IRC log of tagmem on 2005-06-15

Timestamps are in UTC.

02:04:20 [DanC_lap]
DanC_lap has joined #tagmem
12:45:08 [RRSAgent]
RRSAgent has joined #tagmem
12:45:08 [RRSAgent]
logging to http://www.w3.org/2005/06/15-tagmem-irc
12:45:51 [Ed]
Zakim, this conference is TAG f2f June 15, 2005 (day2)
12:45:53 [Zakim]
sorry, Ed, I do not see a conference named 'TAG f2f June 15, 2005 (day2)' in progress or scheduled at this time
12:46:06 [Ed]
Zakim, this conference is TAG
12:46:06 [Zakim]
Ed, I see TAG_f2f()8:30AM in the schedule but not yet started. Perhaps you mean "this will be TAG".
12:46:23 [Ed]
Zakim, this conference will be TAG
12:46:26 [Zakim]
ok, Ed; I see TAG_f2f()8:30AM scheduled to start 16 minutes ago
12:47:29 [Ed]
Meeting: TAG f2f June 15, 2005 (day 2)
12:47:40 [Roy]
Roy has joined #tagmem
12:48:28 [Ed]
Scribe: Ed
12:51:21 [Ed]
Agenda:
12:51:23 [Ed]
http://www.w3.org/2001/tag/2005/06/14-agenda.html
12:52:59 [Vincent]
Vincent has joined #tagmem
12:54:15 [DanC_lap]
DanC_lap has joined #tagmem
12:54:24 [timbl]
timbl has joined #tagmem
12:54:42 [Ed]
Vincent: eash scribe is responsible for editing minutes
12:55:10 [Ed]
Vincent: formatted html.
12:55:57 [Ed]
Vincent: Ed scribes in the am, Norm in the afternoon.
12:56:54 [Ed]
TOPIC: review document that Dan sent out at the end of the meeting
12:57:10 [noah_home]
noah_home has joined #tagmem
12:57:25 [Norm]
Norm has joined #tagmem
12:57:47 [DanC_mob]
DanC_mob has left #tagmem
12:58:12 [DanC_lap]
-> http://lists.w3.org/Archives/Public/www-archive/2005Jun/att-0007/tag-directions.html outline
12:58:47 [ht]
ht has joined #tagmem
13:02:53 [Ed]
Vincent: What do we do with this list?
13:03:02 [Ed]
- it helps us do our work
13:03:06 [Ed]
-or-
13:03:19 [Ed]
- it may also be the outline of a document we need to publish.
13:04:12 [Ed]
Vincent: This is a 12 month issues list.
13:04:23 [Ed]
Ed: Should we try and reduce the list?
13:04:49 [Ed]
TB: this should be a live document, and we should review periodically.
13:07:53 [Ed]
Noah: Pick 3-5 to start with, we may need to narrow down to 2-3.
13:08:27 [Ed]
TBL: Healthy for us to have more than one thread.
13:11:20 [Ed]
Vincent: This list is a guideline for our work, we need to go through this and set priorities. Pick a few 2,3 or 4 to work on over the next few months.
13:17:56 [Ed]
Vote was taken to prioritize list... outcome was;
13:20:01 [Ed]
top items selected were ;
13:20:08 [Ed]
1) Web applications
13:20:15 [Ed]
2) Security
13:20:22 [Ed]
3) Semantic Web
13:26:38 [Ed]
http-Range-14 is assume to remain the 'urgent' priority
13:28:21 [DanC_lap]
Ed: lots of people have javascript turned off... maybe 18% of the visitors to HP web sites
13:29:58 [Ed]
Henry: solving issues such as Javascript interop and SVG native in browsers should also be considered.
13:31:03 [ht]
TimBL: Why do people hold their noses wrt the DOM?
13:31:33 [ht]
HST: Trying to do a language-independent API led to bad APIs for each of the language-specific binding
13:37:26 [Ed]
TBL: W3C as a working group could help produce a lot more tests around DOM.
13:38:08 [Ed]
W3C needs to be involved in the release of browswers in order to make this work. We havent been involved in the past.
13:38:37 [Ed]
Noah: There is a real trap in not getting in touch with our customers/vendors to find out where they're trying to take this stuff.
13:39:32 [Roy]
E4X example: http://weblog.infoworld.com/udell/2004/09/29.html
13:41:20 [Ed]
HT: seems to me that I feel like there is an opportunity to do it another way, other than using java script.
13:42:18 [Ed]
HT/Dan: if we could get the browser creators to sign-up for fixing the interop problem, there would be a large benefit.
13:42:56 [ht]
s/using java script/fixing java script/
13:44:47 [Ed]
Vincent: On web applications the group doesnt exist yet and even the charter doesnt exist yet.
13:45:09 [Ed]
If we can comment on the charter and make sure it address what we feel is important.
13:45:48 [Ed]
Once the group starts we can give input on the issues with the team. Helping them start without producing something signficant ourselves (work through the wg)
13:46:45 [Ed]
Vicnent: Other topics we can do in the short-term?
13:48:08 [Ed]
Dan: Should we be involved with the web apps charter?
13:49:02 [Roy]
http://www.cairographics.org/xr_ols2003/
13:49:40 [Ed]
ACTION: Dan to get web applications charter and share it with the TAG for review.
13:50:05 [ht]
HST finds the E4X example underwhelming -- like XQuery, but with idiosyncratic syntax
13:50:22 [Roy]
http://www.mozilla.org/projects/xul/
13:55:00 [Roy]
Avalon: http://winfx.msdn.microsoft.com/library/en-us/wcp_conceptual/winfx/port_tech_wcp.asp
13:56:33 [Ed]
Noah: We need to look for things that stress web architecture
13:56:41 [DanC_lap]
I'd like to hear from Zeldman ( http://www.zeldman.com/ ) on javascript interoperability and webapps
13:57:31 [ht]
http://javascript.weblogsinc.com/entry/1234000893027332/
13:57:39 [Ed]
Vincent: We are also looking at moving from Procedural to declarative languages
13:58:04 [Roy]
Haystack: http://haystack.lcs.mit.edu/
13:58:05 [Ed]
TBL: Lots of people have reversable xslt processes.
13:59:07 [ht]
Brendan Eich on "Remixable Applications": http://javascript.weblogsinc.com/entry/1234000720046078
14:04:33 [ht]
'Remixable applications' turns out to mean Greasemonkey
14:04:41 [ht]
http://greasemonkey.mozdev.org/
14:05:35 [Ed]
Ed has joined #tagmem
14:05:49 [Roy]
Adenine: http://haystack.lcs.mit.edu/papers/sow2002-adenine.pdf
14:07:41 [ht]
NM: Flash was less of a threat because it was typically only a part of a page, google could still get you there, but that's changing
14:08:14 [ht]
... We're seeing pages which are 100% flash, so nothing to get ahold off -- Avalon same deal
14:09:25 [Roy]
TRAMP: http://www.aaronsw.com/2002/tramp
14:11:02 [dorchard]
dorchard has joined #tagmem
14:11:16 [ht]
dave, we'll dial in
14:11:27 [dorchard]
thx!
14:11:28 [ht]
zakim, who is on the phone?
14:11:28 [Zakim]
TAG_f2f()8:30AM has not yet started, ht
14:11:29 [Zakim]
On IRC I see dorchard, Ed, ht, noah, timbl, DanC_lap, Vincent, Roy, RRSAgent, Zakim, DanC
14:11:31 [Zakim]
TAG_f2f()8:30AM has now started
14:11:38 [Zakim]
+DOrchard
14:11:45 [Zakim]
+MIT601
14:13:13 [DanC_lap]
the 3 that emerged as popular were: security, Web Apps, Semantic Web
14:14:05 [DanC_lap]
others that got some votes... Side effects, user identity, state, context
14:16:06 [DanC_lap]
ACTION VQ: invite Dean to a TAG teleconference
14:16:13 [DanC_lap]
timezone challenges noted
14:17:22 [DanC_lap]
DO: note the new mailing list on web description formats; seems relevant to web apps
14:17:40 [Norm]
Norm has joined #tagmem
14:18:04 [DanC_lap]
http://lists.w3.org/Archives/Public/public-web-http-desc/
14:18:41 [DanC_lap]
DO: these description formats are, for example, for the Amazon search service; URI encoding conventions, etc.
14:19:43 [DanC_lap]
(I'm kinda mystified by this; I thought WSDL was supposed to do this stuff)
14:20:16 [DanC_lap]
NDW: our webapps discussion was more about gmail, google maps... client-side dynamic stuff
14:22:05 [DanC_lap]
DO: hmm... the more stuff that's done in turing-complete formats, the lest you can do with declarative stuff [er... something like that]
14:22:33 [DanC_lap]
DC: exactly. [The Principle of Least Power] I think the TAG hasn't written this down the way we should
14:25:09 [DanC_lap]
NM: have you seen all these services layered on google maps? cheap gas and all...
14:25:44 [ht]
Mark Nottingham's intro use cases for web description (HST still not really getting what the subject matter is . . .): http://www.mnot.net/blog/2004/06/14/desc_usecases
14:27:43 [DanC_lap]
--- break for :15, after which resume with security
14:30:22 [dorchard]
I've collected a list of web descriptions http://www.pacificspirit.com/Authoring/REST/
14:56:17 [DanC_lap]
we asymtotically resume, a semi-spontaneous security discussion having broken out during the break
14:56:26 [DanC_lap]
Topic: Security
14:58:34 [Roy]
http://www.faqs.org/rfcs/rfc2617.html
15:05:29 [DanC_lap]
DC: state of the art in auth is: forms + cookies.
15:06:05 [DanC_lap]
... the security properties are just like HTTP basic, but the UI for HTTP basic is that crappy little dialog with (a) no trademark logo, and (b) no "if you forgot your password..." stuff
15:06:21 [DanC_lap]
DC: digest authenticaion has better security properties, but has the UI problem
15:06:38 [DanC_lap]
... the 1999 submission that suggested mixing digest auth with forms is still a good idea, IMO
15:06:40 [Ed]
TBL: The virus problem is software on your pc that you didnt realize you asked for.
15:07:14 [DanC_lap]
DC: another security issue is that with basic auth, the server doesn't store the password, but only an encrypted form of it. But with md5, it has to store the password
15:07:31 [Ed]
ht: you only want as much identification as you want/need.
15:07:41 [DanC_lap]
RF: yes, that's a bug in the MD5 spec that, 2 months into the development, the authors said there was "too much deployment to make such a change". argh!
15:07:52 [ht]
http://www.identityblog.com/
15:08:15 [DanC_lap]
DC: so shared-secret auth could be a lot better
15:09:18 [DanC_lap]
DC: then there's assymetric-key symmetric key... that's deployed for SSL certs...
15:09:19 [Ed]
ht: the security problem would get better by solving the identiy issue.
15:10:41 [Norm]
Norm has joined #tagmem
15:10:53 [Ed]
Dan: lets work hard to stamp out passwords in the clear
15:11:28 [ht]
http://www.identityblog.com/stories/2004/12/09/thelaws.html
15:13:05 [DanC_lap]
DC: if we could just do those 2 things, that would be good: (1) avoid passwords in the clear, (2) don't use turing-complete formats unless you have to
15:15:59 [Roy]
http://www.securityfocus.com/infocus/1688
15:16:10 [Roy]
http://www.securityfocus.com/infocus/1691
15:23:06 [DanC_lap]
... lots of brainstorming, not well-recorded ...
15:23:44 [timbl]
Public key crypto, phishing,....
15:25:15 [Ed]
discussion: Should we update the web arch or add additional books to volumne 2.
15:25:39 [Ed]
Noah: Findings is a good way to start collecting these things, we can later determine if it raises to the level to update the arch.
15:26:25 [Ed]
Dan: See www.w3.org/DesignIssues/Principles.html
15:27:07 [noah]
First draft of minutes from yesterday morning have been posted at: http://lists.w3.org/Archives/Public/www-tag/2005Jun/0031.html
15:27:25 [DanC_lap]
http://www.w3.org/DesignIssues/Principles.html#PLP
15:27:55 [Roy]
I will review it
15:28:12 [Roy]
s/it/PLP.
15:28:28 [noah]
s/raises/rises/
15:29:10 [Ed]
ACTION: Roy and Norm to review http://www.w3.org/DesignIssues/Principles.html#PLP
15:30:02 [Roy]
http://ai.eecs.umich.edu/cogarch2/prop/declarative-procedural.html
15:30:40 [Ed]
ACTION: Dan to write a report on the state of the art authentication in the web.
15:30:45 [DanC_lap]
"A Report on the Sorry State of Authentication in the Web"
15:32:13 [Ed]
Dan notes this is as much a recruiting document to help solicit input from additional experts in the area.
15:33:29 [Ed]
TBL: Need to inform users and users and those who write browsers
15:36:31 [Ed]
TBL: suggests TAG should make suggestions, address bar and Icon changes to denote links/security.
15:38:49 [Ed]
TBL: some actions in Browser should not be allowed. For example, hover over link should show the true link at the bottom of the browser and the browser should not allow for it to be over-ridden.
15:39:42 [Ed]
Dan: The first time the software structure cam to his mind was with MP3. Real networks and Microsoft have a little battle over who's software gets to run.
15:39:59 [Ed]
Dan the two keep over-riding the registry as to who the top of the heap is.
15:40:26 [Ed]
TBL: Registry for MIME type 1
15:40:29 [Norm]
s/riding/writing/
15:42:56 [Ed]
Ed has joined #tagmem
15:45:04 [Ed]
rrsagent, please make logs world-visible
15:46:01 [Ed]
TBL: Bug over riding DLLs use by other people.
15:47:54 [Ed]
discssion: Microsoft issues with DLL's
15:50:07 [DanC_lap]
(does this meeting have time to explain to me how .Net purports to address "dll hell"? it has something to do with assemblies, but I don't grok as deeply as I'd like)
15:50:19 [Ed]
TBL: Auditing. Its both a symptem of auditing the problem as well as..
15:52:15 [Ed]
TBL: We should put on our list, the xBrowser security note.
15:52:46 [DanC_lap]
s/xBrowser/voice browser/
15:54:59 [Ed]
TBL: have the javascript security policies been reviewed? eg "a script can only open a TCP connection to the site from whence it came"
15:55:55 [Ed]
HT: its difficult to apply style sheets to java script pages.
15:57:21 [DanC_lap]
DC: I think browsers only run XSLT stylesheets from the same site that the document came from
15:57:32 [DanC_lap]
TBL: so the community has bought into security-by-domain
15:58:58 [DanC_lap]
(good question, HT, what about the grid?)
15:59:29 [Ed]
TBL: If your picking up a style sheet and it wasnt constraigned and then you referred back to a local copy but when you do an actual HHTP referance to that there is a forward.
15:59:36 [Ed]
(or an alias)
16:00:16 [noah]
Regarding TBL's question as to whether JavaScript policies have been reviewed: I just checked with Sam Ruby, who was secretary for ECMAScript standardization effort. To has knowledge, that effort was scoped to the language only: no formal standardization of DOM, security models, etc.
16:03:19 [Ed]
Some plug-ins are trusted (like PDF) where others are less trusted because they are scripting languages which are executed locally (such as flash).
16:05:39 [timbl]
[NEWS] Macromedia Flash Plugin Can Read Local Files
16:05:47 [timbl]
http://www.derkeiler.com/Mailing-Lists/Securiteam/2002-08/0030.html
16:08:31 [Ed]
HT: A point for discussion. The UK funding bodies are particularly concernced about the grid, the semantic web, and the web. Are there technical architectural issues around remote servies?
16:11:10 [Ed]
Vincent: We conclude our discussion on security. There is certainly interaction between the grid, ws and the web in general.
16:11:42 [Ed]
Vincent: We have addressed with some success authentication/passwords and principles of least power
16:12:25 [Ed]
rrsagent, please show actions
16:12:25 [RRSAgent]
I see 4 open action items:
16:12:25 [RRSAgent]
ACTION: Dan to get web applications charter and share it with the TAG for review. [1]
16:12:25 [RRSAgent]
recorded in http://www.w3.org/2005/06/15-tagmem-irc#T13-49-40
16:12:25 [RRSAgent]
ACTION: VQ to invite Dean to a TAG teleconference [2]
16:12:25 [RRSAgent]
recorded in http://www.w3.org/2005/06/15-tagmem-irc#T14-16-06
16:12:25 [RRSAgent]
ACTION: Roy and Norm to review http://www.w3.org/DesignIssues/Principles.html#PLP [3]
16:12:25 [RRSAgent]
recorded in http://www.w3.org/2005/06/15-tagmem-irc#T15-29-10
16:12:25 [RRSAgent]
ACTION: Dan to write a report on the state of the art authentication in the web. [4]
16:12:25 [RRSAgent]
recorded in http://www.w3.org/2005/06/15-tagmem-irc#T15-30-40
16:12:52 [noah]
A question arose before about Flash data access.
16:13:09 [noah]
From the macromedia site: http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_14213
16:13:19 [Ed]
ACTION: Dan to draft "Dont use passwords in the clear"
16:13:31 [noah]
"For security reasons, a Macromedia Flash movie playing in a web browser is not allowed to access data that resides outside the exact web domain from which the SWF originated.
16:13:31 [noah]
As an enhancement to Macromedia Flash Player 7, domains must be identical for data to be read. With this change a sub-domain can no longer read data from a parent domain and vice versa."
16:15:47 [noah]
While this doesn't explicitly discuss access to local files, it leads me to believe that Flash does indeed do what one would expect: I.e. to run in a different mode when a .SWF file is launched through the web vs. when run locally. This all seems quite similar to Java.
16:17:22 [Ed]
We will save Semantic web for tomorrow
16:17:31 [Ed]
After lunch we'll address 49
16:17:41 [Ed]
break for lunch resume at 1:15
16:18:02 [Zakim]
-DOrchard
16:35:27 [noah]
BTW: Looking back at that "Flash can read local files" report, it was clearly listed as a bug.
16:35:33 [timbl]
timbl has joined #tagmem
16:41:28 [Ed]
rrsagent, draft minutes
16:41:28 [RRSAgent]
I have made the request to generate http://www.w3.org/2005/06/15-tagmem-minutes.html Ed
17:20:34 [Norm]
Norm has joined #tagmem
17:26:28 [timbl]
timbl has joined #tagmem
17:27:20 [Zakim]
+DOrchard
17:27:20 [Norm]
Scribe: Norm
17:27:41 [Norm]
Topic: schemeProtocols-49
17:28:07 [Norm]
Noah has produced a draft finding
17:28:08 [noah]
http://lists.w3.org/Archives/Public/www-tag/2005Jun/0024.html
17:28:19 [noah]
http://lists.w3.org/Archives/Public/www-tag/2005Jun/0025.html
17:28:47 [noah]
Actual draft is at http://www.w3.org/2001/tag/doc/SchemeProtocols.html
17:29:22 [Ed]
Ed has joined #tagmem
17:29:22 [timbl]
timbl has joined #tagmem
17:29:48 [Norm]
Not polished even as a first draft, but useful for determining if it's going in the right direction
17:30:22 [Norm]
Motivated in part by P2P and streaming. Vague sense that the kind of content that flows over http isn't the only kind of content that might exist.
17:30:42 [Norm]
So what are the right ways to go beyond or leverage http?
17:31:42 [Norm]
Review can be divided into two aspects: first, is there anything that's factually wrong?
17:32:42 [Norm]
Second aspect: is it beginning to tell a story that the TAG wants to tell
17:40:50 [Norm]
q?
17:42:50 [Norm]
dorchard: wonders what the motivation/problem is that this finding addresses.
17:43:37 [Norm]
NM: Impression is that for example, some P2P protocols are integrating better into the web than others.
17:44:10 [Norm]
NM: For streaming, does it make sense to have lots of new protocols, or does it make sense to get a document with a particular media type
17:44:56 [Norm]
NM: We've never really clearly said, other than looking back, what are the guidelines for creating new protocols that you might need. And what are the other things that you might need to know that aren't in AWWW
17:45:03 [Norm]
DC: It would suit my taste better if you'd talked about P2P or streaming
17:45:15 [Norm]
...right up front
17:45:23 [Norm]
NM: That's meant to be in 3rd para of the preface
17:46:22 [Norm]
ht: Section 4 maybe belongs in an appendix, but as far as the questions you are going to answer, I don't need to know this stuff about gateways
17:47:10 [Norm]
ht: How to get an FTP URI with the HTTP protocol isn't on the shortest path to the goal
17:47:23 [Norm]
VQ: The correspondence between the two protocols is valuable.
17:48:00 [Norm]
VQ: The gateway itself isn't very interesting, but the equivalence between the operations (or sequence of operations) may introduce the issue of inventing new protocols when others are already available
17:48:22 [Norm]
NM: One bit of advice: consider similarity to the operations avialable in other protocls
17:49:42 [Norm]
NM: Because http allows you to carry an HTTP URI, you can do this gateway without having to invent a new URI
17:49:54 [ht]
q+ to ask about the reality of this ftp-over-http example
17:50:00 [Norm]
NM: Another bit of advice: ok, if you're going to build a p2p protocol, you might want to make it easy to carry other people's URIs around
17:50:20 [Vincent]
ack DanC_lap
17:50:20 [Zakim]
DanC_lap, you wanted to point out a few comments about misleading bits, and to express a lack of motivation. a story is traditional, by now.
17:50:21 [Norm]
DC: Do you have anything you feel is a short summary (one or two sentences)
17:50:51 [Norm]
NM: I think the one I just mentioned might be one
17:51:04 [Norm]
NM: last paragraph before ednote in Chapter 4
17:51:39 [Norm]
DC: "Protocols designed to be ... such URI names"
17:51:40 [Norm]
NM: And in section 3
17:51:59 [Norm]
NM: The second paragraph
17:52:54 [Norm]
NM/DC disagree about the practice of 404ing namespace URIs
17:53:09 [Norm]
NM: Creating a scope in a language should be a lightweight thing to do.
17:53:47 [Norm]
DC: This paragraph is terribly misleading.
17:54:28 [Norm]
NM: I'd be happy to say the "should provide servers" part a little more strongly
17:54:53 [Norm]
NM: What is there that keeps me Noah at IBM from naming my URIs with someone else's DNS?
17:54:55 [Norm]
NM: I'm writing it down here.
17:55:00 [Norm]
DC: I think that's already covered
17:55:31 [Norm]
NM: I was trying to say that you never want to preclude someone from doing the right thing which is to actually deploy
17:55:44 [Norm]
DC: It still feels like obscure cases
17:55:57 [Norm]
NM: To me it's important to say where the rules come from.
17:56:59 [Norm]
NM: It's a deep architectural question about what it means to mint URIs that don't have servers
17:57:12 [timbl]
timbl has joined #tagmem
17:58:01 [Norm]
DC: The part about not using someone else's DNS is in the URI Ownership section of AWWW
17:58:21 [Norm]
NM: The larger way to look at this is a way of building things from first principles
17:58:34 [Norm]
NM: Then you can look at the problems: how to get P2P on the web, what to do with streaming media
17:58:55 [Norm]
DC: Maybe it'll work better in later drafts
17:58:55 [Norm]
DC: I don't have an overall sense
17:59:04 [Norm]
RF: For me it's still backwards, you don't select URIs based on protocols or vice-versa
17:59:52 [Norm]
RF: There exist resources in the universe and there are methods of accessing them. To a certain extent, the methods cause them to be named. One way to achieve that is to map a URI scheme, simply an identifer, to the methods
18:03:11 [Norm]
Norm has joined #tagmem
18:03:27 [Norm]
RF: And then you look at the responsibilities of the handler at this point. What does it have to do
18:03:41 [Norm]
NM: Where is the nature of the default defined
18:04:29 [dorchard]
q+
18:05:43 [Norm]
Some discussion here about origin servers and authoritative requests
18:06:19 [Norm]
RF: It's what the server currently represents as the representation of that resource
18:06:45 [Norm]
NM: I thought the archicture said if you really got a 200 back from the origin server, you are authorized to say that that was a representation of that resource
18:06:52 [Norm]
NM: That it was in some sense what that URI was naming
18:07:27 [DanC_lap]
q+ to suggest 2 or 3 things: (1) if (but *not* only if) you get a 200 on port 80, you have a representation of http://... (2) the Internet community has delegated to IANA a mapping from scheme names to protocols that are best current practice; today, it relates http: to the HTTP spec. (3) access to "the Web" may go thru client proxies, and local policy may be satisfied with very old representations, etc.
18:07:30 [Norm]
RF: No. If I give you an ID for a social security number and you use that to get RF's tax records, does that give you my tax records or a document with current information about my taxes, ...
18:07:48 [Norm]
ht: What it gives you is an authoritative representation of that resource at that time
18:08:05 [Norm]
NM: So there's no way that I could say that that's a representation of another resource (as opposed to the real one)
18:08:24 [Norm]
NM: Not all URI schemes work that way is my impression. The UUID scheme doens't say a lot about authoritative representations
18:08:42 [Norm]
RF: Not all schemes are grounded in representations (or protocols)
18:09:06 [Norm]
RF: When I say there's an http information space, it doesn't depend on the version of the http protocol
18:09:15 [Vincent]
ack ht
18:09:15 [Zakim]
ht, you wanted to ask about the reality of this ftp-over-http example
18:09:38 [Norm]
ht: Is this ftp-over-http example really important
18:09:48 [Norm]
ht: Stipulate that it's all true, does it have any interest in practice
18:09:59 [Norm]
ht: Are there any such gateways in the universe and are they actually used
18:10:05 [Norm]
RF/DC oh yeah
18:11:13 [Norm]
DC: The servers come out of the box configured to be origin servers
18:11:29 [Norm]
ht: Point me to a server that does work as a proxy server
18:11:43 [Norm]
RF: It's used in almost every large corporation as an interanet/extranet buffer
18:12:03 [Norm]
RF: The reason you can't see this from the outside world is that thye have been configured *not* to look like proxy servers
18:12:49 [Norm]
DC: Almost all the APIs have variables you can set to do this
18:14:52 [Norm]
NM: Part of the reason I brought this up was because the architecture allows it we ought to describe it
18:14:57 [Norm]
NM: But really the question is, should I give an http: scheme name to something that's actually in bittorrent
18:15:44 [Norm]
TBL: The rules are written through the evolution of the architecture
18:17:29 [Norm]
TBL: When you look at whether your going to make a bittorrent scheme or support bittorrent with http URIs, you're making some tradeoffs
18:17:47 [Norm]
NM: I didn't mean to set down rules, I meant to explore what the tradeoffs are
18:18:18 [Norm]
q?
18:18:38 [Norm]
DC: I wouldn't talk about one protocol fitting in another, I'd talk about accessing representations
18:19:45 [Norm]
DC: You have to motivate generality, and you've only done that about representatoins
18:19:49 [Vincent]
ack dorchard
18:20:46 [Norm]
dorchard: I wanted to comment on defaulting. That's not written down but everyone uses it. The operation you use is also defaulted. Using http: doens't imply doing a get.
18:20:52 [Norm]
NM: I disagree with the second
18:21:10 [Norm]
ht: It's interesting to note that linkcheck does HEADS not GETs
18:21:37 [Norm]
NM: I agree with Henry. The reason GET is a default is because browsing is the most common thing we do. But for any of them, we could have an applicatoin with different defaults
18:22:31 [Norm]
NM: If I was handed a 'qrs:' scheme, where would I get started? The scheme should be registered at IANA. For some of those schemes, the scheme documents would be a lot like the document for http.
18:22:55 [Norm]
RF: Each specification defines what it knows about the univers, it doesn't define the whole universe and then itself
18:23:19 [Norm]
RF: Good practice moving forward is to separate the scheme specification and the protocols
18:24:21 [Norm]
RF: The scheme specification should point to a set of protocols (e.g., http and https). And should also describe the set of procedures that are used to map from identifiers in that scheme space to resources available via that protool or set of protocols
18:24:48 [Norm]
RF: The resources "just are". These are the associated set of access mechanisms.
18:25:07 [Vincent]
DO, Ok
18:25:09 [DanC_lap]
(not sure they "just are")
18:25:18 [timbl]
q+
18:25:50 [DanC_lap]
+1 tell us a story, uncle Noah
18:25:53 [Norm]
dorchard: The other thing that I was going to suggest was that in the Arch Document there have often been stories. It would be good to have a story here with P2P or streaming.
18:26:48 [Vincent]
ack DanC_lap
18:26:49 [Zakim]
DanC_lap, you wanted to suggest 2 or 3 things: (1) if (but *not* only if) you get a 200 on port 80, you have a representation of http://... (2) the Internet community has delegated
18:26:49 [DanC_lap]
ack danc
18:26:52 [Zakim]
... to IANA a mapping from scheme names to protocols that are best current practice; today, it relates http: to the HTTP spec. (3) access to "the Web" may go thru client proxies,
18:26:57 [Zakim]
... and local policy may be satisfied with very old representations, etc.
18:27:05 [ht]
q+ to parallel this with the streaming media/rtps story
18:27:21 [Roy]
Roy has joined #tagmem
18:27:54 [timbl]
Social relationships involved in the relatiion between a URI and a representation are of quite different for for diffrent protocols. Eg it takes technology AND scoial agreement to mak eHTTP 200 responses definitive, but the concepts of trust are very different. The protocols used to be the master thing, until the schem had been used for naming a lot of things -- now the prpotocl is secondary and can be upgraded, prseveing the scheme.
18:28:02 [Vincent]
ack timbl
18:29:12 [Norm]
TBL: You can be held accountable for http: 200's because there are social relationships behind the servers and DNS, etc.
18:29:50 [Norm]
TBL: It's possible that within the life of the TAG, it'll be necessary to introduce a P2P version of http
18:30:02 [Norm]
TBL: But that may come with caveats
18:30:33 [Norm]
TBL: You may need a button on your browser that says you want the definitive version (for your home banking)
18:30:56 [DanC_lap]
-> http://lists.w3.org/Archives/Public/www-tag/2005Jun/0032.html comments on SchemeProtocols.html , transcribed from my paper copy
18:31:03 [Norm]
TBL: The trust may be very different. We'll end up morphing the trust situation in a very positive way or a very negative way.
18:32:39 [Norm]
NM: The metapoint I'm trying to raise that just perhaps the story you just told is an important story that's not well articulated
18:32:45 [Norm]
NM: What I wanted to do in heading off into this space is to tell stories like this
18:33:56 [Norm]
Note to scribe: what RF said above about http: and https: may not have been what he meant to say
18:34:39 [Norm]
NM drifts towards httpRange-14
18:34:40 [Roy]
I missed it
18:36:21 [Norm]
ack ht
18:36:22 [Zakim]
ht, you wanted to parallel this with the streaming media/rtps story
18:36:25 [Vincent]
ack ht
18:38:32 [Norm]
ht: What Roy is calling the http: information space has the defining property that it has the DNS+hierarchy naming structure. The information space that define the http information space are about an organization of a relationship between identifiers and the resources they identify. This is completely independent of the protocol.
18:38:38 [DanC_lap]
a suggestion: the http scheme is an agreement that there's a space of information resources, where one part of the name identifies a party, usually a domain owner, who gets to say the relationship between those names and representations that correspond to them
18:39:19 [noah]
q?
18:39:32 [noah]
q+ to ask whether operations are associated with URI scheme or protocol
18:40:00 [Norm]
ht: That's an interesting perspective. What I'm concerned about is the question, "if that's true, it's very strongly at odds with the naive users perspective which is that http is about what we call representations"
18:40:16 [Norm]
ht: retracts that statement for the moment :-)
18:40:23 [DanC_lap]
(re noah's question, I care in the case of representation access, but the case of operations in general is too academic; please pay one story before we spend the time to answer. 1/2 ;-)
18:40:31 [Vincent]
ack DanC_lap
18:40:31 [Zakim]
DanC_lap, you wanted to ask that we go thru the bittorrent case
18:41:02 [Norm]
NM: Do people believe that the operations come with the scheme or the protoco.
18:41:10 [Norm]
s/protoco/protocol/
18:41:26 [Norm]
DC: That's not a small question,that's an enormous protocol
18:41:29 [Norm]
s/protocol/question/
18:42:04 [Norm]
Answer not obvious.
18:42:29 [Norm]
DC: Let's do daap: first (Digital Audio Access Protocol)
18:43:04 [Norm]
Apparently it is *exactly* the same as http 1.1.
18:43:23 [DanC_lap]
"The Digital Audio Access Protocol, or DAAP, is used by Apple's iTunes 4.0 digital audio player to share music across a network or the Internet. It provides capability not only to stream audio from one computer to another, but also to list the host's playlists so that they can be accessed remotely." -- http://daap.sourceforge.net/
18:43:58 [Norm]
DC: They came up with a different scheme so that they could get injected into the software deployment story
18:45:50 [Norm]
The Mac dispatches on scheme name
18:46:33 [Norm]
TBL: They forked http and added a few bits
18:47:49 [Roy]
http://daap.sourceforge.net/docs/index.html
18:47:55 [DanC_lap]
(I was looking at http://them.ws/post/775/what_is_daap__ )
18:48:51 [Norm]
VQ: Maybe bittorrent is a better example
18:49:01 [Norm]
DC: Anyway, daap seems like a way not to do it
18:49:33 [Norm]
DC: Nice story: My kid wrote a nice story, it gets insanely popular and automatically switches to bittorent so the load on my server only goes up a little bit
18:50:27 [Norm]
ht: I find a URI for your kids story, I click on it, the browser waits a few seconds and says, gee this sucks, aborts that, and initiates a bittorrent request
18:50:28 [Norm]
DC: bittorrent isn't the same as gnuntella, it isn't entirely peer-to-peer
18:50:40 [Norm]
dorchard: There's one tracker per-distributed resource
18:51:06 [Norm]
DC: I'm the guy who has to publish the seed
18:51:33 [Norm]
ht: You may have to do something and then my client has to automatically try to use bittorrent
18:51:45 [Vincent]
q?
18:52:26 [Norm]
Scribe may have missed a bit
18:53:20 [Norm]
TBL: Speculative design of a fallback system: Dan's server when it hits a certain load it automatically sends back a response that tells the client to switch to bittorrent
18:54:47 [Norm]
DC: I think Henry's design is fundamentally better because the other way I have to satisfy a TCP request from my server
18:55:42 [Norm]
DC: I'd put a .torrent file on my server that would have the address of the tracker and some starting servers.
18:55:56 [Norm]
DC: The bittorrent protocol has been upgrade to be trackerless
18:56:09 [Norm]
ht: My question is what *I* do.
18:56:38 [Roy]
http://www.bittorrent.com/protocol.html
18:57:05 [noah]
News article on trackerless BitTorrent: http://www.betanews.com/article/BitTorrent_Creator_Opens_Online_Search/1117065427
18:57:35 [Ed]
more general... http://www.bittorrent.com/introduction.html
18:57:41 [Norm]
DC: In http, the *publisher* gets to say what the right answer is. In this other world, the social conventions are totally different. It becomes the world that gets to say what the representation is
18:58:00 [timbl]
http://joi.ito.com/archives/2005/05/20/bittorrent_goes_trackerless.html
19:00:30 [Norm]
dorchard: A lot of people don't use google, they use bittorrent sites that do a better job of searching bittorrent files.
19:00:42 [Vincent]
q?
19:00:55 [Norm]
dorchard: And they provide comments
19:00:55 [timbl]
"While it is called trackerless, in practice it makes every client a lightweight tracker. A clever protocol, based on a Kademlia distributed hash table or "DHT", allows clients to efficiently store and retrieve contact information for peers in a torrent."
19:00:58 [noah]
q-
19:01:07 [timbl]
Quote was from http://www.bittorrent.com/trackerless.html
19:01:32 [noah]
q?
19:01:57 [Norm]
ht: We're morphing this question into a P2P version of access to the HTTP information space
19:02:08 [Norm]
ER: It does, it's just a really bad idea
19:02:36 [Norm]
Some discussion of IPR, aborted
19:02:55 [Norm]
TBL: trackerless bittorrent has a distributed hash table in it
19:03:39 [Norm]
TBL: If we replace http with a not-DNS hierarchy system then we'll end up with a differnt social system.
19:04:00 [Norm]
TBL: When you use http, you trust the publisher, when you use bittorrent, you trust the other users running bittorrent
19:04:39 [timbl]
But you can do a checksum or sig check on the downloeded result, and use trusted parties or trusteed links (links with keys or hashes inthem)
19:05:07 [DanC_lap]
(in the case of "file on an http server gets really popular; let's switch to bittorrent" all the clients are going to have to do a round-trip to the origin server to get the md5 and some bittorrent coordinates, unless we mix in quite a bit more stuff)
19:05:21 [Norm]
NM: One question is how do you get new modes of delivery (such as P2P) for things named with http: URIs
19:05:35 [ht]
HST is/was trying to push on the question of the possibility of giving access to the http information space using a (collection of) transport protocols which are not HTTP or anything close to it
19:06:20 [DanC_lap]
q+ to point out that the reason for continuing to use http: names is not just that timbl wants to Rule The World, but that preserving links is valuable to society as a whole
19:06:20 [Norm]
NM: One of the things that's likely to result from that has to do with DNS names. The social understanding of what your likely to get changes in interesting ways.
19:06:52 [ht]
DanC+HST combine to ask: can we provide the "quite a bit more stuff" in a way which preserves the social properties of the information space
19:07:32 [Norm]
q?
19:07:39 [Norm]
ack DanC_lap
19:07:39 [Zakim]
DanC_lap, you wanted to point out that the reason for continuing to use http: names is not just that timbl wants to Rule The World, but that preserving links is valuable to society
19:07:43 [Zakim]
... as a whole
19:08:39 [Norm]
DC: The value of the network is the web of names. Keeping the same names preserves the value of the web.
19:11:21 [Norm]
NM: I think the reasons why we wnat to use http names is worth writing down
19:11:33 [timbl]
"BitTorrent is a protocol for distributing files. It identifies content by URL and is designed to integrate seamlessly with the web. Its advantage over plain HTTP is that when multiple downloads of the same file happen concurrently, the downloaders upload to each other, making it possible for the file source to support very large numbers of downloaders with only a modest increase in its load." -- http://www.bittorrent.com/protocol.html
19:11:43 [Norm]
s/wnat/want/
19:12:54 [Norm]
VQ: Noah will incorporate comments into the draft.
19:13:01 [Norm]
VQ: Should we link it as a finding in progress
19:13:50 [Norm]
General agreement
19:13:51 [Norm]
ACTION: VQ to make a link from the findings-in-progress page
19:15:10 [Norm]
ACTION: NM to produce a new draft
19:16:29 [Zakim]
-DOrchard
19:16:34 [ht]
zakim, bye
19:16:34 [Zakim]
leaving. As of this point the attendees were DOrchard, MIT601
19:16:34 [Zakim]
Zakim has left #tagmem
19:38:04 [DanC_lap]
Topic: httpRange-14
19:56:49 [DanC_lap]
lots of discussion... HT put a picture up (pointer, ht?) with a couple URIs
20:00:45 [Norm]
Representations vary over time; people can make different assertions about what a representation means
20:02:50 [Norm]
With the '#', there's a whole different architecture (involving mime types)
20:03:08 [ht]
http://www.ltg.ed.ac.uk/~ht/webpropernames/img2.png
20:06:11 [Norm]
RF: When people use URIs, they aren't necessarily using it in an identification relationship
20:06:27 [Norm]
RF: They are using it in a "more information" relationship
20:07:04 [Norm]
RF: In <a href="http://www.paris.org/Monuments/Eiffel/">Eiffel Towe</a>, the URI is not for identification, it's a pointer to something that gives more information about the tower.
20:07:44 [Norm]
RF: Indirectly, it identifies the tower
20:08:15 [Norm]
If I replaced that with an SVG image source, a human being reading the page will reach the same conclusion (that it's the depicted real tower)
20:14:24 [DanC_lap]
the "nobody uses http uris for anything but documents" is an "at your own risk" sort of conclusion, not one that you can turn around ala "if it's not a web page, it can't have a hashless http URI"
20:14:36 [DanC_lap]
q+ to respond to timbl ala the "nobody uses http uris for anything but documents" is an "at your own risk" sort of conclusion, not one that you can turn around ala "if it's not a web page, it can't have a hashless http URI"
20:14:46 [DanC_lap]
where did zakim go?
20:14:48 [Zakim]
Zakim has joined #tagmem
20:14:51 [DanC_lap]
q+ to respond to timbl ala the "nobody uses http uris for anything but documents" is an "at your own risk" sort of conclusion, not one that you can turn around ala "if it's not a web page, it can't have a hashless http URI"
20:15:13 [Roy]
http://www.httpsniffer.com/http/100304.htm
20:18:06 [Norm]
q?
20:19:25 [Roy]
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.4
20:19:39 [Roy]
303 See Other: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.4
20:20:06 [DanC_lap]
(in preparation for straw poll, I'm swapping in SWBPDWG's request http://lists.w3.org/Archives/Public/www-tag/2005Mar/0101.html )
20:21:27 [Norm]
Induction: the world is used to thinking http: URIs are documents, so they must be
20:21:50 [Norm]
Induction: the world is used to thinking that '#' in an http: URI is a pointer into the document, so they must be
20:24:52 [Ed]
my head hurts.. but I think I'm taking Tim's side on this. We need to make a clear distiction.
20:26:22 [DanC_lap]
. http://web.resource.org/cc/Reproduction
20:31:21 [Norm]
In the picture yesterday we had two levels distinguishing "identifies" and "points to" where RDF defines "identifies" but doesn't define "points to" very well and HTTP defines "points to" but doesn't define "identifies" very well
20:31:50 [Ed]
In semantic web its important to know if your referancing a document vs an object.
20:35:48 [ht]
http://www.httpsniffer.com/http/100303.htm
20:35:53 [DanC_lap]
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3
20:38:27 [DanC_lap]
infoRes axiom, the lesser: { ?R a http:OK200; http:about ?X } => { ?X a webarch:InformationResource }.
20:39:49 [DanC_lap]
where an HTTP GET /path to host.example is http:about <http://host.example/path>
20:39:52 [Norm]
RF: Proposal: If an http resource responds to GET (a) with a 200 OK, then it is an information resource, (b) with 303 See Other, then it could be *any* resource, and (c) with any 4xx error, then ... ?
20:40:03 [Norm]
Seems to garner a modicum of support
20:40:10 [Norm]
NDW: I could sign off on that compromise
20:42:26 [dorchard]
what 2xx or 3xx response codes identify non-information resources?
20:43:12 [DanC_lap]
the common architecture position: "points to" and "denotes" agree on URIs without hashes.
20:43:30 [timbl]
http://www.w3.org/2005/06/13-tag123.html
20:43:42 [Norm]
The proposal is that 2xx identify information resources; 3xx say "see other" so they could be anything
20:44:02 [DanC_lap]
dorchard, a 303 response doesn't give any constraints about whether the resource is an information resource or not
20:44:23 [DanC_lap]
... per the RF proposal
20:46:01 [Roy]
My proposal is that we provide advice to the community that they may mint "http" URIs for any resource provided that they follow this simple rule for the sake of removing ambiguity:
20:48:11 [Roy]
a) If an "http" resource responds to a GET request with a 2xx response, then the resource identified by that URI is an information resource;
20:49:18 [Roy]
b) If an "http" resource responds to a GET request with a 303 (See Other) response, then the resource identified by that URI could be any resource;
20:49:55 [Roy]
c) If an "http" resource responds to a GET request with a 4xx (error) response, then ... ?
20:52:09 [Roy]
This proposal enables people to name arbitrary resources using the "http" namespace without any dependence on fragment vs non-fragment URIs
20:54:30 [DanC_lap]
(Henry, I wonder what impact this should have, if any, on the XPointer registry)
20:54:30 [Roy]
... and reducing ambiguity appearing on the Semantic Web by folks misusing the non-information resource's URI to identify the information content returned by redirected request
20:56:08 [DanC_lap]
(I'd prefer myTripLog#tower , rather than myTrip#tower , to be clear that the stuff before the # is a document)
21:02:19 [Ed]
(what if its a portal and myTripLog# is a program which generates the result you get at myTripLog#tower)
21:09:35 [DanC_lap]
(myTripLog might be supported by a program, but it's not a program. it's a document)
21:09:52 [noah]
Httprange-14: the issue is "TBL's argument the HTTP URIs (without "#") should be understood as referring to documents, not cars."
21:11:31 [DanC_lap]
so RESOLVED.
21:11:57 [Norm]
Unanimity
21:12:33 [Norm]
ACTION: RF to declare victory and move on
21:16:09 [DanC_lap]
RRSAgent, make logs world-access
21:16:20 [DanC_lap]
RRSAgent, please draft minutes
21:16:20 [RRSAgent]
I have made the request to generate http://www.w3.org/2005/06/15-tagmem-minutes.html DanC_lap
21:16:32 [DanC_lap]
RRSAgent, pointer?
21:16:32 [RRSAgent]
See http://www.w3.org/2005/06/15-tagmem-irc#T21-16-32
22:21:19 [timbl]
timbl has joined #tagmem
22:54:39 [timbl]
timbl has joined #tagmem
23:42:45 [timbl]
timbl has joined #tagmem