDER and http-link headers are both examples of things that are pieces of the puzzle potentially for many things, but haven't been quite worth being the inspiration for brand new working groups.

DC: Is there a public discussion form for the site metadata?

JR: www-talk, I think.

<Ashok> Here is a thread: http://lists.w3.org/Archives/Public/www-talk/2008NovDec/thread.html

DC: Do you who Eran Hammer-Lahav works for?

JR: I think it's Yahoo.

<jar> Eran's blog: http://www.hueniverse.com/hueniverse/

DC: Jonathan, do you trust yourself to evaluate solutions on behalf of this community?

JR: Well, I try to listen to them carefully.

DC: So, there is an outstanding worry about whether the mobile community is well enough connected. Does Mark N. have particular schedule goals?

JR: I think both Eran and Mark are doing this because they need it for particular reasons.

AM: I'm trying to think through the possible content of a TAG finding. Seems like it would be: "Here are specific ways of getting metadata, but you can try other ways too. What you get back may more may not be the same in all cases, and the formats may vary." Doesn't feel like a very sharp finding.

NM: Is there a shared underlying... ?

JR: No

<DanC_lap> "point me to info about X" might be a good title

JR: The commonality is answering the question: "what do you know about X"

NM: We could define idioms to be used by those who wish to do so. E.g. if your wish is that your description be integrated into the semantic web, you must tell us how to map your description to triples.

<Zakim> ht, you wanted to remind (?) us that there can be more than one 'describedby' target

HT: There is more than one thing that something can be described by. It's not functional. It's thus OK to get different descriptions by different...

<DanC_lap> (I just realized: rel="describedBy" would probably be better as rev="describes" or rev="description")

<dorchard> (and I think Mnot just added rev back into the -3 draft)

TBL: The design could be that when you get a link header with described by, it points to THE site metadata file.

HT: So, I conclude that in general it's OK to have multiple link headers with same relation.

TBL: In general, http headers and RDF statements both have the characteristic that they can be thrown in and interpreted relatively independent of each other. Thus, restricting to only one would be counter to the architecture.

HT: I came to same conclusion for different reason: requiring only one would require agreement on packaging format, which likely isn't going to happen.

<Zakim> jar, you wanted to talk about Eran's use cases

JR: But for some specific relations, multiple may be inappropriate.

HT: Yes, but I think Tim and I agree multiple _is_ appropriate in this case.

JR: There is an XRDS spec being developed, and attempts to build discovery protocols. Eran took task of coming up with discovery protocol, and the two-branch choice of site metadata and link metadata as described in the PDF referenced above seems to be the direction he's leaning towards. There is also a mailto use case.

Several: Mailto?

JR: There's a move afoot from those who think that some individuals can't conveniently get http-scheme URIs assigned for themselves, so the question is how to get metadata for them.

DO: Yes, and, I need to declare things like "I own a site and xxxx@example.com is a valid email address at example.com, but spammer@example.com isn't."

<Zakim> DanC_lap, you wanted to speak to the finding genre vs specs vs tag working papers and to ask about XRDS and identity space specs (openid) and relate to RDF/FOAF and the upcoming

<DanC_lap> issue-36?

<trackbot> ISSUE-36 -- Web site metadata improving on robots.txt, w3c/p3p and favicon etc. -- OPEN

<trackbot> http://www.w3.org/2001/tag/group/track/issues/36

DC: I'm not yet concerned whether this results in a finding. I have an ISSUE-36 and working on this is useful whether we hatch findings or not. I asked whether XRDS is one of these identity-related specs (scribe isn't quite sure what Dan meant - I think he meant whether the community interested in identity cares about it a lot)

<jar> FYI: http://groups.google.com/group/metadata-discovery

<jar> timbl: Has anyone GRDDL'd XRDS to get RDF?

DO: A lot of the discussions in the XRI community have been focussed on integrating with RDF. Haven't heard a lot from them about XRDS one way or the other, but I sense a lot of positive sentiment about RDF.

<DanC_lap> DC: the reason I asked whether XRDS was one of these identity specs (along with openid and cardspace) to recall the relationship with FOAF and RDF

NM: Are they really not interested in XRDS, I thought it was in their spec?

<Zakim> DanC_lap, you wanted to note the upcoming W3C workshop on social networking http://www.w3.org/2008/09/msnws/

DO: No you misunderstood me. They obviously are interested in XRDS, I'm reporting what seems to be positive interest in RDF, not sure I heard a clear story on the two together.

<DanC_lap> --

<DanC_lap> W3C Workshop on the Future of Social Networking

<DanC_lap> Call for Participation 15-16 January 2009, Barcelona

<DanC_lap> --

<dorchard> They are definitely interested in XRDS, I was only speaking about the relationship between XRI and RDF. ! ((XRI and XRDS) or (XRDS and RDF)).

<timbl> Oshani, student at CSAIL, is first author on position paper for the workshop.

<timbl> It has beensubmitted.

TBL: Oshani, student at CSAIL, is first author on position paper for the workshop.

<jar> XRDS spec = XRDS schema spec + XRD discovery protocol (not being factored out by Eran)

<Stuart> Re: XRDS and RDF... this is what I found http://wiki.oasis-open.org/xdi/XdiRdfModel

SW: Regarding XRDS and RDF I found http://wiki.oasis-open.org/xdi/XdiRdfModel . XDI is the group doing the data formats that go with XRI

<Stuart> http://www.oasis-open.org/committees/download.php/29748/xdi-rdf-model-v11.pdf

<DanC_lap> sigh... a new ascii-level syntax in http://wiki.oasis-open.org/xdi/X3Format

DC: The X3format appears not to be N3, XML, JSON, etc.

<ht> I note with interest that there's a new draft of Cool URIs for the SemWeb: http://www.w3.org/TR/2008/NOTE-cooluris-20081203/

JR: Can I please get some guidance in the remaining 10 minutes?

SW: Where do you think you are?

<ht> Oh, forget it: "The only change from the previous version of this document is the addition of a link to an errata page. "

JR: I'm a bit confused about what best scope would be. I might go one direction to satisfy myself, might go another to get maximum buyin. I guess I'm tempted to go wrt middle, but what I really need are clear requirements, either wrt/ use cases or who needs to be happy. The site metatdata with URI rewriting seemed appealing, in minimizing round trips by allowing the work to be done on the client.

TBL: There are downsides to proliferation of "see alsos". If you get back "see all of Wikipedia" when asking about Jonathan, things like tabulator don't get good value. Better to say: for this type of information, do it this way.

<timbl> Tim: A good spec says "if we all do this, then we will have ths benefit".

<jar> JAR: (that advice about seeAlso is news to me...)

<timbl> Tim: It is good ten to profile the sorts of metadata whcih are made availabel, and formats etc until you have a set of clients which use a given algorithm and achieve a given level of functionality as a result.

JR: Another approach is "just use site metadata, and if you can't influence it, chose another hosting service."

<DanC_lap> (note to scribe: the topic/TOC label for this discussion please include issue-36 aka siteData-36 )

SW: Some other alternatives seem to allow more direct "ask a question, get an answer"

<timbl> An example is that hte tabulator has an algorithm which allows people to link to more data using rdfs:seeAlso, and this can work really well if respected and used reponsibly.

NM: I think we need more exploration. E.g. is ability to control the site metatadata something that any reasonable hosting provider can do, or are there good reasons that either (a) some can't or (b) even if they could, there would be other problems with that approach?

DC: I think you could continue in your role as advocate for the semweb use case and advise the TAG informed on what your peers are doing.

<Zakim> Stuart, you wanted to ask about any predisposition toward WKL's (cf siteData-36)

<DanC_lap> (is /site-meta likely to take on leading-edge /robots.txt ideas? mnot's involvement suggests "yes" to me)

SW: With robots.txt there has been a squatting issue because it's giving a reserved interpretation to that name. Same thing with site metadata stored in reserved filename.

NM: Could this, at least in principle, be the only one? You could say in the site metadata file "robots.txt has special meaning because I say so in the site metadata file, or in information you can find from it."

<Zakim> ht, you wanted to ask site metadata discovery plans

JR: I would like this to be (something isomorphic to) ARK

HT: One of the advantages of the approach is that it offers the opportunity to do something of an end run around site administrators. If the discovery algorith were analagous to the .htaccess one, I.e. you look up the hierarchy in the URI, then by definition the same people who can post Web pages can put up site metadata files.

DO: I think the TAG could talk about the issue with Authority. Eran has asked me and Jonthan to think about whether the TAG has anything to say about whether a file like this can speak >authoritatively< for, e.g. a mailto: URI.

<ht> HT acknowledges that his suggestion has a huge problem in the legacy/name squatting

<Zakim> skw2, you wanted to suggest that jar also mention the metadata-discovery googlegroup

JR: Don't think I want to.

SW: Should we point out the Google Group?

<DanC_lap> (if you want to speak authoritatively for a mailto: URI, you have to be the SMTP server. or edit the SMTP standard)

JR: I want to encourage people to encourage the metadata discovery google group at http://groups.google.com/group/metadata-discovery

DC: Is there any crossposting and or shared participation with www-talk?

<Stuart> also... http://groups.google.com/group/metadata-discovery/browse_thread/thread/b4f60d20896ad7c5?hl=en

JR: Some shared participation, don't think much cross posting, some difference of emphasis subject-wise

<Stuart> for

<Stuart> Discovery Coordination Report, Dec 5th 2008 Options

<Zakim> DanC_lap, you wanted to review actions before we break for lunch

HT: I believe the information sciences / library sciences community doesn't believe that, in general, the authors of a document can authoritatively provide the metadata for it.

<jar> When I mentioned this metadata discovery issue to a library scientist, they said: Why on earth would anyone ask the publisher? They're not qualified to provide this kind of information.

SW: We'll do review of related issues after lunch.

RETURNING FROM LUNCH -- (Noah will scribe rest of site metadata, then hand over to Ashok)

<DanC_lap> action-178?

<trackbot> ACTION-178 -- Jonathan Rees to prepare initial draft of finding on uniform access to metadata. -- due 2008-11-25 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2001/tag/group/track/actions/178

DC: On ACTION-178, you did an initial draft. Do we close the action or do a next step? 184 is still there.
... Two use cases both relating to UAM: 1) XRD Discovery ....
... Consider adding the XRD use case to UAM

AM: Any downsides to doing nothing?

<timbl> I note the tabulator has implemented HTTP link: header with rel=meta

JR: I am going to do something. Science commons needs it, among others. Potential action revise "Uniform Access to Metadata" (needs title change) to add XRD use case

The document is at http://www.w3.org/2001/tag/doc/uniform-access.html

<scribe> ACTION: revise "Uniform Access to Metadata" (needs title change) to add XRD use case [recorded in http://www.w3.org/2008/12/10-tagmem-irc]

<trackbot> Sorry, couldn't find user - revise

<scribe> ACTION: jar revise "Uniform Access to Metadata" (needs title change) to add XRD use case [recorded in http://www.w3.org/2008/12/10-tagmem-irc]

<trackbot> Created ACTION-200 - Revise \"Uniform Access to Metadata\" (needs title change) to add XRD use case [on Jonathan Rees - due 2008-12-17].

<DanC_lap> trackbot, status


<trackbot> Sorry, bad ACTION syntax


<trackbot> Sorry, bad ACTION syntax

JR: There are two things: 1) do we have anything to say about site metadata and 2) building on it. That's useful, but not clear whether TAG or SemWeb. I guess I'd like to let a bit of time go by, think about it, maybe take it up in a month?

<DanC_lap> action-178 due 2 Feb 2009

<trackbot> ACTION-178 Prepare initial draft of finding on uniform access to metadata. due date now 2 Feb 2009


<trackbot> ACTION-116 -- Tim Berners-Lee to align the tabulator internal vocabulary with the vocabulary in the rules http://esw.w3.org/topic/AwwswDboothsRules, getting changes to either as needed. -- due 2008-12-09 -- OPEN

<trackbot> http://www.w3.org/2001/tag/group/track/actions/116

SW: Tim, is action 116 one we should retain?

TBL: Yes.

SW: Revise due date?

DC: Some concern about whether the Booth ontology is quite right.

TBL: I will realign tabulator internal vocabulary, informed by reading of Booth ontology?

DC: How related to link header?

TBL: Broadly, they're both related to the question: with a URI in hand, what triples can I get?

<DanC_lap> action-116 due 7 Feb 2009?

<trackbot> ACTION-116 Align the tabulator internal vocabulary with the vocabulary in the rules http://esw.w3.org/topic/AwwswDboothsRules, getting changes to either as needed. due date now 7 Feb 2009?


<trackbot> ACTION-184 -- Jonathan Rees to contact Lisa D of IESG, cc www-tag, to explain about 303, with cool URIs and webarch as references. -- due 2008-12-31 -- OPEN

<trackbot> http://www.w3.org/2001/tag/group/track/actions/184

SW: Action 184 is not due yet.

DC: I think awwsw should report back to TAG.

JR: Won't have a consensus view, but I can report back tomorrow if you like.

<DanC_lap> ACTION: jar to report on status of AWWSW discussions [recorded in http://www.w3.org/2008/12/10-tagmem-irc]

<trackbot> Created ACTION-201 - Report on status of AWWSW discussions [on Jonathan Rees - due 2008-12-17].

<Zakim> DanC_lap, you wanted to solicit reviewers of mnot's /site-meta draft

DC: Even knowing whether you're likely to do anything is a useful bit. One of us should look closely at Mark Nottingham's site metadata draft.

AM: I can do that.

<DanC_lap> action-201 due 11 Dec 2009

<trackbot> ACTION-201 Report on status of AWWSW discussions due date now 11 Dec 2009

<jar> http://tools.ietf.org/html/draft-nottingham-http-link-header-03 = Site metadata RFC draft

<DanC_lap> action-201 due 11 Dec 2008

<trackbot> ACTION-201 Report on status of AWWSW discussions due date now 11 Dec 2008

<scribe> ACTION: ashok to review http://tools.ietf.org/id/draft-nottingham-site-meta-00.txt due 10 January 2009 [recorded in http://www.w3.org/2008/12/10-tagmem-irc]

<trackbot> Created ACTION-202 - Review http://tools.ietf.org/html/draft-nottingham-http-link-header-03 due 10 January 2009 [on Ashok Malhotra - due 2008-12-17].

<DanC_lap> action-202 due 10 Jan 2008

<trackbot> ACTION-202 Review http://tools.ietf.org/html/draft-nottingham-http-link-header-03 due 10 January 2009 due date now 10 Jan 2008

<timbl> Jonathan, I note the tabulator follows currently link rel= {alternate|seeAlso|meta} preferring 'meta' -- why did you document use 'description'?

<jar> the link relation is 'describedby' and in this I follow POWDER.

SW: Ashok, is there anything else on this you feel that we've missed?

<scribe> scribenick: Ashok

<scribe> scribenick: Ashok

<noah> scribe: Ashok Malhotra

<noah> scribenick: Ashok

<noah> scribe: Ashok Malhotra

<timbl> (ah, powder)

<DanC_lap> yes, timbl, good question; it should be in the POWDER issues list; I started searching but didn't really get to the bottom of it

Web Application security and Safe JavaScript

<DanC_lap> POWDER is in last call, note.

<jar> Tim, I had a hard time finding any 'normative' spec for 'meta'. The only one I found was in RDFa, and it's pretty weak (x meta y if y is metadata for x)

<Stuart> reviewing... http://www.w3.org/QA/2008/12/web_applications_security_requ.html

<timbl> FOAF spec maybe sepcs it as pointer fromhome page?

<DanC_lap> "Use the browser as part of the trusted computing base? Are you kidding?"

<DanC_lap> no more kidding.

??: On the other hand, after wrestling with the patchwork of javascript security policies in browsers in the past few weeks, the capability approach in adsafe looks simple and elegant by comparison. Is there any chance we can move the state-of-the-art that far? And what do we do in the mean time? Crockford's Jan 2008 post is quite critical of W3C's current work: there are multiple interests involved in a web application. We have here the interests of the user, of the site, and of the advertiser. If we have a mashup, there can be many more interests. Capability security has a long history ... back to Butler Lampson ... Many implementations

<Stuart> projected http://erights.org/elib/capability/ode/overview.html

<DanC_lap> JAR notes KeyOS circa '70s

<DanC_lap> (I wonder if this history is told in wikipedia)

TBL: Describes some capability examples
... E.g. you can use this to access my salary

NM: I would mint a new pointer with special capabilities

TBL: Any social constriant can be represented in the capability

JAR: Any technical constraints ... not constraints that courts must enforce
... Object capabilities and web keys are very different. The capability system you would have within your browser would give you complete control of where the pointers go ... careful protocol between hosts ... hosts must have certain amount of trust

<DanC_lap> (for reference, "webkey" is the subject of Tyler Close's Mashing with permission from the agenda)

NM: These are not pointers ... they are references and thus more abstract E and webkeys are diferent systems with different properties

<timbl> JR: In E, there is Mandatory Access Control: Something which has a capabilaity can be made UNABLE to pass the cabability to something else. By contrast, any system which encodes capabilities with strings (like webkeys) cannot stop an object from cloning the string and passing it to anything else.

<Stuart> projecting http://blog.360.yahoo.com/blog-TBPekxc1dLNy5DOloPfzVvFIVOWMB0li?p=706

"this" is a problem in javascript . Caja lets you use "this" in limited situations.

TBL: Calling it Access Control" is misleading. It's about privacy.

HT: My javascript is littered with "this"
... Its about permission policy
... RPPA - Resource Permission Policy Assertions

<DanC_lap> ACTION: DanC to discuss Access Control misnomer with Interaction Domain staff

<trackbot> Created ACTION-203 - Discuss Access Control misnomer with Interaction Domain staff [on Dan Connolly - due 2008-12-17].

HT: 20 percent of my lines in Javascript use "this"

Norm: I use jquery ... it may use "this" behind the scenes

Crockford says add a switch in Firefox to disable non-adSafe ads

<DanC_lap> projected is http://www.w3.org/QA/2008/12/web_applications_security_requ.html

JSONRequest does not allow the server to abdicate its responsibility of deciding if the data should be delivered to the browser. Therefore, no policy language is needed. JSONRequest requires explicit authorization. Cookies and other tokens of ambient authority are neither sent nor delivered.

For server read 'site'

<timbl> Often, of course the 'site' is complicated as there is the SSN site, the[ syndicated] blogger, the commenter all may provide content

Pick a s site ... Ticketmaster

SW: You can put credentials in as parameters

JAR: capability systems require capabilities for every request. Session-based systems let you establish your rights at the start of the session

<ht> HST tries to repeat his understanding of JAR's summary: a capability-based system requires a token of capability as a part of every request/transaction.

DC: Use ambient rather than session

<jar> "ambient" authority is authority that is just there, and gets used as needed by any request

<ht> ... whereas an ambient approach, which is what we're mostly used to, establishes an umbrella and then all subsequent operations are allowed (or not, as the case maybe) by that umbrella

<jar> a capability must be "exercised" = passed as a parameter

<jar> capability security = no authority without designation (of the particular authority being exercised)

<Stuart> http://www.w3.org/TR/access-control/#design-decision-faq

<Stuart> requirement #5 from ref'd doc: "The solution must be applicable to arbitrary media types. It must be deployable without requiring special packaging of resources, or changes to resources' content. "

Back to the agenda

<Stuart> http://www.w3.org/2001/tag/2008/12/09-f2f-agenda#safeJavaScript

Norm, do you know mark S. Miller?

Norm: Don't think so

DC: We have 8 minutes ... I suggest go for 20 minutes
... Suart you have the floor

SW: I did not find item 1 in the list satisfactory ... not connected with capabilities

JAR: What would you like to know?

DC: Shd this stay in the TAG 'someday' pile?

NM: Yes... and possibly bring up sooner

JAR: It's hard for me to be impartial ... the first cgi script I wrote was abt capabilities

This solution seems so obvious

People are not making the connection ... it's defensive programming

TBL: I have not seen a completeness theorem for this ... need some examples

JAR: See E in a walnut

<Stuart> projecting: http://wiki.erights.org/wiki/Walnut

TBL: Having programmed in Ajax, I feel I've been working with a capability system

JAR: What could be the outcome? Even a carefully guarded statement may be useful here.

<DanC_lap> AM: I've been a fan of capabilities since the early '90s when I found a capability system in IBM; it's a beautiful system. It had hardware support. Without hardware support, I wonder if it can be hacked.

<DanC_lap> JAR: research results, related to garbage collection, are pretty solid

Ashok: What do we do to encourage this direction?

JAR: There are 2 proposals: AdSafe, Caja.

TBL: Shd we have little tutorials on these things: JSON Request, AdSafe
... This is a really interesteing and timely bit of technology. Nailing it know would do the world a lot of good.

<DanC_lap> (I presume I can use 5 or 10 more minutes ... or should I check orally? hmm.)

It would also make programming the stuff easier. It would be willing to push to change the computing environment

HT: Colored by personal experience. WACL is a hard spec to read but would solve our problem. My dept changed to using Kerberos and it made my life hell

Disagreement with whether Kerberos is capability-based

<DanC_lap> (nice job minuting, Ashok.)

Don't see how AdSafe has anything to do w/capabilities

<DanC_lap> (irc poll: (a) continue this discussion for another hour after a break today (b) schedule it tomorrow (c) action SW to schedule it for a telcon (d) other [pls specify how you're volunteering])

How can we get there from here? We are using the browser as distributed app dev platform and it doen't do it terribly well It may be intrisically unfixable... Even if there is a solution, can we get there from here?

<DanC_lap> potential ACTION: what does Silverlight do?

NM: Same as Flash

Norm: It shd remain on the 'someday' pile. May be worth moving up

<noah> For Flash, there's a standard data file you can leave on your site that says "yes, you can steal my data cross-site". Silverlight honors the Flash file, and I think has it's own slightly different equivalent if you prefer a Microsoft-specific approach.

<DanC_lap> I'm for (a)

Me too!

<DanC_lap> break to xx:40

BREAK for 15 Minutes

<Norm> back at xx:40!

<noah> MSDN page on Silverlight security policy: http://msdn.microsoft.com/en-us/library/cc645032(VS.95).aspx#Mtps_DropDownFilterText

<Stuart> Amy, d'you know what time we have to stop so that the next people can use the room?

<Zakim> Stuart, you wanted to ask whether the scope of the WSC-WG is relevant to this discussion.

SW: What are the Security WG doing wrt to this issue?

DC: Some overlap

SW: Is security of rich apps running in browsers part of their domain

DC: The little lock that lights up on yr browser is a security risk. They are seriously attacking the gap between the chair and the keyboard.

<Stuart> From: http://www.w3.org/2006/WSC/ "Web Security Context Working Group

<Stuart> From our charter: The mission of the Web Security Context Working Group is to specify a baseline set of security context information that should be accessible to Web users, and practices for the secure and usable presentation of this information, to enable users to come to a better understanding of the context that they are operating in when making trust decisions on the Web."

DC: ... The key/lock is harmful because websites put key in content

<Zakim> DanC_lap, you wanted to note recent origin header discussion in the HTML WG

From WSC WG "to enable users to come to a better understanding of the context that they are operating in when making trust decisions on the Web."

Another item ... origin header

<DanC_lap> pls project: http://www.w3.org/2008/12/04-html-wg-minutes.html

<Stuart> http://www.w3.org/2008/12/04-html-wg-minutes.html#item03

Origin Header agenda item attracted attention ... all interested parties showed up

Adam Barth agrees to become editor of the spec

<Stuart> http://crypto.stanford.edu/websec/specs/origin-header/

DC: I visit TicketMaster and there is a white hat reference and we go get it. I buy ticket now I get lot's of cookies, etc. Now I end up on a bad guy site. This guy can do a post to TicketMaster and use cookies to buy another ticket. Mitigation is origin header in post to TicketMaster says its from bad guy site.

NM: Construct a situation with long call stack. Which is the origin.

HT: The article on screen tries to address this.

Second bullet ...

NM: Can origin be forged?

It's the invoking html doc

<Zakim> timbl, you wanted to ack about jsonrequest and adsafe

<Zakim> ht, you wanted to ask how ADsafe is related to capabilities

HT: How does AdSafe use capabilities?

DC: That's a feature

JAR: Caja is safe and powerful

Put javascript in upper left

HT: AdSafe does not have tokens with capabilities

JAR: Javascript has global object which has universal capabaility. They removed that. The DOM is has global access and AdSafe wraps access to the DOM

<Stuart> projecting: http://www.adsafe.org/

<DanC_lap> (for the record, the list stuart is projecting is a good answer to ht's question)

HT: AdSafe removes some capabilities that javascript allows

<noah> From: http://en.wikipedia.org/wiki/Capability_architecture

<noah> A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights.

JAR: They needed a new name for object capabilities ... it's the same as hardware capabilities recast into software

HT: Explains how AdSafe removes capabilities

JAR: A capability system has only capabilities not ambient authority

HT: Where is the checking done?

<Zakim> jar, you wanted to ask how Mark M might help, supposing he wanted to

HT: We do not need to answer this question today

DO: SKW and I got involved in this spec a while ago ... We tried to push them to Tyler approach. We got pushback. Then they decided to do usecases and reqmnts. Stuart and I looked at their docs and asked "what does the algorithm do"? If we got enough people in WG that wanted something different we could get something done. Need to muster support for a coherent position.

DC: We have looked at their work and we agree on their direction

DO: I understand their solution. Too many requirements and many are muddled.

DC: Too difficult to ask them to reopen requirements

DO: They did not follow process and ask for participation ... came out of ... work

<DanC_lap> (it seems that the charter has since been fixed. "Access Control for Cross-site Requests (Access Control)" -- http://www.w3.org/2008/webapps/charter/ 2008/07/02 23:19:59 )

HT: Who do we have buy in on this? Are there people who would deploy this and it would be real production?

DO: They pulled the final release
... Microsoft did not join WG but publish their own thing. Seems like they are now going the W3C way.

<Zakim> ht2, you wanted to ask how JSONRequest works

DC: Any actions? Is it on our 'someday' pile?

SW: No actions

JAR: Moral support resolution may be nice.

SW: Support whom?

DC: Noncommital resolution will not change anything

JAR: Goal is to encourage work on programming methodology that makes it hard to screw up
... It is an architectural problem. Will not go away

<scribe> ACTION: jar to talk with Mark Miller and report back

<trackbot> Created ACTION-204 - Talk with Mark Miller and report back [on Jonathan Rees - due 2008-12-17].

<DanC_lap> action-204 due 14 Feb 2009

<trackbot> ACTION-204 Talk with Mark Miller and report back due date now 14 Feb 2009


<Stuart> http://lists.w3.org/Archives/Public/www-tag/2008Nov/0114.html

SW: We receivedd a direct request from them (Marcos) to comment on their requirements.

HT: Can we go thru this again?

DC: I asked are these things ever written down and they replied usually not

<Stuart> looking at: http://dev.w3.org/2006/waf/widgets/

Step 1 -Acquire a Widget Resource over HTTP or Local Storage

We thought these requests did not come over HTTP

HT: Is the config doc part of a widget resource? Answer appears to be 'yes'.

<Stuart> Possible question of clarifiaction: "Is there a requiremment to be able to reference into a widget package from outside of the package?"

<DanC_lap> (another editorial matter: "widget resource" doesn't help me; just "widget" would be less distracting. and it says "resource" where "representation" seems better in several cases)

DC: Why does it not just say -- A conforming spec MUST recommend a hierarch


<scribe> ACTION: Henry S to begin responding to Marcos asking the question: Why does the spec not say "A conforming spec MUST recommend a hierarchical adressing schems that can be used to address the individual resources within a widget resource from within a config doc, widget, or other constituent of the same widget pkg."

<trackbot> Created ACTION-205 - S to begin responding to Marcos asking the question: Why does the spec not say \"A conforming spec MUST recommend a hierarchical adressing schems that can be used to address the individual resources within a widget resource from within a config doc, widget, or other constituent of the same widget pkg.\" [on Henry S. Thompson - due 2008-12-17].

add to above action the words "In Reqmnt 6"

Summary of Action Items

[NEW] ACTION: ashok to review http://tools.ietf.org/id/draft-nottingham-site-meta-00.txt due 10 January 2009 [recorded in http://www.w3.org/2008/12/10-tagmem-irc]
[NEW] ACTION: DanC to discuss Access Control misnomer with Interaction Domain staff [recorded in http://www.w3.org/2008/12/10-tagmem-irc]
[NEW] ACTION: Henry S to begin responding to Marcos asking the question: Why does the spec not say "A conforming spec MUST recommend a hierarchical adressing schems that can be used to address the individual resources within a widget resource from within a config doc, widget, or other constituent of the same widget pkg." [recorded in http://www.w3.org/2008/12/10-tagmem-irc]
[NEW] ACTION: jar revise "Uniform Access to Metadata" (needs title change) to add XRD use case [recorded in http://www.w3.org/2008/12/10-tagmem-irc]
[NEW] ACTION: jar to report on status of AWWSW discussions [recorded in http://www.w3.org/2008/12/10-tagmem-irc]
[NEW] ACTION: jar to talk with Mark Miller and report back [recorded in http://www.w3.org/2008/12/10-tagmem-irc]
[NEW] ACTION: revise "Uniform Access to Metadata" (needs title change) to add XRD use case [recorded in http://www.w3.org/2008/12/10-tagmem-irc]
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.134 (CVS log)
$Date: 2009/01/07 15:19:05 $