See also: IRC log
<trackbot> Date: 20 May 2010
<scribe> Scribe: Dan
<scribe> ScribeNick: DKA
<DanC> Scribe: Dan A.
<noah> zakim troubles, trying again
<johnk> work for me
+1
<DanC> RESOLVED: to approve http://www.w3.org/2001/tag/2010/05/13-minutes
DanC: Yves will be attending in my stead.
Noah: I was aware - and appreciate that.
DKA: Dan Do you want to attend via video?
Noah: My view of the video - if anyone wants it we can do it. I remain nervous about the Ash cloud. At this point we should assume we're all going. If that happens, I can fall back to video from w3c.
Noah: We have a lot of overdue actions. I'd like to go over these with emphasis on the ones from people who haven't been on recent calls.
ACTION-342?
<trackbot> ACTION-342 -- Noah Mendelsohn to ask the TAG again about more formally tracking security issues in HTML5 -- due 2010-05-18 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/342
Noah: Shall we close this?
HT: Jonathan?
Larry: What do you mean when you say "in HTML5"?
Danc: I interepreted it as "in and around html5" - so e.g. Strict transport security.
<masinter> there are things bouncing between W3C HTML WG, WEBAPPS, IETF hard to track
Noah: This action is a bit broad - I'd like to close it or restructure it so I can track progress.
Larry: For example, sniffing has
security implications. How broad is the scope of security?
There are a lot of design questions that might have security
implications.
... e.g. Origin header, origin calculations, http
extension...
... we need to scope it.
<masinter> how to track this without scoping it?
Noah: Suggestions: we could appoint someone who is going to track security issues with html5 - and put this under the banner of "architecture of webapps"
<johnk_> notes: http://www.w3.org/Security/wiki/Main_Page
<johnk_> what is missing from that wiki?
<johnk_> (if anything)
<Zakim> DanC, you wanted to perhaps rephrase the question as: "are the existing collaboration mechanics sufficient? or should we try to get some security review thingy set up?"
DanC: Are the existing collaboration mechanisms sufficient? Or should we try to get some kind of security review set up.
Larry: I don't have a strong opinion.
DanC: that suggests closing the action.
+1 to closing it unless we have something specific to pin this on...
<masinter> I'm uncomfortable there are things that aren't being tracked, but I don't have anything specific that I know needs to be tracked.
Noah: ok let's close this - and we can [pick it up in the f2f]
ACTION-347?
<trackbot> ACTION-347 -- Jonathan Rees to research 303 caching change in HTTPbis -- due 2010-01-05 -- CLOSED
<trackbot> http://www.w3.org/2001/tag/group/track/actions/347
ACTION-427?
<trackbot> ACTION-427 -- John Kemp to read 4 distributed extensibility proposals and summarize them w.r.t. proposals TAG has discussed to date -- due 2010-05-13 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/427
<masinter> re "security", perhaps bringing this up in W3C Core Mission issues?
<DanC> action-347: overtaken by action-427
<trackbot> ACTION-347 Research 303 caching change in HTTPbis notes added
ACTION-357?
<trackbot> ACTION-357 -- Henry S. Thompson to elaborate the DPD proposal to address comments from #xmlnames and tag f2f discussion of 2009-12-10, particularly wrt integration with XML specs and wrt motivation -- due 2010-05-17 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/357
Henry: I think we should close it.
Noah: any objections?
[none noted]
Larry: back to security - I'm fine with closing the action - the issue of how W3C deals with security issues - I'd bring that up in the "core mission" discussion.
<ht> I will try to get myself up-to-date on the state of the various alternative extensibility/namespace proposals that were on the HTML5 agenda before the XML/HTML call next friday
<masinter> action-357?
<trackbot> ACTION-357 -- Henry S. Thompson to elaborate the DPD proposal to address comments from #xmlnames and tag f2f discussion of 2009-12-10, particularly wrt integration with XML specs and wrt motivation -- due 2010-05-17 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/357
Noah: Agreement to close action-357.
<DanC> close action-357
<trackbot> ACTION-357 Elaborate the DPD proposal to address comments from #xmlnames and tag f2f discussion of 2009-12-10, particularly wrt integration with XML specs and wrt motivation closed
ACTION-390?
<trackbot> ACTION-390 -- Daniel Appelquist to review ISSUE-58 and suggest next steps, due 2010-03-03 -- due 2010-05-18 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/390
<masinter> I don't understand what problem this is supposed to address
<masinter> issue opened almost 3 years ago... is there really a problem?
<noah> I think this was about things like W3C servers getting overloaded with requests for popular resources
DKA: I will try to make some progress on this for next week.
ACTION-410?
<trackbot> ACTION-410 -- Larry Masinter to let the TAG know that the IRIEverywhere plan in HTML WG went as planned -- due 2010-04-13 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/410
Noah: should we close this?
Larry: ah . ammm ...nnnnn
<DanC> action-58: DKA intends to look at it this week w.r.t. whether it should be on the ftf agenda
<trackbot> ACTION-58 fix .htaccess in 2007/09 so that .owl files get the right mime type notes added
Larry: I have nothing to tell the
tag at this time.
... Maybe postpone the action?
Noah: Maybe edit the title - or add a note with status?
<jar> action-390 due in 1 week
<trackbot> ACTION-390 Review ISSUE-58 and suggest next steps, due 2010-03-03 due date now in 1 week
Larry: I am not ready to report on it right now.
<DanC> action-58: due +1 week
<trackbot> ACTION-58 fix .htaccess in 2007/09 so that .owl files get the right mime type notes added
<DanC> action-410 due 1 Nov
<trackbot> ACTION-410 Let the TAG know that the IRIEverywhere plan in HTML WG went as planned due date now 1 Nov
ACTION-411?
<trackbot> ACTION-411 -- Larry Masinter to take the next step on announcing IRIEverywhere -- due 2010-04-13 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/411
Larry: My concern is that my plan for IRI everywhere wasn't sufficient. There are some other documents that might also need updating.
<DanC> action-410?
<trackbot> ACTION-410 -- Larry Masinter to let the TAG know whether and when the IRIEverywhere plan in HTML WG went as planned -- due 2010-11-01 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/410
DanC: We resolved the issue and Larry was to announce the resolution.
Larry: I'm not ready to do that until things are clearer.
Noah: Withdraw this action?
Danc: I'd like to put it in "pending review".
Larry: I'll come back next week.
ACTION-415?
<trackbot> ACTION-415 -- John Kemp to edit ftf minutes day 1 (Wednesday 24 March) -- due 2010-04-02 -- CLOSED
<trackbot> http://www.w3.org/2001/tag/group/track/actions/415
ACTION-414?
<trackbot> ACTION-414 -- Henry S. Thompson to prepare a draft agenda, including goals and means, for a proposed afternoon session with invited guests, and circulate for discussion prior to a decision, on the subject of addressing the persistence of domain names -- due 2010-05-17 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/414
<DanC> action-411: LMM says this isn't going quite as expected... we'll discuss soonish; mail from Larry would help
<trackbot> ACTION-411 Take the next step on announcing IRIEverywhere notes added
Noah: Will we want an afternoon free at the f2f?
<DanC> action-414 due monday
<trackbot> ACTION-414 Prepare a draft agenda, including goals and means, for a proposed afternoon session with invited guests, and circulate for discussion prior to a decision, on the subject of addressing the persistence of domain names due date now monday
Henry: [Yes at maximum.]
ACTION-427?
<trackbot> ACTION-427 -- John Kemp to read 4 distributed extensibility proposals and summarize them w.r.t. proposals TAG has discussed to date -- due 2010-05-13 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/427
<DanC> . action-427 due 6 June
John: Haven't completed. Hope to have written something by the time the f2f comes around.
Noah: let's block space for ACTION-427 at the f2f .
<DanC> action-427 due 6 June
<trackbot> ACTION-427 Read 4 distributed extensibility proposals and summarize them w.r.t. proposals TAG has discussed to date due date now 6 June
John: Yes.
ACTION-340?
<trackbot> ACTION-340 -- John Kemp to summarize recent discussion around XHR and UMP -- due 2010-05-13 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/340
<johnk_> ACTION-340?
<trackbot> ACTION-340 -- John Kemp to summarize recent discussion around XHR and UMP -- due 2010-05-13 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/340
Noah: My assumption was to schedule it for next week.
Noah: I want input from you on the f2f agenda.
<DanC> http://www.w3.org/2001/tag/2010/06/f2factionplan_nomarkup.html
<johnk_> yes
Noah: First 2 items both
critically important: getting writing done on "architecture of
web applications"
... We need to do more substantive reviews of more substantive
pieces of writing.
... Raman has proposed an initiative - regarding XML-HTML
architectural issues..... The TAG may wish to get
involved...
... We could try to get Raman on the phone at some point -
though time zones are bad.
... good overall goals?
+1
<johnk_> +1 to high-level goals
Noah: We have a large number of actions - many of which are open and promising some progress for (or after) the f2f. Have sorted the actions to relate them to the priorities...
<DanC> (same actions are in the Web Applications section of http://www.w3.org/2001/tag/group/track/agenda?duebefore=2010-06-09?bygroup )
Ashok: [on ACTION-355] I will have something. I'm writing something for ACTION-430. I'd like to speak to John about ACTION-416.
<DanC> action-430: AM is doing some writing; expects something short for the ftf
<trackbot> ACTION-430 Propose a plan for his contributions to section 5: Client-side state notes added
Noah: ACTION-355?
... Larry - you have ACTION-382, ACTION-424, ACTION-425...
<DanC> ACTION-355: JK is trying to get some work done between day-job obligations; won't be clear which stuff he can manage for the ftf until ~28May
<trackbot> ACTION-355 Explore the degree to which AWWW and associated findings tell the interaction story for Web Applications notes added
Larry: First should be pending review - ACTION-424.
<DanC> (note http://www.w3.org/2001/tag/group/track/agenda?duebefore=2010-06-09?bygroup is always current ;-)
ACTION-425?
<trackbot> ACTION-425 -- Larry Masinter to draft updated MIME finding(s), with help from DanA, based on www-tag discussion -- due 2010-05-31 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/425
<DanC> (hmm... rather http://www.w3.org/2001/tag/group/track/agenda?bygroup&duebefore=2010-06-09 )
Noah: If you're going to do some writing - should I schedule it for the f2f?
Larry: yes.
ACTION-382?
<trackbot> ACTION-382 -- Larry Masinter to review Web Arch web material and make proposals for changes or TAG action -- due 2010-05-31 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/382
Larry: I need an hour on the phone with Ian...
<DanC> action-382: LMM spent some time with Ian Jacobs but hasn't finished what he was thinking about
<trackbot> ACTION-382 Review Web Arch web material and make proposals for changes or TAG action notes added
ACTION-412?
<trackbot> ACTION-412 -- Dan Connolly to try the clarification question, blog item, or wiki approach to metadata-in-uris vs CSRF -- due 2010-05-21 -- OPEN
<trackbot> http://www.w3.org/2001/tag/group/track/actions/412
DanC: Yes.
Noah: [going over structure of remaining f2f actions...]
John: I think ACTION-340 is related to webapps arch...
Noah: I'll move that up to category 1.
<DanC> action-340: JK/NM agree this should be moved up to the "yes, for ftf discussion" list
<trackbot> ACTION-340 summarize recent discussion around XHR and UMP notes added
DKA: Should we put on the
schedule a brainstorm or something regarding the structure of
the WebApps Arch?
... E.e. the structure?
Noah: Would you like to do something in advance on this?
Larry: I like the idea - if there's something you think is important - to prepare a structured discussion. This is an area where getting someone to lead the discussion is a good way to raise it.
<DanC> . ACTION DKA: prepare discussion of structure of what we want to say[?] about web apps
<DanC> . ACTION DKA: prepare discussion of structure of what we want to say[?] about web apps; perhaps sketch a table of contents
DKA: I'm happy to take an action.
Noah: We have a couple of
ToCs...
... The TAG has not reached consensus that what we are trying
to produce is a "document."
<masinter> I'd welcome a concrete proposal, good way to get discussion
Noah: Reach out to people by email and get feedback.
<scribe> ACTION: DKA to prepare discussion of structure of what we want to do about web apps architecture... [recorded in http://www.w3.org/2010/05/20-tagmem-minutes.html#action01]
<trackbot> Created ACTION-434 - Prepare discussion of structure of what we want to do about web apps architecture... [on Daniel Appelquist - due 2010-05-27].
ACTION-386?
<trackbot> ACTION-386 -- Larry Masinter to review draft-barth-sniff and send comments, cc TAG -- due 2010-04-08 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/386
Larry: Things have moved on...
I've tried to get others to review. I did a review of version
3. I don't think version 4-5 took most of my review comments
into account. I want other parties (other than browser vendors
- e.g. firewall vendors) to take a look.
... so far they haven't post their comments back.
Noah: What should we do with the action?
Larry: open for suggestions...
ACTION-387?
<trackbot> ACTION-387 -- Henry S. Thompson to review JK/NM's stuff on sniffing, authoritative metadata, self-describing web, incl. http://lists.w3.org/Archives/Public/www-tag/2010Jan/0025.html -- due 2010-05-20 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/387
Henry: Not likely to take this much further before the f2f. We could revisit it with Yves in the room.
Larry: We could ask Yves to
prepare to discuss this issue specifically. It's part of the
W3C-IETF liaison.
... I disagree with decoupling [the barth mime types document]
from this.
DanC: Another way to look at this: We'd like the HTML and HTTP specs to be specific. The HTML spec cites the Barth draft normatively. The HTTP spec doesn't acknowledge. The HTML spec says "sniff", the HTTP spec says "don't."
John: Not any more - the HTTP
spec is vague on it now. I come back to the f2f - we came to
the conclusion that sniffing is bad and you shouldn't do it -
however in practice people do do it. We should see if we can
acknowledge the reality of sniffing without condoning it.
... At that meeting we agreed that the Barth draft represented
a [good?] single algorithm for sniffing.
... Larry didn't like referencing that draft.
... But what's our general position?
Larry: I have a position but I'm not sure anyone else does.
John: I have a position: i
believe the work on "authoritative metadata" and
"Self-describing web" is good.
... think the sniffing draft is a step forward.
... I'd like to understand how [Larry thinks] it's not a step
forward.
Larry: it's one step forward 3 steps backward.
<DanC> (how is the HTTP spec vague? "Such recipients SHOULD NOT override the specified type it there are known security risks and they SHOULD provide for users to disable such heuristic Content-Type detection.")
<noah> http://lists.w3.org/Archives/Public/www-tag/2010Jan/0025.html
Noah: Not comfortable with John's paraphrase.
<noah> Such incorrect labeling of content is contrary to Web architecture, and it
<noah> undermines many of the valuable Web characteristics described by this
<noah> finding.
<noah> Nonetheless, in part because such mislabeled content is common, certain
<noah> browsers and other user agents have been coded to guess or "sniff" the
<noah> intended content type, particularly for responses that are explicitly
<noah> typed as text/plain.
<noah> Such sniffing breaks the chain of accountability
<noah> described in this finding, making it more difficult for a user to hold the
<noah> publisher responsible for a document's contents.
<noah> Other negative consequences of sniffing are described in the
<noah> [AuthoritativeMetadata].
<noah> For example, "sniffing" can also expose the user
<noah> agent to security vulnerabilities; these can to some degree be minimized
<noah> by using more secure algorithms, such as the ones described in
<noah> [BarthSniff].
Noah: [It doesn't] endorse BarthSniff.
<DanC> (I still struggle with " many servers ... serve incorrect Content-types". what the server spits out is correct by definition, from the architectural point of view.)
Larry: this is part of the discussion on mime types. What I don't like is that the mime type labeling is incorrect.
<DanC> (perhaps "serve misconfigured mime types")
Noah: I understand that once it's
on the wire it's by definition correct. I'm saying - back
before it's served, if I tell my server to serve a jpeg as
tex/plain that that is incorrect.
... people are negligent are setting the switches...
[configuration of mime types].
... or people are unable to set the switches.
+1 to Noah -
Larry: I doubt that.
Noah: [chronology of mime type
pain on the web]
... USer agent guys are committed to sniffing because [of a
perception] that the servers are [often] misconfigured.
Larry: I'm not sure I believe the story.
<Zakim> ht_home, you wanted to address the "do we have a position" question
<ht_home> http://lists.w3.org/Archives/Public/public-html/2010Mar/0493.html
Henry: i am in the same general space that john is - our existing findings are good, they can be improved, and Barth is a step forward.
<Zakim> noah, you wanted to talk about what proposed text says
<masinter> some steps forward and some steps backward
<Zakim> DanC, you wanted to sympathize with larry in a couple ways (1) the future is longer than the past, and (2) what suggests the 1 algo...
DanC: Today I sympathize with Larry - First of all, the future is longer than the past. We should try to get things to be better. On converging on one algorithm...
<noah> I'm just a little frustrated: we had an action to review some text. Henry decided he'd prefer not, which is ok, but I think the first question is: does anyone else want to review the proposed text?
<masinter> i just checked again, and sniffing PDF is really causing a lot of bugs, the browsers should stop doing it
DanC: [whenever a new content type comes along the same forces will head toward a new algorithm]
Larry: Sniffing PDF is a bug. There are no reasonable use cases where PDF files are mislabeled that should be sniffed. The proposal in the document should be removed.
Noah: there was an action on Henry to look at particular text that has been drafted. Should we kill off ACTION-387?
DanC: I'm interested to see fixes [but none to propose].
Noah: if the incorrect bit could be replaced would you view the rest as a step forward?
DanC: This week I don't think we should endorse the barth draft.
Noah: I don't view it as an endorsement.
DanC: It "endorses" it as "accepted and securre"
Larry: there's nothing in
[barth
... ] that is is secure.
Noah: John - we're now hearing substantive concerns with the text... should we leave that as it is?
Henry: No! [suggests putting it
on the back burner]
... You think it's good, John thinks it's good, DanC thinks it
good except for one word, I [think it's good].
John: We don't have to approve it or endorse it...
<DanC> (I can live with endorsing the barth draft; I don't prefer it, though)
Larry: I don't think there's an algorithm that's generally accepted as approved.
<masinter> yet
John: they made a change in http
bis that loosened the language there. They relaxed the text and
made it more vague (than 1.1). If we loosen things up - then we
are making sniffing a little more endorsed. That changes the
dynamics.
... If there is an algorithm that is secure and accepted then
we should endorse it
Henry: I agree that the current
http draft went too far. We've agreed that they need to add
something that says "sniffing is bad" - I don't agree that we
have to get them to do anything at all with respect to barth.
What could be achievable could be to get the http-bis dra
... aft to say "sniffing is bad."
<DanC> action-370>
<DanC> action-370?
<trackbot> ACTION-370 -- Henry S. Thompson to hST to send a revised-as-amended version of http://lists.w3.org/Archives/Public/www-tag/2009Dec/0068.html to the HTTP bis list on behalf of the TAG -- due 2010-05-17 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/370
<ht_home> http://lists.w3.org/Archives/Public/public-html/2010Mar/0493.html is my attempt to do 370
<masinter> i like http://lists.w3.org/Archives/Public/public-html/2010Mar/0659.html
<masinter> Yves proposed text for HTTPBIS
Noah: We could leave a note in the action and put if off...
<ht_home> That's what I would like to discuss at the f2f, with Yves
ACTION-387?
<trackbot> ACTION-387 -- Henry S. Thompson to review JK/NM's stuff on sniffing, authoritative metadata, self-describing web, incl. http://lists.w3.org/Archives/Public/www-tag/2010Jan/0025.html -- due 2010-05-20 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/387
<DanC> (in sum, I suggest: close action-386 as lmm did it. leave action-370 as pending review and take it up with yves in London, and leave 387 pending review for London discussion too.)
Henry: let's talk about ACTION-370 [with Yves] in the f2f.
<DanC> action-387: LMM, DC expressed concerns about "incorrect"
<trackbot> ACTION-387 Review JK/NM's stuff on sniffing, authoritative metadata, self-describing web, incl. http://lists.w3.org/Archives/Public/www-tag/2010Jan/0025.html notes added
<Zakim> DanC, you wanted to note Yves's latest offering and to and to
Noah: Proposal on ACTION-387: we will update it to have a due date a few months and add notes that it is being put off to await progreess on action-370 and when that happens we will address concerns about the word "incorrect" and also the issue of security.
Larry: I'd like to include in the discussion - combine the discussion of ACTION-424 and ACTION-425 with this.
Noah: We need to get at the more fundamental "What do mime types mean?"
Henry: I think it's entirely reasonable to discuss this [at the f2f]
<DanC> action-424: LMM prefers to discuss this before 387, 370 at the London ftf
<trackbot> ACTION-424 Start discussion on www-tag about additional finding/web architecture around MIME types in web architecture, updating existing findings notes added
Noah: I'm going to make a note on ACTION-387 to discuss it [at the f2f] along with ACTION-370.
<noah> Note that Larry would like 370 to be discussed after 424/425
<DanC> action-387 due 7 Jun
<trackbot> ACTION-387 Review JK/NM's stuff on sniffing, authoritative metadata, self-describing web, incl. http://lists.w3.org/Archives/Public/www-tag/2010Jan/0025.html due date now 7 Jun
ACTION-386?
<trackbot> ACTION-386 -- Larry Masinter to review draft-barth-sniff and send comments, cc TAG -- due 2010-04-08 -- PENDINGREVIEW
<trackbot> http://www.w3.org/2001/tag/group/track/actions/386
DanC: Done to my satisfaction.
Noah: My sense is let's close.
close ACTIOn-386
<trackbot> ACTION-386 Review draft-barth-sniff and send comments, cc TAG closed
Noah: HTML language reference and media types; ACTION-340; XML-HTTP request and UMP - CORS security
<masinter> i'll be here on 27th
<masinter> send me email reminding me
<DanC> sending, larry
Ajourned.
<DanC> lmm, confirm you can scribe next week, pls?
<masinter> yes
<noah> Larry, can you scribe next week please?
<noah> thank you!
trackbot, make minutes