W3C

W3C Technical Plenary

04 Nov 2009

See also: IRC log and Plenary Day agenda.

Contents

  1. Welcome to TPAC 09 (from TimBL)
  2. Decentralized Extensibility in HTML5
  3. Maintaining a Healthy Internet Ecosystem -- Challenges to an Open Internet Infrastructure
  4. Lightning talks (Part I)
  5. Privacy on the Web of Applications -- Challenges and Opportunities
  6. Web Apps vs App. Stores
  7. Future of the Social Web
  8. Lightning talks (Part II)
  9. Ralph's closing comments

Thanks to Chair Ralph Swick and scribes: Ian Jacobs, Steven Pemberton, Liam Quin, Henry S. Thompson, Karen Myers, Jeanne Spellman, timeless.


<raman> morning all from the room!

<cardona507> good morning everyone

Welcome to TPAC 09 (from Tim)

<mauro> [ Tim welcomes everybody ]

Decentralized Extensibility in HTML5

[Moderator]: Henry Thompson, W3C / U. of Edinburgh

Henry: Welcome to a debate, intended to be educational. Structured to bring out the details, complexity, and richness of the problem space we label "decentralized extensibility"

[Speaker]: Noah Mendelson, TAG Chair (IBM)

Noah's slides: http://lists.w3.org/Archives/Public/www-archive/2009Nov/0003.html

Noah Mendelson: My job today is to bring everyone here up to speed on why this is important, why it's hard, and some background on some particular details.

Noah Mendelson: HTML is the most important doc format on the Web, and quite possibly the most important doc format in the world.
... We are debating who gets to say what is in HTML.
... This also says a lot about who we are as a community.

<marie> [Noah's slides are also linked from http://www.w3.org/2009/11/TPAC/PlenaryAgenda.html]

[Noah points out that he's not representing IBM or the TAG, just here to help!]

Noah's definition of decentralized extensibility: "The ability for a language to be extended by multiple parties who do not explicitly coordinate with each other."

Noah Mendelson: (Slide 5: What sorts of extensions)
elements, attributes, data values.... There are potentially lots of extensions people do for lots of reasons.
... First, why some people are passionate about the importance of decentralized extensibility.
... (1) modularity is good (2) separation of concerns is good (3) Web is an unusual system; Web is too big for any central group to invent or coordinate all the extensions we need.

Noah Mendelson: My view is that good architecture can be reduced to a few use cases.
... SVG is a separate specification, that happens to be an XML vocabulary.
... it's easy to reuse the pieces.
... you and I may work in an industry where we choose to use SVG in a document format of our creation.
... by using the same SVG as others, we have some changes that cut/paste works across container languages, that the same svg parers/renderer can be used, and that the same toolset may be used.

Noah Mendelson: and it will also be easier to duplicate user training, documentation, etc.
... and we may also benefit from testing separation.
... finally, the separation of concerns allows the marketplace to decide on a solution.

Noah Mendelson: Now the perspective on challenge to decentralized extensibility.
... First, nobody has found a painless way to do this (more on why in a moment) - not everyone believes HTML extensions will be needed very often anyway.

Noah Mendelson: For instance, SVG only happens once in a while. Maybe it's easier not to build a generalized mechanism but to introduce features as we need them to the core language.
... Some mechanisms for avoiding name collisions are ugly and/or complicated.
... With DE (decentralized extensibility), it can be hard to move experimental extensions into the core.
(example: <xxx:table> -> <table>)

Noah Mendelson: The main controversies in this discussion are about avoiding name collisions.... Now, on to some questions: Does HTML 5 provide decentralized extensibility?

<tantek> <xxx:table> -> <table> is not what has happened in practice. What has happened in practice is: <a> -> <svg:a>

<tantek> the *opposite*

<tantek> namespaces = siloization, encouraging *divergence*, not convergence

Noah Mendelson: What the text/html serialization of HTMl 5 does not provide are mechanisms like XML namespaces that help to avoid naming conflicts or help explict existing vocabularies.

<raman> tantek, was waiting for you to say svg:a :-)

<tantek> raman - the presenter used SVG as an example, therefore it was fair game in cross-examination.

Noah Mendelson: There are a number of extension points (Noah lists a few: @class, @rel, <meta>, <script>, ...)
... So the question is "how will you coordinate on extensions"?
... My understanding is that:

1) There won't be too many cases where you need major new features

2) Where there are major new features, update the spec

<hsivonen> (surely SVG should be coordinated with HTML right here at the W3C instead of being something that happens without coordination between the parties)

<Julian> tantek, I've seen other vocabularies where the opposite happened (existing elements in other namespaces reused properly)

<tantek> I hereby place my contributions to irc.w3.org chat rooms into the public domain, and explicitly grant permission for inclusion in any public logs.

Noah Mendelson: There's a point of view that if your spec is really extensible, you can leave a lot out of it.
... HTML 5 has been criticized for including "too much" presumably since it is not extensible enough.
... There has been this debate (week by week) -- in or out?; my list of features here is a moving target.

<raman> Tantek, I do the same for my comments, and further assert that Bubbles promises to do the same --- all other dogs permitting:-)

Noah Mendelson: So the big question here has to do with name collisions.

<tantek> Liam - you can use CC0: http://creativecommons.org/publicdomain/zero/1.0/

Noah Mendelson: I will focus here on namespaces, the mechanism traditionally used in this context.

[Noah starts to dive down into xml namespaces]

<tantek> "this markup is ugly"

Noah Mendelson: I think the biggest con is that "people hate this stuff"; hard to type, URIs are long.

<tantek> also, copy/paste fragility

Noah Mendelson: URIs should be in tag names, but that is even worse to type.
... Everybody does this....(e.g., java packages)...you end up with clumsy names, and then complexity to make them tractable.
... Since we don't like prefixes, then we use defaults, which cause their own problems.

<tantek> ah there it is

<tantek> "Namespaces tend to break DOM-level updates (e.g. innerHTML)."

<benadida> actually, it's just that the people who hate this stuff are highly vocal. Plenty of people don't care.

<tantek> benadida - the opposite, the people that *do* care about namespaces tend to be the more vocal.

<Marcos> isn't src attribute in the null namespace?

Noah Mendelson: For me the deepest flaw in the namespace approach is that as element names become more "standard" you are stuck with the prefixes used in deployed content.... There are some proposals floating around to help manage the namespace question (Liam Quin, and one from Microsoft). Proposals linked from slides.
... Summary:

* Disagreement about how often extensions will be needed, and whether collisions would cause problems.

* Disagreement about whether central coordination through the HTML WG suffice.s

* Disagreement about whehter it's practical to provide decentralized mechanism to avoid name collisions.

* There is disagreement as to how much to compromise to maintain compatibility with XML.

* There is disability as to which capabilities shoudl be slpit out from HTML and which existing Rec to make usable in HTML 5 (e.g., microdata, rdfa mappings, svg, canvas)

* There is disagreement in particular about inclusion of RDFa

[Noah discusses why it matters]
Wether HTML 5 will adapt well as new capabilities are needed, who will be able to create and deploy enhancements, whether HTML 5 will be convenient, compatible with existing content, will work with XML tools

<tantek> "Namespaces are ... usable in XHTML" <- strongly disagreed.

<benadida> tantek - seeing how much you have to say in this chat room appears to contradict your claim that anti-namespace people aren't vocal :)

<tantek> benadida - email logs of public-html proves the point that namespace advocates are more vocal, more often, and spend more time write lengthier messages on the topic.

<Roger> I think Noah just did a heck of a good job.

Henry: Thank you, Noah.

<DanC> well, most of the data isn't visible. most people who care one way or the other about namespaces don't participate in public-html or W3C at all

<John_Boyer> This talk did a good job on syntactic extensibility, but we also need to be considering extensibility from the interaction domain, e.g. uniform support for XBL-like functionality.

[Debaters]: Jonas Sicking (Mozilla Foundation) and Tony Ross (Microsoft)

slides: http://www.w3.org/2009/Talks/1104-tpac-ht/

First question on definitions:

Jonas Sicking: I think that people are trying to solve different problems.
... Seems good to allow private extensions.
... The Web at large may not need everything.
... The distributed part is the harder part - people who don't talk to one another to coordinate extensions.
... I agree that name collisions is a hard question.
... So I think it's ok to have other W3C groups be able to add extensions.
... e.g., we see browser vendors doing experimental css property values to test them out.
... there's a small amount of coordination to avoid stepping on feet, but it's distributed to the extent that more than one group can create extensions.
... and I think that kind of extension is a good thing.

Tony Ross: Largely I agree with a lot of what Jonas said.
... What is important when talking about DE is who can extend, and how.
... You can have people writing their own standards, frameworks with their own extensions, browsers that extend, non-browser tools that extend, etc.
... There are extensibility mechanisms in HTML, but it only goes so far (e.g., microformats)

<tantek> "to some extent distributed extensibility is possible in HTML today, we have seen this with microformats"

<benadida> microformats are *distributed* extensibility?

<tantek> benadida - was just quoting Tony

Tony Ross: We are imposing some limitations...you can't create your own tags. As we get more than just browser vendors involved, we can be talking about tens of thousands of people wanting to add their own targetted extensions.

<tantek> I'm not sure I would call microformats "distributed extensibility" themselves, but rather an example of distributed extensibility in that they occurred *outside* W3C.

Tony Ross: If someone wants to use a feature defined by somebody else, if the mechanism is simply prefix-based, there's a desire to keep the name short.

<rigo> tantek, everything occured first outside W3C

<tantek> Tony: "if someone wants to use calendar from one and date picker from another ..."

Tony Ross: Another issue is consistency.
... we have support for this in xhtml...and in the (HTML5) DOM
... we have support for namespaces implicity in the html 5 syntax.
... names acquire namespaces implicitly (e.g., svg and mathml namespaces)
... So namespaces are available through the Dom; just not there yet in the markup.
... I think namespaces provide a desirable solution.

Jonas Sicking: When people want to add a feature to HTML 5, we first ask "what is the use case"?
... So why do we want this type of decentralized extensibility.

<tantek> There is insufficient representation of pragmatists and web publishers on this panel.

Tony Ross: Lots of XML applications use namespaces, providing xml-namespace based support in html 5 would allow easier reuse in HTML 5 context.

[Henry asking each speaker to ask the other for any clarifications]

Tony Ross: What in particular do you find about xml namespaces hard or undesirable?

Jonas Sicking: Two problems, partially stemming from the same thing.
... When I hear people talk about various elements, everyone refers to <svg:a>...nobody writes out the full svg namespace.
... People think of the "full name" as being the "short name" (prefix + local name)
... People in practice identify with the short name
... The real name is a tuple; you have to pass around two values (namespace URI + local name, and sometimes even the prefix, too)
... so this adds complexity to code.

[Slide 4] core questions: http://www.w3.org/2009/Talks/1104-tpac-ht/#%284%29

Henry: I heard considerable agreement on "what DE is."
... People begin to differ in the core questions.[
... how do we enable DE in HTML 5? How to avoid name collision? Subsidiary issues (XML v HTMl serializations, apis, validators, non-browser UAs)

Tony Ross: Regarding a proposal to manage name collisions. There was a proposal on the list. I think DE is somewhat enabled already in HTML 5, but I think that for the sake of consistency, we should explore how much closer we can bring HTML XML serialization with existing XML ns mechanism.

<Roger> I recall that one of the big factors in the success of HTML was that it was a highly simplified subset of SGML.

<Roger> People like me could use it.

<Roger> I personally would like to be able to do a "view source", cut and paste some of the HTML into my own document, and have a chance in hell of making it work.

Tony Ross: You can use namespace APis available in the DOM.

<tantek> Tony, if you believe in XML Namespaces, then resurrect XHTML2, grab whatever elements you want from HTML5 (perhaps the whole set), introduce a new mimetype for non-draconian XML handling, and offer it as an alternative to HTML5.

<annevk> XML5 FTW!

<tantek> annevk ++

Tony Ross: Obviously validators have a lot of freedom in what they validate, but there is an impact on users.

<rubys> annek: are you going to bring that up that when Henry opens up the floor for questions?

<Hixie> that's what data-* is for

<masinter> This is mainly a political issue hiding behind a technical one. If Microsoft started to use <SL> for SilverLight and Linden Labs started to use <SL> for Second Life, who would have the authority to allow or disallow either of them, or decide between them?

<hsivonen> (fwiw, today XHTML5 validators don't allow random namespaces, so Namespaces and validation are separate questions)

Tony Ross: You don't want to push some functionality to script and away from declarative markup.
... We should provide guidelines for DE.
... Avoiding name conflicts with core language in the future
... Using a URI helps also with conflicts with other extensions.

<raman> namespace view -- Let's colonize the Web" --- 2 seen as 5 (mirror image view) dash-it -- we dont want to be colonized --- Hence --- use dashes instead of colons everywhere:-)

<Hixie> data-*="" already handles the dojo use case -- it's what it was meant for: http://www.whatwg.org/specs/web-apps/current-work/multipage/elements.html#embedding-custom-non-visible-data

<hsivonen> masinter, moreover, is it good for the Web to delegate a substantial part of markup processing to Silverlight or Second Life?

Tony Ross: Prefixes help shorten.
... It is an indirection, but people are used to that (e.g., putting a value in a variable)

<tantek> hsivonen - W3C has never defined how to validate multi-namespace documents.

<benadida> Tony is right on "you don't want to push some functionality to script and away from declarative markup." I want a web where declarative data can be one of the powerful tools at our disposal.

<hsivonen> masinter, what if I have a device that doesn't have a port of Silverlight or Second Life. How do I read the content?

Jonas Sicking: We already have several interesting extension mechanisms.

<raman> larry --- java packages --- gues who wrote code in package com.ms --- hint: domain ms.com is owned by Morgan Stanley --

Jonas Sicking: We need to ask the question "what do we need DE for?" The HTML 5 spec is good enough for some use cases. E.g., the ability to use microdata, or rel values.

<masinter> hsivonen, your use of "delegate": who exactly is doing the delgation? And what is the threshold for "substantial"?

<tantek> Jonas: "We already have microdata, we already have the ability to add new rel values, we have a rel-profile proposal"

Jonas Sicking: You can use profiles to ground names (in HTML 4)
... If you want to add other elements, write a specification. I think that's a good way for people to extend the language where we want people to experiment or add functionality to the Web platform.

<benadida> seems to me Jonas is ignoring a bunch of clear evidence for DE: Google, Yahoo, and others creating their own vocabularies and then later, serendipitously, coming together on a subset.

Jonas Sicking: Adding a feature to the Web platform should not be taken lightly; we suffer from poorly defined features.

<benadida> isn't html5 trying to kill @profile, btw?

<hsivonen> masinter, delegated away from a standard-implementing engine. substantial if I can't make sense of content without an extension processor.

Jonas Sicking: Tremendous cost to a poorly desgined feature -- we want people to collaborate, review, and integrate into the core web platform.

<arun> benadida, don't you think those very use cases will gravitate to microdata as well? Is there anything *intrinsic* about the use of a namespaced solution?

Jonas Sicking: It's not a problem for scenarios where you just want local extensions; small group of people; in that case, you don't need to worry about name collisions.

<Julian> benadida, it did, so far

<myakura> isn't manu working on the proposal for adding @profile?

Jonas Sicking: If we want the whole web to use it, we should work on integration.
... what would be nice is to do what css does - if you want to do a local extension, here's how you do so (using "-token-" prefix)

<rubys> manu's draft: http://lists.w3.org/Archives/Public/public-html/2009Nov/0103.html

<raman> Arun, it always scares me when email threads go down the road of "I dont like X", let's make it difficult to do X; let's make X impossible, for if it were possible, people might use it :-) that's my short summary of the namespaces debate on the public mailing list

[Questions of clarification between debaters]

Tony Ross: Do you think consistency between the 2 serializations is important?

<masinter> Let's get rid of seatbelts in cars because we don't want to have any accidents.

<raman> Arun, it always scares me when email threads go down the road of "I dont like X", let's make it difficult to do X; let's make X impossible, for if it were possible, people might use it :-) that's my short summary of the namespaces debate on the public mailing list

<benadida> arun - microdata might be useful, though it stinks of NIH. HTML5 could have used RDFa syntax without namespaces (which wouldn't fulfill all of the use cases, but at least wouldn't be silly reinvention.)

Jonas Sicking: There is value to consistency. At the same time, looking at the documents people write today, many more are written in HTML than in XMl.
... HTML has been much more popular. I don't want to make the 2 the same. First of all, choice is good. But second, the XML world made some mistakes, and I think xml namespaces is one of them.
... Consistency is nice, but things aren't always that simple.

Jonas to Tony: How concerned are you about breaking compatibility with existing documents.

Jonas Sicking: Because browsers today in the html serialization, ns attributes are ignored, .....there's a lot of content that therefore relies on them being ignored. Do we have data that show that it will be ok to turn on ns support?

Tony Ross: We do have some data, and there would be some problems, so we need to manage the compatibility.
... I don't think that with prefixed element names, compatibility concerns pose as big a risk.

Jonas Sicking: One concern is that javascript libraries may want to add names and their might be collisions there.
... but libraries add properties to the global object...there's a situation where you might have name collisions.

<hsivonen> would MS ship their proposal across all the modes of IE9?

Jonas Sicking: but we haven't seen it in practice; with the exception of the dollar name, but there it was somewhat intentional.
... since js libraries have shown that they can deal with sharing a ns without name collisions, I don't think we should worry about it.

Tony Ross: Js gives the end user more flexibility in resolving this than markup does.
... they typically put functionality in a global object. And they work fine if you rename that object something else (aliasing).
... eg, I can run multiple versions of jquery at the same time by using aliasins.

<benadida> "js libraries have shown that they can deal with sharing a ns without name collisions" is simply not what I've seen from extensive JavaScript injection into web pages.

Tony Ross: I don't think we have that flexibility automatically with just markup.
... I was wondering, Jonas, whether you think there should be different requirements for different types of authors.

<Rotan> Yes, page authors are in a different class. Adding DISelect to HTML 5, for example, is a problem without some name management solution.

Jonas Sicking: Yes. browsers have a larger responsibility for not injecting crap into the namespace of what they support. We have seen that when browser vendors inject features, they get picked up, and browser vendors end up having to support it.
... So the bar should be very high for browser vendors to add extensions.
... For js libraries, I think the bar should be slightly lower, though they might have similar concerns as browser vendors about uptake.
... I'm relucting to impose any constraints on page authors, who do what they want anyway.
... I think we should expect people will use their own elements and attributes.
... I am happy we've added a mechanism for adding attributes: the @data attribute.

Henry: Thank you, debaters.
... Now to the floor.
... I will try to keep threads going (over strict mic order)

Julian Reschke: Two comments. The fact that you have to pass tuples to the API is an APi issue, not a ns issue.
... The HTML WG could add APIs to pass namespaced element names.
... Second point - bad extensions are deployed whether we have DE or not. E.g., we have canvas.

Jonas Sicking: Regarding ns tuple: yes, it might be possible via APIs; but haven't seen a proposal on this; might not be so straightforward.
... Also relucting to add a third set of APIs for this access...the second round of APIs has not been that popular. Most people use "createElement"
... people are very ns-agnostic.
... we made a firefox change recently (moving things to html ns from null ns ) and very few bug reports resulted.

Tony Ross: There was some discussion about the means of combining ns+ local name into a single string.
... I don't feel a new API would be necessary, but I don't think it would add complexity if we did.
... ideally an API would be a single string access into the tuple anyhow.

Liam Quin: Over the past year I've been talking to a lot of people in the XML community. We can't break XML; it's very widely used. And people rely on it a lot. ... But we can add things.
... I asked what we might add to XML in a way that would work with HTMl.

<rubys> http://www.w3.org/2009/Talks/08-quin-balisage-namespaces/

Liam Quin: The "unobtrusive namespace proposal" allows mashups.
... You have an optional file that a browser could go off and fetch, which defines what ns the elements are in.

<Rotan> Would there be a way for a page to override Liam's proposed external doc of namespace settings?

Liam Quin: A browser would not ordinarily have to go get anything; a browser behaves as though it had already loaded the file.
... This proposal solves some of the problems identified here.
... Regarding name collisions, it lets you say what "foo" you mean; but does not let you use two different "foo" elements from two ns in the same document.
... For that case, I would just use xml namespaces.
... There is also an ISO proposal to address this.

Henry: I'd like the debaters to address the implicit question: if the overhead of using xml namespaces were reduced, would that make a difference?

<timbl> Rotan, presumably.... maybe they should cascade .. like CSS .. oh maybe we should use css .. svg a { background: #ffe; namespace "http://www.w3.org/..svg" }

<Rotan> Tim, exactly what I had in mind.

Jonas Sicking: I don't know off the top of my head. You'll still have a tuple as the identifying name. You'll still have a disconnect where people talk about names using one label, but it remains this tuple.
... Sounds interesting; I'd like to analyze the problems we are seeing and which problems it addresses or not.

<Rotan> Namespace-sheets, in addition to style-sheets :)

Jonas Sicking: The proposal does seem to address the problem of copying from one doc to another. Sound "better" but don't know yet if "quite there."

<dom> Automatic XML Namespaces

Henry: Anyone else want to speak to making xml namespaces "more palatable"

Jonas Sicking: Have you submitted the proposal to the HTML WG?

Liam Quin: I've submitted it to the HTML Coordination Group.

<Liam> [yes via the hypertext coordination group]

<DanC> liam, the hypertext CG isn't a technical forum. very different from the HTML WG

<hsivonen> why via a secret group?

Rotan Hanrahan: Friendly amendment --- you could use a sort of CSS cascade to simplify the namespace problem (going from explicit ns to default ns)

<Roger> Roger says he agrees with Julian.

Larry Masinter: The topic is DE in general, though we've focused more narrowly on element/attribute extensibility. I would like to express support for extensibility more generally; this has allowed creativity on the Web.

<Roger> me says he agrees with Julian (sorry)

Larry Masinter: There's a political issue hiding behind a technical issue. The technical one is "how do you spell X" but the political one is "who has the authority?" For example, brand issues.
... This problem addressed through mechanisms like registries.
... we need to come to the conclusion of what W3C wants the political solution to be; the technical solution will follow.

Jonas Sicking: I agree that DE elsewhere [than elements and attributes; scribe thinks] is interesting. E.g., the microdata proposal.

<raman> we should create the PAG (Political Architecture Group) --- name intentionally chosen since PAG has always raised the spectre of a "patent advisory group"

Jonas Sicking: On the question of "who gets to decide"; we're biased---browser vendors or UA vendors decide. What they implement is ultimately what people can use.

<John_Boyer> One reason that XML namespaces are based on URIs is because it allowed the W3C to punt the registry issue elsewhere. If W3C ran a registry, then perhaps namespaces could be simplifed

Jonas Sicking: though it is also true that browser vendors will follow what a lot of authors do.

Tony Ross: In terms of the political issue, it's broader than just user agents. Who gets to extend? Impact of browser extensions has a big impact.

Ralph Swick: I heard more agreement among debaters than I expected. I heard agremeent on extensibility, and also distributed extensibility.

Ralph Swick: However, clients of HTML are not just browsers. there are other clients.
... Tony raised an interesting point about validation. One thing that has held us back has been a lack of a framework that supports ad-hoc extensions.
... We addressed that in XML using XMl schema languages to do mixed-markup validation.
... How do we register extensions?

<arun> That's easy -- it goes in the global namespace ;-)

Ralph Swick: things that push info into attributes moves the ability to validate outside our generic validator to extension-specific validation.
... on the question of registration...if we use dns, that's a form of registry, if we use a wiki, that's another.
... There's a subtle difference - whether I'm forced to publicize that I'm using an extension (even one in a private Intranet), would I be forced to use a central registry v hiding it behind the DNS?

Tony Ross: Ideally, in a scenario like you described, you should not have to go do a central registry.
... you do need the ability to resolve conflicts if they exist...but going to a central registry for private extensions is asking to much.

Jonas Sicking: There are private extension mechanisms in CSS, HTTP. Having something like that could be useful here.
... help avoid collisions, but don't need to tell anyone you are doing it. You should not have to go to a registry to use such an extension.

<Rotan> "Experimental" names have an awkward habit of becoming permanent.

<Yves> registries imply persistence issues

Steven Pemberton: I was on a panel in 2003...this panel is an extension of that one. I gave a talk where I suggested that we needed unobtrusive namespaces; glad to see that idea reborn.
... I work in a community that uses DE in HTMl all the time. We know what the advantages are. But the community is bimodal.
... Seems in this case, the solution should serve both communities, without excluding one.

Tantek Celik: Tony, you brought a proposal to the HTML WG. My suggestion to you is that if you believe in XML, resurrect XHTML 2, introduce what you want, and register a new mime type for non-draconian XML handling, and offer it as an alternative to HTML 5.

<Steven> http://www.w3.org/2003/Talks/tp-steven-web/

Tony Ross: You are definitely entitled to your opinion.

Henry: We are down to matters of opinion. There are two main costs to porting XML into the HTML universe.
... Cost at the API level of managing tuples; cost at the syntax level managing issues there .
... So "is the benefit worth the cost?"
... And there are several proposals to reduce the cost.
... This has been useful in moving the discussion forward. Thank you.

<unl> MikeSmith: draconian error handling is *not* prescribed by the xml spec. it's an interpretation issue. the YSOD is a mozilla problem. see webkit getting it right with non-wellformed xhtml files

<tantek> For the record, my question / proposal at end of "Distributed Extensibility" session was intended seriously (not sarcastically), to enable/allow/encourage exploration of multiple options by strongly interested parties.

<tantek> "important role to play in meatspace"

Maintaining a Healthy Internet Ecosystem -- Challenges to an Open Internet Infrastructure

[Moderator]: Leslie Daigle, Internet Society
[Presenters]: John Curran (ARIN) ; David Conrad (ICANN) ; Lisa Dusseault (IETF)

<marie> [slides at http://www.w3.org/2009/Talks/20091104-InternetEcosystem-Intro.pdf]

Leslie Daigle: Focus - to talk about managing internet for common good
... Success is due to open standards, freely accessible processes, transparent governance
... internet must remain open for the next big thing
... ecosystem
... standards, resource management, infrastructure, users, organisations that build capacity
... who does what really?
... spider diagram (just one perspective)

Leslie Daigle: education and capactity building sub diagram
... users sub diagram
... policy development sub-diagram

Leslie Daigle: Naming and addressing sub-diagram
... open standards sub-diagram
... shared global services
... Today's panel, 3 pieces of the diagram represented - IETF, ICANN, ARIN

[Panelist]: Lisa Dusseault, IETF Applications area director

<marie>[slides at http://www.w3.org/2009/Talks/IETF-tpac09.pdf]

Lisa Dusseault: W3C and IETF do work well together. Mark Nottingham is our coordinator at W3C
... DanC and PLH are good contacts

<glazou> IanJ, I'll need you miniDVI again for my lightning talk

<plh> --> http://lists.w3.org/Archives/Public/public-ietf-w3c/ W3C/IETF liaison mailing list archive

[Panelist]: David Conrad, ICANN

<marie> [slides at http://www.w3.org/2009/Talks/IANA-tpac09.pdf]

David Conrad: Also at IANA... about 1000 registries, some which have 4 or 5 requests per day

<timely> <http://www.icann.org/en/transparency/>

<DanC> MOU = Memorandum of Understanding: http://en.wikipedia.org/wiki/Memorandum_of_understanding

<tantek> could scribes expand acronyms? many are having trouble following

<timely> SLA=Service Level Agreement; ... a regional internet registry

[Slide: Summary]

David Conrad: We are trying to be more open
... our website is getting better

[Panelist]: John Curran from ARIN

<mauro> ARIN --> American Registry for Internet Numbers https://www.arin.net/

<marie> [no slides avail.]

John Curran: I will give you years of terror

John Curran: ARIN is a regional IRI assignment entity... involved in BGP routing... I was a founder, moved to CEO.
... we have a transition coming up
... 2^32 ipv4 addresses
... we have been giving them out
... we used to give out class A, class B, class C
... we''ve switched to giving out <slash-notation>
... we've been going through 10-12 slices a year
... we're down to 28 slices left
... we have 717 days left
... and we will run out of ipv4 addresses
... when we run out of addresses
... people won't be able to connect new servers
... we're not really running out
... we're running out of unassigned addresses
... every 6-12 months regional groups come asking for addresses

[or was that isps]

John Curran: there are ranges which are available because they can be torn down (dial up ranges)
... some addresses can be exchanged by offering customers savings for returning addresses

John Curran: every ISP will have to start reclaiming addresses
... there are a lot of addresses assigned to companies that don't exist anymore
... some original granted groups have turned in early range grants
... there are 6-12 of those perhaps left
... but this won't help for much time
... at some point, we will run out
... option 1. we put a sign out, "the internet is full, go away"
... this is actually real simple
... it's perfect
... there are some equity and fairness issues
... some countries are only now coming to the table
... and it's unfair to them
... option 2. ipng
... what you now call ipv6
... it has 2^128 addresses
... which is a lot of addresses
... i won't try to enumerate them
... but we can still spend them at the same rate
... but this isn't enough
... because it's not about packets
... there's a need to get packets connected
... and most servers only have ipv4 addresses
... we have 2 years to get ever web server an ipv6 address

[shouted!]

<DanC> *we have 2 years to get ever web server an ipv6 address* , he says

John Curran: i'm now telling you that it is your job that we get every server an ipv6 address
... in addition to an ipv4 address
... if everyone were to do that
... we could connect new users with just an ipv6 address
... we've looked at the number of servers with ipv6 addresses
... it's a small number

<DanC> doesn't youtube account for a majority of IP traffic already? google has IPv6 deployed, no? 2% sounds low

Elika Etemad: why can't you assign everyone an ipv6 address?

<dom> google has IPv6

John Curran: the problem is that you have to give people routing information
... you have to get the ipv6 address configured on your server
... the problem is getting the address, getting the configuration, configuring your server

Elika Etemad: couldn't software automatically assign the ipv6 addresses to servers

John Curran: when you get addresses from your server
... you get them from a block which the ISP manages
... this is managed by address blocks
... which arranges routing blocks
... ideally you get v6 addresses according to network topography

Leslie Daigle: the issue is getting the full scale deployment of a new internet

<DanC> I think the question was: do the server owners have to start this change, or can it be done for them?

John Curran: this wireless network gives you a v4 address
... a lot of you have mac books, i can see the logo
... the router might give out a v6 address

Leslie Daigle: is this a general question of the room, or do we move on?

[room]: move on

TimBL: when i talk to people about ipv6

<Rotan> http://www.subnetonline.com/pages/subnet-calculators/ipv4-to-ipv6-converter.php

TimBL: i find that there wasn't a lot that people could read about
... i found mit and google have v6 addresses
... for a while your computer could cheat and tunnel to a special place
... using a complicated map
... and we could deem ipv4 addresses to be part of ipv6 addresses

John Curran: what matters is public servers
... the ones that can be seen by the outside world
... at MIT all addresses are public facing
... you can't get ipv6 until your network team gives you ipv6 connectivity
... or if you setup a tunnel

TimBL: if i work with my network team
... then when i click on a link, there's no guarantee i can get to a v4 ?

John Curran: when you click on a link with v6, you get to v6
... but some groups are working on Carrier Grade NAT
... for reaching ipv4 addresses
... but we don't know if Carrier Grade NAT will scale

Jeremy Carroll: I work for a small company
... I'm trying to understand what you want us to do
... it sounds like we need to make sure our isp provides ipv6 addresses and ipv6 connectivity
... and we should ask our isp these questions

John Curran: steps
... 1. ask isp to turn on ipv6 connectivity
... 2. configure your servers with ipv6 addresses
... 3. make sure your software works with ipv6
... 4. double check your firewall still works
... that's what we need to do everywhere over the next few years

Leslie Daigle: open for questions

Daniel Glazman: Daniel Glazman, disruptive innovations, cochair csswg ... first statement, don't use acronyms

Janina Sajka: i'd like to suggest a new approach for this room
... think about from an opportunity side
... what kind of web can we build if we're absolutely profligate with ...
... it seems we have to be limited with out thinking today

<Tobias> Can I see this streamed somewhere?

<timbl> Tobias, no we aren't streaming it. Yes, would be nice.

<Tobias> timbl: Ok thanks.

[speaker fades]

Janina Sajka: what kind of services can we setup...
... monitoring systems for people who are aging
... so you can setup servers for each tile in a kitchen
... so you can see if grandma is dragging

Leslie Daigle: thank you for looking at the possitive
... indeed there are industries looking at the benefits

Doug Schepers: where are there tutorials?

John Curran: www.arin.net ... click on ipv6 info

Doug Schepers: you should tweet that

<DanC> https://www.arin.net/knowledge/about_resources/v6/v6.html

Liam Quin: thank you for coming
... thank you to the panel
... the big question is what should w3 do about this
... how can we move forward?

<timbl> http://www.getipv6.info/index.php/Main_Page

<timbl> http://www.getipv6.info/index.php/Main_Page is IPV6 wiki

Liam Quin: I've checked and my server has ipv6
... but i don't know how to test or enter it into a browser

Leslie Daigle: thanks
... if you thought xmlns was ugly
... you can look at ipv6 literals

Ian Jacobs: i think html5 ipv7

[laughter]

<DanC> do we have an audio recording of the "we have 2 years to get every..." soundbite?

Ralph Swick: so... I heard John give us a clear challenge... and I hear Lisa give us a clear [??]

David Conrad:One of the things icann is working on
... is IDN
... the approach IETF has taken for internationalization
... is interesting in the sense that it requires parsing of web pages
... in terms of recognizing IDN domain names
... and translating that into punycode
... and that provides technical challenges
... that's an area that developers should look at
... if they haven't been working on it already

Leslie Daigle: Larry do you want to plug your work

Larry Masinter: there's already an RFC on IRIs
... we're working on trying to update that
... there's an amazing goal that i'm not sure everyone shares
... that web addresses should work on ...
... there are 9 groups
... and perhaps we should create out of the 9, one committee to rule them all
... and bind them
... we're having a meeting in Hiroshima to talk about this
... i've met with internationalization core group
... and [lost-group]
... and there's a dinner plan [lost-details]

Roger Cutler: i'm curious...
... historically, how did y2k become generally recognized
... getting governments on board and trying to fix it

<DanC> I tweeted the 2 years soundbite: http://twitter.com/dckc/status/5428107498

John Curran: an indirect answer
... ipv4 has been compared to y2k a lot
... y2k had advantages
... you knew when it was going to happen
... you didn't know what was going to happen
... don't laugh
... when you talk to people
... they ask when it will happen
... the answer moves around
... with y2k
... you could test your machine yourself

<shepazu> https://www.arin.net/knowledge/about_resources/v6/v6.html is a terrible address to try to spread the word.... I suggest http://www.arin.net/ipv6.html

John Curran: you could put a machine in a lab, change the date, and watch it roll over
... the problem with ipv4
... is that you don't know what's going to happen when someone comes along
... and is only given an ipv6 address
... arin is working with a number of governments
... working with UN
... [and others]
... it's not going to get more attention until it is right upon them
... and that's 18 months away

<timbl> Well, the US switched to digital TV .. but only by offering free D-A converters to those who were left.

<Tobias> timeless: thank you for your effort

<mauro> timeless++ that was awesome scribing!

[applause]

Ralph Swick: lightning talks now ... you know the rule for lightning talks

Lightning talks (Part I)

[Moderator]: Marie-Claire Forgue, W3C

Marie-Claire: first presenters now on stage

Marie-Claire: ok... so the lightning talks rule is:
... presenters will have 3 minutes for their talk
... and then a 2 min discussion
... where we invite your questions at that time

Marie-Claire: daniel glazman has this timer ... thx!

<mauro> countdown clock at http://www.glazman.org/countdown.html

Rotan Hanrahan (MobileAware): DCCI

<IanJ> Rotan slides

Rotan Hanrahan: one web
... yes ... we understand ...
... but you don't get one representation
... if you get some mobile thing
... you get
... different views based on different
... you get different experiences from different delivery contexts
... we have a device description repository
... OMA is working on this
... so server can see if you are in portrait mode/landscape
... so it can adapt accordingly
... the client can see if things are ok,
... is battery ok
... is codec installed
... DCCI is a specification on how to access that environment
... DCCI is based on DOM tree
... it's implemented with all the things we expect from DOM
... it runs in parallel to DOM
... the spec for DCCI exists, you can look at it

[uri not provided]

Rotan Hanrahan: we found problems
... square peg-round-hole

<ArtB> Please note that Nokia here means "Nokia Research Center"

Rotan Hanrahan: something we learned from
... read the wiki: http://www.w3.org/2007/uwa/wiki/DCCI_Use_Cases_and_Requirements

[screen dims]

Bryan @@?: ... we have some of this done
... UWA has Delivery Context Ontology

Rotan Hanrahan:We have 2/3 of a pie!, great
... it's important for ...
... get in touch with UWA (?)

Larry Masinter: What's the relation to CSS media queries?

Rotan Hanrahan: Media queries were put together a long time ago, dcci was created since then
... hope to hide some complexities from end users
... might use media query mechanism

Steven Pemberton (W3C): The Backplane Premise

-> http://www.w3.org/2009/Talks/11-04-steven-backplane/ Charlie Wiecha slides augmented and delivered by Steven Pemberton

(slides show demos of compound docs)

Steven Pemberton: Compound documents are easy to create, syntactically
... Because of differences in processing models, the combinations can be difficult to manage.
... The XG got together to see what overlapped; they did some implementation work
... challenges: "Since mainstream browsers don't support compound documents in this way, what are the options for implementation?"
... Options: * Server-side 'Compilation' (eg Chiba, Orbeon)

* Client-side transformation (+judicious Javascript) (eg XSLTForms)

* Client-side implementation (Using XBL and/or Unobtrusive Javascript) (eg SVGWeb, AmpleSDK, Ubiquity, FormFaces)

[Demo of multi-source document]

Steven Pemberton: Conclusion: In the light of the emerging trend to implement XML vocabularies in Unobtrusive Javascript libraries, we recommend work on standardising the interface between the libraries, so that vocabularies can work together seamlessly, and without prior negotiation.

[Questions]

-> http://www.w3.org/2005/Incubator/app-backplane/XGR-app-backplane-20091030/ Final Backplane XG report

Dominique Hazael-Massieux (W3C): Cheatsheet for developers

-> http://dev.w3.org/2009/cheatsheet/ The Cheatsheet

-> http://www.w3.org/2009/Talks/11-tpac-cheatsheet/slides.svg Dom's slides on cheatsheet

[Dom demos the cheatsheet]

[Dom shows the cheatsheet tool gives access to info about web accessibility quicktips-WCAG 2 at a Glance, HTML Techniques for WCAG 2.0, i18n tips, css properties, typography, more]

Dom: open source, widget-ready, possible extensions.
... am looking for suggestions to make the tool more useful

[No questions]

Roger Cutler: How can you question it, it's Great!

Charles McCathieNevile (Opera): Opera Unite

[Slides not available yet]

Charles: We said Opera would revolutionize the Web and we came up with a Web server.

<timeless> [laughter]

Charles: Opera handles IPv6!

<timeless> [Larry: does it have an ipv6 address]

Charles: How to make a widget...

<dom> DanC, I only have xpath function and operators, probably not xpath axis

Charles: We have a course on creating an Opera widget...will move it to "w3c" widget...need to add one line.

<jjc> http://widsith.chaals.operaunite.com/

Charles: Opera unite is a personal web server.
... "Disposable Web-serving"
... Portable domain space in your browser.
... Easy for developers; create a conf file.

[Charles shows other things you can do with Opera Unite]

<raman> what namespace is config.xml in?

[Questions]

Steven Pemberton: Is the server running only when Opera is running?

Charles: Yes. It's stuff you only need in some situations; not an enterprise server. E.g., I don't need openid when my machine is turned off.

<chaals> --> http://widsith.chaals.operaunite.com/webserver_2/content/slides/0911-tpac-unite.zip the 2.5MB that will overload me if everyone does it at once

<chaals> --> http://widsith.chaals.operaunite.com/webserver_2/content/slides/0911-tpac-unite the live version (until I turn off my laptop and stop caring and sharing :) )

Roger Cutler (Chevron): Semantic Web in the Oil & Gas Industry

-> http://www.w3.org/2009/Talks/SWOG-LTtpac09.pdf Roger Cutler slides

Roger Cutler: I have gone from being skeptic about sem web in oil and gas to being an evangelist.
... We have tons of data!
... our subject matter experts spend most of their time doing information management badly.
... Value proposition came from this apsect of semantic Web
... We hosted a Workshop in 2008. Answered some questions on opportunities in Oil & Gas industry: demonstrated interest; but don't know how to move forward.

<benjick> Abusing the /me are we? :(

[Questions]

Marie: questions from from the semantic web community people?

Kai Scheppe: How did you get resources allocated for this effort?

Roger: We have a collaboration with CSOFT

Arnaud de Moissac (SFR): United we(b and net) stand!

<IanJ> Arnaud's slides

Arnaud de Moissac: today sometime we can see ...
... net neutrality
... when you read ...
... you can see that people ask for... to have
... the most transparent ...
... What about collaboration?
... what we have to keep in mind...
... is we will always have access issues
... because of mobile access networks
... you have to keep in mind mobile access equipment and routers
... you have to keep in mind that routers will always drop packets in an arbitrary web
... We don't have to add an optimizer to the network
... The web should be able to talk to the network about priority
... As Elisa said in the last talk about IETF
... we need collaboration between the web world and the network world
... the beauty of this system
... in the first approach
... we can use only the browser
... that information is set in the css
... a web browser could use this information to get a better experience to the user
... Thank you

Marie: thanks Arnaud

???: i wasn't clear if this was a work in progress ... or a proposal

Arnaud: it's work in progress in my lab
... the idea of the lightning talk
... is to get your opinion
... does it make sense, is it stupid

Marie: yes, get in touch with our lightning talk speakers during the breaks for further discussion
... i guess it's time for lunch...

Ralph: ok, thank you, and Lunch
... we'll reconvene in 90 mins

<mauro> ==== ADJOURNED for the morning ====

Privacy on the Web of Applications -- Challenges and Opportunities

[Moderator]: Rigo Wenning (W3C)

Rigo Wenning: why do we care about privacy? For most people it's about spam, intrusive phone calls....
... but it's a human right, it's in most declarations of human rights
... When I was working on law, I wondered about why we need it, got an answer, it's about autonomy
... if others know more about us then our ability to express our own opinion runs into trouble...
... many difficulties with democratic process
... Privacy by design, collections of data...
On this panel we'll have privacy challenges, express concerns, and then we'll open the floor.
... In the 2nd round we'll talk about remedies, how can we put Privacy by Design into the Web
... what are the challenges

[Rigo introduces panelists]

* Adam Barth (UC Berkeley)
* Deirdre Mulligan (UC Berkeley School of Information)
* Brad Templeton (Electronic Frontier Foundation)
* Doug Turner (Mozilla)


[Panelist]: Doug Turner (Mozilla)

Doug Turner: geolocation, technical way to let an application tell a server where you are. There are a number of issues...
... Web Apps typically don't know where you are
... they can work out what cll towers are around you, your IP address, etc., but no way to translate that into anything meaningful
... so we all rely on service providers to do that for us
... but that data is typically not free [zero-dollar].
... so if the user browses the web, someone under the covers is doing reverse translation to a location, an address
... and the user isn't invloved, shouldn't be involved, in seeing that
... so it's up to the implementors to uphold the users' privacy
.... at mozilla I do a whole bunch of device stuff, some things are really sensitive, geolocation, also camera
... big privacy concerns with taking a picture and putting it on the Web with someone's mobile device
... we don't have a good model on the Web
.... right now with iphone you get a dialogue to ask you if it's OK to use your location
... but you quickly want "grant all", and that's not good, neither is too many questions, and the user doesn't really know what's going on.
Many web pages today use iframes to embed ads, widgets...
... imagine you go to a popular web site & they use device access
... the user goes to the web site, or uses the app, and sees cnn.com or whatever, and the iframe will want to use the location or camera
... and the dialogue says, "can this site use the information" but the user won't generally notice there's an embedded iframe
My suggestion was embedding iframes or embedded content from using device access.

[Panelist]: Brad Templeton, cloud applications & privacy

[slide 2, explosion]

[slide 3, pendulum]

Brad Templeton:Web apps bring us back to timesharing

[slide 4, Data out of your hands]

Brad Templeton:no "reasonable expectation of privacy'", no 4th amendment, if the data is out of your hands, e.g. on the cloud
... so it's like removing a line from the Bill of Rights

[slide: 4th amendment, crossed out]

<mauro> http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution

[slide: facebook reversed signup dynamic]

[slide: we're changing the balance (of how privacy flows)]

Brad Templeton:People should be aware of what's happening

[slide: no-one cares about privacy until after it's been invaded]

[slide: Ease of use can be a bug!]

Brad Templeton:All the shy people in the room please stand up... they never defend their rights... some people can't live with being watched
... If you make it easy for someone to transfer all their data to another site, like the checkbox on facebook, it's easy to ask for, "please give me all your friends and their blood types, how often you had sex with them"
... people don't put that on forms, but on facebook it's one click

[slide; Easy to do is Easy to demand]

Brad Templeton:every site will make you login
... mag strip on driver's licence, you go in a bar and they swipe the licence!

[slide; user choice can be a bug]

Brad Templeton:click to agree, no negotiation, negotiation only happens with power... how many read those long contracts on the Web?

[rigo puts up hand]

[slide: Two choices]

Brad Templeton:more users - can team up, "tin foil hat" people can have our way but not when there are too many servers

[slide: cloud inhibits user power]

Brad Templeton:BEPSI, bulk export of your private & sensitive information

[slide: data exported is lost]

[slide: we must take care not to build the infrastructure of a plice state]

Brad Templeton: free-or-policestate switch, don't push this!

[slide: army tanks in the streets]

Brad Templeton:we're changing it, if you want to wiretap every citizen, whitehouse can call... and do it

[slide: china, saudi arabia, future china, nightmare #1]

Brad Templeton:we sell all our technology... with wiretap ability

[photo: time traveling robots from the future]

Brad Templeton:what we do is being recorded, the bots of the future will be able to punish you for what you did years ago!

[slide: Falun gong on Facebook]

Brad Templeton:Chinese gov decided they didn't like FG, rounded them up. Wouldn't it have been easy if they had all been on facebook?

<IanJ> Note to attendees: feedback survey -> http://www.w3.org/2002/09/wbs/35125/tpac2009-feedback/

<AnnB> message re: photo: beware of time traveling robots from future

<ericP> what does "throw sheep at your friends" mean?

[it's a facebook app]

<AnnB> farm game in Facebook

[Panelist]: Adam Barth

Adam Barth: Privacy is hard, how many have gone on your computer and looked at your privacy settings?
... e.g. on facebook
... if you look at someone's friends, you can infer their sexual orientation, for example
... netfilix released movie renting data, and you can figure out who 80% of people are,
... people rent so many movies that as a dimensional space, people are hugely differentiated, so doesn't need much extra info to locate people
... People are getting excited about cookie blockers
... 3rd party cookie blockers don't help your privacy
... there's an economic incentive for advertisers to know more about you
... so instead of making the world a harder way to do business, via small privacy leaks, we need an overall solution that can't easily be worked around

[Panelist]: Deirdre Mulligan

Deirdre Mulligan:What can we do to help privacy online? and what does that even mean in this day & age?
... Brad posed this idea we're heading toward an environment where our data is all over the place, we've lost all control, we're sleepwalking into a surveillance state
... and as we take our data & have it sucked up by the cloud, it's the same information but it's not in the 4 walls of your house, legal protections gone.
And that's not a problem you guys can solve
... I hope that you'll help, through political action
... We can change the legal environment,...
... we want to be able to share information, pics of my kids, e.g., limited to my family
... but the fact that I put them online shouldn't determine the legal protection, e.g. if the government wants to see my pictures.
So this question, what does it mean if you're a designer & you want to be sensitive to privacy issues...

Deirdre Mulligan: I'd be slightly frustrated, privacy reduced to a series of dialog boxes...
... reading them could be a full-time job for any of us.. privacy has been left to the lawyers, and we've ended up with this situation...
We don't take a long term view on the data set we're building; e.g. the protection model of privacy, this is a process-oriented view, that you understand what I'm asking for, and make a decision,
... and then as the person who collected the data I have obligations about how I use it,...

<timeless> [ http://www.w3.org/P3P/ - Platform for Privacy Preferences (P3P) Project ]

Deirdre Mulligan:but at the end, if we made some huge database we'd still have "privacy" that isn't really privacy at all, everything exposed.
... So today we're seeing a richer conversation, what might it mean to have a legal perspective on privacy
... see a paper by Adam Bath [and others]
... a conservative view on what privacy means and how to protect it
... you can look at people's mental models, too, how do people expect information to flow?
... who do they think they're interacting with
... or users understand there's a third party asking tDo turn on their camera? probably not.
Do people understand who they're interacting with?
You probably all remember the sony rootkit drm fiasco, users didn't understand that inserting the CD would install s/w and "phone home"
... FTC in US looked at this, and said, it's a CD, it looks like a CD, it should act like a CD
... consumers don't understand that [audio] CDs can load software onto a computer, can open a network connection
... and the consumer shouldn't have to understand complex legal text to learn this..
... a more contextual view of privacy
So, you might have more work at the front end.. might be different at IETF and W3C, to think about information flow, and where...

<John_Boyer> lol. Is there a way to have it in modules/specXML ?

<Ralph> Privacy and Contextual Integrity: Framework and Applications; Barth, Datta, Mitchell, Nissenbaum

Deirdre Mulligan: it might be meaningful to develop prompts, and reduce the burden of prompts

Brad Templeton: I challenged this in my talk, I don't think notices are the answer

Deirdre Mulligan: yes, we agree

Rigo Wenning: comments from the floor?

Roger Cutler: I'd like to bring up another point of view. I work for a company that takes its legal & ethical responsibilities seriously. It'd be appreciated if you could come up with something simple to comply with, to understand

Doug Turner: the usability of ... mozilla has posted a diagram about how information flows
... something like that for the law might help

Deirdre Mulligan: "why don't you lawyers use a formal language", I get asked by engineers
... but negotiation is political, some of the ambiguity you view as problematic, is that people decided to save the battle for another day
... we want it to be evolutionary, we want to go to court and fight over what it is, so it's not a bug, it's a feature!
... A student said, wow, you guys don't get a lot of chances to do versioning
... and I said, no, that's what courts are for!
... the law doesn't move in Internet time, doesn't change every 6 months, so we often use more open language so it can evolve
... so if you take something ambiguous and turn it into a yes/no question, you are taking a side

Doug Turner: from a user's perspective, hard to find privacy policy on a web page, then hard to understand it
... tried to find similarities with creative comments
... categories with how media can be used, e.g. see an icon and it has some type of meaning... probably outside scope of W3C
... having a lay person not having to read tons of text

Brad Templeton: we started something like this ("trustE"), didn't work out :(

TimBL: Danny Weitzner used to come ot these meetings but he's swallowed up by the whitehouse for 2 yrs, but his attitude, privacy shouldn't be about deciding who gets what, but expectations about appropriate use
... should I as a facebook user, you should be able to say, e.g. if you're a prospective employer I don't license you to use the info for denying me a job. This is being discussed by the new Provenance XG
... have to track provenance through all the systems, find appropriate use
... does the panel think that would work?

[Brad Templeton: "no"]

<timeless> [ http://www.truste.com/ ]

<timeless> [ http://www.w3.org/2005/Incubator/prov/ - Incubator Activity > W3C Provenance Incubator Group ]

<IanJ> See the transparent accountable datamining

Rigo Wenning: data privacy have scared us, but there are solutions
... I've been working on solutions since 1999 at W3C
... e.g. discussions about data access rights, if people have data about you, in EU, you have right to look at it, correct it, ask them to delete it
... but it's only paper
... what about data access API?
... So what are the solutions and challenges to those solutions?

Doug Turner: first problem is accountability, we can't lie to the user
... they're not going to share my pictures, the Web browser can say that happen, e.g. facebook shares all my party pics & I don't get the job, I'm not sure who I am going to blame
... the future employer or the UA?
... I don't know if there's a technical solution.
... Some of this happens today. My father has the same name as me. He had an unresolved debt from the 1950s, and I had to sort it out, they started calling me
... I can't imagine asking facebook, show all the data you have on me, and I get a crate outside my house, or a couple of DVDs, to go through!
... It's a dichotomy, either you use the service or not
... when I bought my first house I read every page on that contract...
... and my wife said, look, either you buy the house or not, it's not a negotiation
... either you use facebook and play the sheep game, have sheep thrown at you, or you don't

Daniel Glazman: you don't have to use facebook
... to raise privacy issues
... in Sweden they're using social health number ("social health number")
... e.g. for a coupon in a gas station
... and there are computers widely available to to check the social health number
... it's intensified by the web, but e.g. beaten women are found using it

Brad Templeton: regulations have a history of failing, it gets out regardless of the rules
... and the infrastructure to maintain data becomes intractable, or difficult
... European philosophy is "the gov needs to know everything about you in order to protect your privacy"
... I believe we need to try & move the data back into our own control
... change the default about how data is collected
... I propose data hosting, each user is responsible for getting a small processing power & bandwidth
... and we ask that the code comes to our machines

<glazou> that was "personnummer"

<timeless> [ http://en.wikipedia.org/wiki/Personal_identity_number_(Sweden) "personnummer"]

<chaals> s/using data/using the data available keyed from the personnummber/

<glazou> timeless, number (en) = nummer (sv)

Brad Templeton:So we'd go to the other site, and they'd embed an iframe, and it'd be served by our own host
... some kind of VM, sandboxable, cached, would operate on my data on my computer
... and the results would come to my screen
... if that's on my own pc it's fast, but there are security issues about running this on your own machine
... it's a harder engineering challenge
... "there are things worth doing not because they are easy but because they are hard" - JFK

Rigo Wenning: data under all user control is one thing, I want to come back to this issue that browsers fear they will be made responsible
... We had the same issue with the font activity, browsers said we'd be liable if our s/w violates label on fonts

Deirdre Mulligan: I want to push on this idea.. when I was reading spec for geolocation it kept talking about user agent
... I said, I assume this is the browser, but it talks about it as if it were my agent, most users don't experience the browser as doing my bidding

<timeless> [ laughter ]

I don't think we have that level of connection to our browser that the term UA suggests
... I think it's been a little overhyped
... The other issue I want to touch on, I hope there's enough breadth in the marketplace where...
... data can be local or in the cloud, and law doesn't depend on the data's location
... ability to process data might be different for different devices
... so wouldn't want the legal framework to drive solutions
... and want to go back to complexity issues, right now, 2 choices...

(1) in context of location wg, privacy as a matter of policy, don't develop mechanisms to support ways for people to express info flows... you'll end up with HIPAA

<timeless> hipaa - http://www.hhs.gov/ocr/privacy/

<timeless> The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule

<Liam> or you can try to make some lightweight principles, e.g. do not re-transmit, one time use

do not retransmit

Deirdre Mulligan: one time use
... do not make people think before the transmit information
... it's not just ...
... it's not just that it tells you how tall she is
... it's that it lets you locate her
... so legally people are going to want this information protected
... the dominant uses for information in the us is young people

Deirdre Mulligan: relying on consent ...
... you have an opportunity to think about the
... it's going to be way worse if you wait

Doug Turner: I don't think we picked UA to be
... an enduring term
... it's a technical term
... browser user agent ....
... the other thing is that you know, browsers have worked a long time to sandbox content
... and our ui
... for spoofing reasons
... you don't want to go to a site that puts our ui up
... and
... so there's an idea of sandboxing content from chrome
... [not google chrome]
... the idea is that any time the user sees a ui from our agent
... we do a lot of work to make sure we're sure that what we show is accurate
... if we bring a dialog down
... we want an expectation to be sure that what we said is what actually happened
... you can put something in HTML
... in a DIV... that claims "we won't retransmit"
... but that isn't the best thing to do technically

Jeremy Carroll: It seems to me that there are 2 items... legal remedies and technical remedies
... it's only the legal end that really works
... the technical end is doomed to failure
... I go into a shop, i buy my groceries
... unless i hide my face,
... and change my clothes
... there's nothing that can be done
... we have to be public people in public spaces
... we're social animals
... privacy is a concept of the law
... we need to have societies that we trust enough
... to have frameworks that we trust enough
... instead of cheating on us

Henry Thompson: I was intrigued by X's
... and tried to come back to it
... i'm enough of a geek to try to manage my data
... i have a server somewhere, it's "my server"
... but it's not in my space that i actually control
... i rent it from somewhere
... let's say that the law says that it's mine
... let's say that i back up my data
... the value of the backup is that it's not in the same physical location
I back it up in the cloud (amazon)
... I don't encrypt my data
... I need a legal remedy
... I can't manage it all by myself
... and there's no question that my father in law can

<sandro> +1 jjc --- we've lost our privacy, technically, walking around in public spaces, shopping, etc.

Brad Templeton: You could encrypt the backup you send out. Neither law nor technology provides a complete solution (alone). Or you could have the backup server legally defined as your property. The law isn't intended to protect small institutions

<chaals> [In a small village, privacy is a different beast]

Nikunj Mehta: can we address the privacy fears we have
... using good sharing techniques
... as with digital rights techniques
... that are used by large companies

Rigo Wenning: ... prime rights (?)
... there are large parallels between large data
... we'll have a lightning talk on this later

<Liam> [rigo: w3c participates in www.primelife.eu ]

Frederick Hirsh: technically any failure with privacy is a complete failure
... you have information, it gets out
... you're done
Legally, it sounds like a boil the ocean
... if ... it's cumbersome
... I'm worrying about being overwhelmed
... having to read checkboxes

Deirdre Mulligan: i don't think so
... there are efforts to make sure
... we did step in and pass this law
... called the electronic information privacy act
... designed to give the same protection for email as for mail
... the way the justice dept uses this statue
... might turn on whether you've opened it or not
... the law might change based on how old it is
... if you pulled the data down
... if it was used for processing
... or was used by an information service
... at the time this was passed
... we thought the content was what mattered

<IanJ> content v. identity

Deirdre Mulligan: and the identity wasn't considered
... what we know now is that something can let people know that you're gay
... today what we have is people who are posting
... and the privacy they want is their identity

<IanJ> [interesting: shift from protecting content but not identity to the inverse]

Deirdre Mulligan: law is a way that lets people express national concerns about privacy
... that might be good to some extent
... but it might be bad in others
... -- not one size fits all --
... how information should flow / and how it should be shared

Rigo Wenning: ... we've consumed our one hour... thanks a lot

[applause ]

Web Apps vs App. Stores

[Moderator]: Robin Berjon (Vodafone)

Robin Berjon: Panel about Web Apps, App Stores and surrounding technology
... What's the difference between using a mail program, and using a mail-reading webapp
... The functional difference is vanishing, and the client/server distinction doesn't mean anything to our users
... So when we talk about this as important, we are in a sense behind our users
... There are differences: Some webapps are accessed directly in the browser
... whereas others are downloaded as zipped packages and installed in the browser more in the way that traditional apps are installed
... Questions to ask: are these different from the security perspective ?
... or is it just convenience?
... From the business perspective, should we explore how to monetise webapps for developers? "405 payment required"?

Nick Allot: What is the probability/possibility of webapps replacing traditional apps?
... What are the important different classes of webapps?
... Consider BBCiPlayer on iPhone [slide 1]
... three main options (flash/streaming media+native viewer/HTML5 <video>), either via Web2.0 or a Widget
... [missed some]
... normal native app
... develop as webapp, but compile into native
... Consider Toodledo on iPhone, a simple calendar+email+contacts app

Nick Allot: Four alternatives: Web 2.0, online.
HTML 5, same, but also offline
... Widgets + DAP, offline, with access to your native data, e.g. contacts
... Native

Nick Allot: W3C role here? W3C gives breadth, and low cost (because of RF requirement)
... Some particular WGs are important here -- e.g. DAP
... [an equation between AppStores and Widgets I didn't quite get]
... AppStore tends to be one-off payment
... Cloud-based tends to be subscription payment
... Challenge -- policy and privacy as approached by HTML WG is different from that of the DAP WG

Chaals: WebApps could be anything
... A widget has a bit of pedigree, a bit more of a guarantee
... In the middle, an AppStore, you get a packaged WebApp with _some_ guarantee of quality
... For a Widget Store looking at a W3C-compliant widget, there is some ability to look into the widget code and confirm some properties
... so there is some basis for establishing some trust in the quality
... But consider WebApps again -- how many people use Google apps? [hands go up]
... You do, and you trust them, because of where they come from, not because of any inspection of the inside
... And that's the same as has always been the case, going back to DOS applications in a cardboard box
... None the less, it's a step forward to be able to look inside if you choose to

ArunR: There's a "versus" in the title
... I don't feel very adversarial towards AppStores
... but there are questions
... Coming out of WG meetings earlier in the week

<dom> (thanks very much to the panelists for agreeing to join this panel at the last minute)

ArunR: The similarities between Widgets and WebApps are superficial, I suggest
... On the one hand, you can build them in the same way, using the same maybe-W3C technologies
... but WebApps run in a web-like hyperlinked-model-based way
... whereas the Widget runs in a more encapsulated way, maybe on the desktop
... The zipfile is constrained, it's not the same as a web page
... So maybe these are cosmetic differences, but the model _is_ different
... HTML 5 will let you build a music WebApp with playlists and actual audio output
... Or to get at geoloc info, orientation, multitouch aspects of the webapp-hosting-device
... This is a triumph for the Web stack and Javascript
... Privacy and security are however the location of a major difference between the two models

Marcos Caceres:... W3C Widgets - Editor's perspective
... I've been editting this spec. for a number of years, initial as part of my PhD
... How can we build a universal application packaging format, that can be used anywhere?
... Longevity -- last 100 years
... Similar to HTML 5
... Widgets want to do the same for applications as HTML 5 does for documents in this respect
... We want a universal platform, built on open standards, so no IDE has to be purchased

Marcos Caceres: Security and policy is a very important issue
... Putting all your data into a corporate basket is risky, without being critical of any particular corporation
... So a goal for widgets is to enable data to be kept local
... A hybrid model is baked in -- client/server balance
... Concerned with support for monetization
... Pressure for encryption, but inconsistent with 'View Source'
... Just live with it -- be better than the competition, and you will win
... There are plenty of ways to make money

Robin Berjon: Floor is open for questions

Mike Champion: What about the other side? No-one from Apple? It looks like the market has voted for the AppStore, not the Widgets?

ArunR: Not adversarial -- OK to use both
... Why no monetarization model behind Firefox extensions?

Daniel Glazman: I disagree there's not adversarial
... Consider the iPhone -- I cannot download any application I want to
... Whereas I can to my browser
... I'm afraid this will close off the user's freedom
... Compare this industry clone on a iPhone and a Nintendo
... The price differential is huge, and will kill ?Mario Kart

Chaals: Money talks
... We tried to find a way to develop micropayments, but never managed it
... Credit card payments worked well enough to get us going
... But there are problems, and there's work to be done now to try to fix that
... In the long term we have to solve the challenge of the Apple iPhone appstore
... but for now multiple channels will work
... Coming back to the adversarial point -- not necessarily that way
... After all, some people pay for some content on the Web

[scribe not getting all of Chaals's examples]

Chaals: The fact that it's a zipfile, instead of zipped on the wire, isn't a big deal
... A file on disk, or a transient webpage -- again, not a big deal

Nick Allot: Widget appstore already exist
... Crucial point -- they can be horizontal, i.e. cross-platform
... and that's a real difference wrt the AppStores we see today

ArunR: There is a difference, it's a cosmetic difference, and users will be aware of them
... And there will be security differences

<dom> (it’s more than cosmetic, I think — it’s a different user experience)

Marcos Caceres: There are implementations which run Widgets on the server and serve the result as embedded iframes
... If they get digitally signed, the potential to share them will be reduced

Noah Mendelsohn: Following up on the cross-platform aspect, and what people value
... Yes money is being made via mobile apps from a store
... If you're an airline, you make your money from the ticket, not from the applet which signals flight delays
... Zero-download is what you want
... If you want to hit 90% of the smartphones that are out there, you currently need order of 5 versions

Daniel Glazman: Much more than 5

Marcos Caceres: Same as with browsers

Noah Mendelsohn: I don't think that's accurate -- android differs from iPhone much more
... Cross platform is going to be very variable

Daniel Glazman: I wanted to hear this browser+offline storage, you can reproduce iTunes
... that will allow us to kill this [AppStore?] model -- let's do it

TimBL: What's different between widgets and web apps - question of trust..
The difference is, as ArunR said, the way users manage it -- how it's loaded and stored
...I tend to trust the things in my cache

<glazou> s/browser+offline+localStorage+deviceAPI/browser+offline/+localStorage+deviceAPI

TimBL: There used to be a way to bookmark pages for offline browsing
... controlling what's costing local resource is important
... Maybe we should go back to look at micropayments again
... it is very frustrating to have to talk to the ISP at every airport
... Skype now brokers that for me, and I'll pay more for that

Chaals: Who has made a transaction of more than 10USD [everyone]
... Anyone made a single self-contained payment of less than .50USD [almost no-one]

<glazou> tantek, the key here is localStorage

Chaals: How many people spend less than 3USD/day

Dan Appelquist: Vodafone is commited heavily to Widgets, and we're getting very positive feedback from developers
... not just monetization, but also ease of development, route to market, etc.

Larry Masinter: Thinking about the difference -- what is the effect of bringing into Widgets all the error-recovery logic from HTML 5
... It's not helping the security model to do this

[back and forth about the generality of Widgets as packaging]

MarcosE: We use error handling as a means to extensibility

ArunR: In theory the Widget package will run on any runtime

<DKA> That URI for the €1M widget developer give-away is: http://widget.developer.vodafone.com/appstar

ArunR: but in practice we may want different runtimes for the web browser or the mobile device
... The cool thing is that they all get developed using the Web stack

Chaals: I want to question the assumption that the security model is different
... If you trust Widgets from a particular provider, you may use a different security model
... Same thing wrt apps from trusted providers
... In either case you make your decision about trust based on the provider

ArunR: Respectfully disagree
... You're connecting the trust model and the security model

Chaals: Yes

[applause]

<DanC> (I think the security models are different. I haven't studied it closely, but... for example, the security implications of following <img src=""> links in HTML email and normal web browsing are different)

Future of the Social Web

[Moderator]: Daniel Appelquist, Vodafone

Dan Appelquist: Hi Everyone
... I work for Vodafone
... here to present panel on Social WEb
... when I come before you, you are used to hearing about widgets and mobile web
... and how cool that is
... But I work on other stuff
... Social networking is a topic I have picked up over last couple of years
... Of intense interest to me
... part of the future of communication
... I use this phrase internally to make sure people understand why they should be interested in social networking
... how people communicate in and through social channels in structured ways

<scribe> ...New ways that were hard to imagine a few years ago

Dan Appelquist I'd ike to introduce our guest speaker David Recordon from Facebook
... And Adam Boyet from Boeing
... then discussion

[Panelist]: Adam Boyet, Boeing

Adam Boyet: Switched the batting order
... I'd like to share what we have been doing with social web inside of Boeing
... we're a huge company
... research and design facilities around the world
... but social web not just for big companies; value for small companies, too
... Sometimes as technologists, we look at tech perspective
... but we're also looking at it from employee's perspective
... Think about discoverability
... how to improve across company
... Reusability rather than start over
...Redundancy: could be similar groups working on same technologies
... somebody on air frames and satellites
... both trying to get moisture out
...Visibilty: related to redundancy but sprinkle security in there
... Security adds dynamicness"
... One of ways we have addressed is by introducing patterns from social web inside of Boeing
... inSite is where Boeing employees can create an identity
... opt in and out, share photos, resumes, what they choose
... They can help each other out, ask questions, search for people
... Supposed I want to find a structural analysis person
... And expert who worked on this particular air frame
... Maybe help to peer review something
... inSite allows people to publish their thoughts
... Very low entry barrier for that
... You an share information; links, white paper, PPT, video
... Can share easily
...Visibilty: You can create groups
... These groups find each other and can collaborate
... Then you have a place where experts can collaborate more effectively and securely
... Can secure only to the group...
... We make it easy; declaratively tag that
... balance between public and secure content
... raise awareness, find that serendipitous person
... 75% of it is available on your Blackberry device
... You can also do on your iPhone, although we don't support
... Goal to get the workforce connect
... The approach we took was looking at social patterns from the web
... Content aggregation, open culture, patterns around Q&A, recommending
... Looked at patterns from service providers
... We looked at how to use this pattern to add value to the company
... This is approach we took with inSite
... So how it was built; all Java based
... Use open source frameworks
... We use Oracle, we have an enterprise license
... You can see functional componenets
... Share It! and Ask It!
... On everybody's browser, click to ask question
... It searches previously asked questions
... and go ahead and ask question
... to people who may be experts on topic
... Get to people you may not know exist
... Couldn't find him any other way without social patterns
... Bookmarks, tagging, etc.
... Profile a huge part of that
... Search is ubiquitous
... We're straddling line between secure and public content
... Share where possible
... but not always with all technical info
... Public info shows up in enterprise search clients
... But also use cases that require security
... From the outset
... We wanted an open culture for data
... Implement so you can get into inSite from outside
... Through REST interface
... We can render in other applications

<timeless> [ SIOC, FOAF, RSS, REST, SOAP ]
...Visibilty: Can embed in blog or wiki
... Try to bring patterns, concepts from Internet to gain efficiencies
... Trying to use social web to work together more efficiently
... collaborate better

<timeless> [ Slide title: What does this mean? ]
...Visibilty: connect to each other; see if there are synergies in activities
... Try to use for people to find solutions to things that have already been solved
... Find solutions before they start a new project, or find a lesson learned
... Reduce duplication when starting something new

<timeless> [ Slide title: Life is good right? .... not yet ... ]
...Visibilty: So use social web for those activities
... We have about 30K signed up
... log in daily basis
... People started to look at profiles
... but had to recreate on the blog, wikis, etc.
... One of things we noticed
... Profiles in other systems only had a fragment of the inSite profile
... So 30K people, HR manage data and user provider data in one place witin inSite
... So we wanted to save them time
... Integrate to the wiki to get data out of inSite
... integrate with blog, portal
... Would be great to have some social web standard
... to synchronize profile information between systems

<tantek> "Example: Missing Profile Standards" <-- wait, didn't previous slide say they implemented FOAF?
...Visibilty: and do that within Boeing and with suppliers, too
... link these disparate systems together

<timeless> [ Slide title: Benefits to the enterprise ]
...Visibilty: So maybe if we had some social web standards
... that would reduce time
... and focus on core business
... come up with a better jet fuel, more efficient airplane
... Apply social patterns and hope to see more innovation
... break down walled gardens; find solutions faster

<timeless> [ applause ]

[Panelist]: Fabien Gandon, INRIA Sophia Antipolis

<marie> Fabien's slides: http://www.slideshare.net/fabien_gandon/semantics-in-social-networks

Fabien Gandon: I'm from INRIA... This talk is twice biased
... I have been asked to test an academic perspective
... and also look at SemWeb
... First one is to look at is time-evolving
... Growing amount of info exceeds our attention span
... First problem using SemWeb is need for memes to have focus
... In social network analysis
... sociaograms and analysis
... could help us focus
... We could use social applications to filter and focus things
... Classic social network analysis works on graphs
... don't take into account types of links, profiles
... Links and profiles change and are important
... SemWeb can help
... We have social network graphs
... and we have SemWeb graphs
... In social network analysis we would calculate in degree
... add new types
... since you are man also a person
... Bring both things, bridge both graphs together
... First bias is academy
... Related work
... Some of contributions
... propagating trust
... using SN and SemWeb
... Show degree still follows power law

Fabien Gandon: apply classic analysis directly on social network with RDF
... merging identities
... extending tools to query with SPARQL
... From representation POV
... schemas exist like FOAF to describe persons
... like families, colleagues, and so on
... Give a 'toy' example of what can be done

Fabien Gandon: Consider Guillaume
... from a family point of view
... analyze him only from family POV
... I don't care how you calculate
... but use schemas that define family and tell me what is the degree of Guillaume
... That's what we can do merging graphs
... Centrality as I mentioned before
... Second place is to work on SPARQL and to extend it
... Describe it
... Pass as first citizen
... query here, interest in links between people, only colleagues such as manager of second person
... test with real case
... worked with ipernity.com
... People type the link
... make difference between contacts
... We have their full database
... It's 60K; small
... but all in RDF
... We ran analysis
... show when you try to use this usual operator
... to find most important actor
... Depending upon the type
... You will find different actor depending upon the actor

<IanJ> Fabien: the "most important actor" depends on type information you choose

Fabien Gandon: From prof POV, if not able to type not able to see
... What we do is provide schemas to reinject
... Propose schema to put back result of analysis
... resuse it for incremental analysis
... Second problem I would like to introduce
... Social data
... usually characterized using tagging
... Folksonomies
... One problem only so much to do with Folksonomies
... Related work
... Some academic propositions
... low tagging tags themselves
... Semiautomatic structuring
... Community inclusion to derive structure on the tags
... Diving is included in the community of tag water sport
... start structuring the folksonomy with that
... Use existing lexicons
... Some proposal from ?
... Provide schemas to exchange tags and folksonomies
... SIOC is one
... Allows you to represent cloud of tags
... Can use SKOS from W3C also
... MOAT can be used to disembiguate the tag
... in this context used to refer to the fruit and not the company
... VoCamps; encourage you to look
... Working on schema to work on nametags
... was discussed in a VoCamp
... Give you another example of a different approach
... To get users to use tags
... look at ways to provide them tools
... and capture knowledge
... work with people using delici.us
... Look at bookmarks; when they search
... can use this widget on the left
... As the user reorganizes the results
... We capture everything
... while they are searching and filtering
... Last problem I want to mention
... Is introduction of social web inside a firewall
... A cultural problem
... and a psychological challenge
... Inside companies
... social webs may be incompatable with business processes
... be careful not to create a war
... isicil.inria.fr
... this uses both internal and external applications; crosses boundaries
... We injected RDF
... when they interact with application
... internal or external
... we can still capture the RDF and capture the functionality
... A number of contributions
... Security and access control
... Trust based service composition
... Policy aware content reuse
... Systems link to open data to get info about you and people you interact with
... Many other topics could be mentioned here
... Some working on at camps
... Social journalism...[reads from list]
... One of the things interesting is look at stack of standards built on SemWeb
... that could provide basis for extending social networks
... Another aspect that Tim pointed out yesterday
... This could benefit from infrastructure
... from the deployment architecture provided from linked open data
... Using typed networks
... and parameterized operators
... allow us to be more precise
... Difficulty is problem of fragmented identities
... SemWeb has pros and cons
... Sometimes you want profiles to be merged
... sometimes not

[crowd laughs at photos]

<Steven> Ivan Herman as Hagrid

Fabien Gandon: You want to differentiate
... Still an open issue
... Declarative query language
... Time is still forgotten

Fabien Gandon: Setting chronology of events
... analyzing evolution of trends
... I would love to have an easy way on Facebook
... to say I'm a friend with this person
... but she does not have access to what I have said in the last year, but no access to my past
... Scaling is a challenge
... We are far from the size of network you are handling
... Security, semiotics
... many families exist
... Mobile, hyperamnesia
... If you want to know more

<timeless> [ applause ]

[Invited Speaker]: David Recordon, Facebook

David Recordon: Thank you for invitation to speak today. I joined FaceBook three months ago.
... Manage open source and standards initiatives
... COmpany has about 20 open source projects
... We react with developers
... I'm looking at how we support developers, do that better
... Make world better, more connected

David Recordon: Look at that mission
... do it with standards
... We are happy to do that with any tech that has broad adoption
... My background is about OAUTH, Open ID
... got into that a few years ago before term, Social Web
... pioneer that instead of "versioning" terms

<IanJ> Social Web 2.0!!!

David Recordon: How do we create social services that are interoperabile
... Here is a Tim O'Reilly quote that sticks with me

David Recordon: Open data is increasingly important as services move online."
... No longer just about open source to run mail application
... but data behind is more important
... Not necessarily about how to have access to entire code base
... Always talking about access to data and how to share it in other places
... Trend to open
... Open Source, Open Standards, Open APIs,
... Have access to data
... This is really important
... When I look at Open ID, OAUTH,
... those communities I'm involved with
... I see four characteristics to look at and understand
... why they are successful
... First is about community
... individuals from companies, etc.
... and collaboration
... not just open source and for profit
... collaboration with these diverse communities
... Both are free to participate and implement

<marie> (/me notes that we'll have slides after this prez)

David Recordon: Low barriers to entry
... Go and step in
... Eran Hammer-Lahav
... is a good example
... Got involved six to nine months later, have smart opinions and get involved as editor of spec
... Open Source is another aspect
... having in many different languages
... How to use microformats, etc.
... Stems from having large community
... And then adoption
... seeing every year
... get modeled like a half life
... Hubub being supported in just a few months
... Go back to community participation again
... How many people are subscribed to all these different mailing lists?
... What if people had to pay to subscribe to all these lists to provide feedback
... Really valuable feedback
... Wisdom from all sorts of people, individuals to large corporations
... Again, so what do they need to be successful?
... Mentors, best practices, freedom to participate, infrastructure and tools
... IP, governance and scope, light weight
... much more from open source model
... efforts not large corporations
... not competing
... but all sorts of people who see it values the entire ecosystem
... Policies around how to resolve conflicts not necessarily needed
... once again give my own view of ad hoc approach
... adhoc, OASIS, IETF and W3C
... How do you have these resources for other people?
... I'm for the adhoc approach
... OASIS and W3C is part of cost
... Go in and participate in OASIS or W3C group is quite prohibitive
... for those you want to contribute
... IPR is in eye of beholder
... Look for a clean outcome
... Be friendly to individuals and companies
... Also governance and scope
... Look at in terms of not making all the decisions up front
... not consider outside of 10 things up front
... may have learned some lessons
... Shift to Open Web Foundation
... We created a year ago
... For those who are creating specifications outside of standards bodies
... How to create shared infrastructure and shared tools
... Model of providing tools for the communities working where they are
... May be on a mailing list
... or for W3C to take advantage of the legal work we have done and offer to your own WGs
... Take advantage of that
... and not replace standards bodies that have an important role
... Open Web Foundation Agreement
... Started with four tenets
... Legal document understandable by non-lawyers
... Allow derivative works
... Be written simply

<IanJ> Open Web Foundation Agreement - Committee Draft 2

David Recordon: How to take a specification and move into a standards body
... think from the beginning; freely implementable specifications
... I have pulled out four things
... Copyright, simple attribution
... Use Creative Commons
... take document and evolve it
... A patent non-assert
... We felt this was really important

<IanJ> David: Patent non-assert that allows you to carry patent rights to derivative works.

David Recordon: Non Assert Termination
... makes it hard to litigate
... ensure specs licensed remain free
... and transition into a standards body
... Model that you [W3C] operate under
... Means that someone creating specification licensed this way, does not have to go back to all the contributors
... Was set up from the beginning to do that
... Glossing over a few topics
... Happy to say more in discussion and Q&A
... Web standards that I'm paying attention to
... HTML5 is extremely interesting
... Not a social web standard by itself, but what innovation it will enable

[reads list from slide]

David Recordon: Combine together and create interoperable web services
... Have been called "the open stack"
... How to interact with people they know
... Another piece is getting major adoption
... Many people have not worked inside a standards body
... Many occur ad hoc
... See adoption from non-tech companies
... Looking at role of standards body
... and role that is valuable to these communities
... Continuing to gloss at high level
... Talk about Facebook, especially the scale
... which blows me away
... and how we are evolving
... 8 billion minutes spent on site every day worldwide
... 2 billion pieces of content shared every week
... all types of content
... Combination of web browsers, sms

David Recordon: Over 2 billion photos uploaded each month
... And content is about who's inside the photo, not just what photo is

<dbaron> 15200 years or so, I think

David Recordon: 15K FB Connect implementations
... So scaling challenges
... Think about privacy
... not a traditional scaling problem
... Have that users data
... stored on separate server
... shared by user
... Each user put on different server
... not a lot of complication
... on FB data is interconnected
... We are pulling data from hundreds of different people.
... More complex from scaling perspective
... Choose who you want to share with
... friends, friend of friends, these five people
... adds to the scaling challenges
... Not just pull news feed from my 500 friends
... look at privacy settings and am I allowed to see it
... Need to continue to innovate around that
... We have also looked at social graph
... People are only one dimension
... events, photos, documents
... and I see how the Web evolves also
... from documents to documents and people
... We are interested in working on that
... We have created XFBML?
... See my photo or not

<timeless> [ wiki.developers.facebook.com/index.php/XFBML ]

David Recordon: go update across the web
... how does HTML become social?
... How do people get represented?
... How does Facebook scale worldwide?

<IanJ> 70% of facebook base outside US

David Recordon: Site is in 65 languages, done by users themselves
... Really community translation
... We have 20 open source projects
... Next challenges are to scale world wide
... to give people ability to share
... with whom sharing
... social identiy
... verified identity
... things I know and what I'm connected wtih
... Looking at HTML and how web represents people
... An interesting question to talk about
... Why should FaceBook become a member of W3C
... things we do related to social, privacy
... I don't have a clear answer
... Try to work with you
... how to make people a real aspect of the web itself?

<timeless> [ applause ]

<timeless> [ Last Slide Title: Why should Facebook become a W3C member? ]

Daniel Appelquist: That's great, thanks, David
... Maybe one answer to David's question

Daniel Appelquist: W3C is where different communities of practice come together
... share viewpoints
... and competencies
... Some nashing of teeth
... Nice to have David as guest speaker
... talk about community efforts
... Also been involved running social web camp
... brought in people from community to talk about these issues
... I want to relate a short anecdote
... how social networks are becoming people's lives
... I was sitting at a cafe in London
... two young people were arguing
... not sure what about
... maybe football related

[laugh]

Daniel Appelquist: At one point, one person said, "unfriend"
... other one said, "unfriend, unfollow"
... Ok, so questions
... A quick question for Adam
... If you were also expanding what you are doing to supplier network
... How does that work, what are your challenges there?

Adam Boyet: Haven't gone down that path yet
... not including suppliers and customers inside our internal social networking platform
... On the horizon but not there yet

Ann Bassetti, Boeing: We do have several hundred thousand suppliers and customers that log into our firewall to get to other web sites internally
... We have been doing that successfully for a decade
... What Adam is referring to is social interactions through inSite
... We do a lot of collaboration
... this would be the next level up

David Recordon: Interesting to hear about inSite
... We have similar things inside of FaceBook
... how to find people, find tags

Ann Bassetti: One of hugest challenges Adam stepped up to is the security restrictions from US gov't
... if someone releases it can be inadvertant
... a whole bunch of variables
... different requirements where we can be fined millions of dollars
... So he set up some taggings for security
... all kinds of levels

<timeless> [ International Traffic in Arms Regulations (ITAR) ]

Mike Champion, Microsoft: Adam mentioned that Boeing wants to see standards and FaceBook defines community specifications as being satisfactory... So to Adam, do you really need standards, or more specs

Adam Boyet: Great question
... It boils down to can we get vendors to implement them
... We bring in commercial blog
... if a standard, we can try to be 800 pound gorilla
... See this today
... industry outside is adopting, but not vendors adopting
... So it may need to be a traditional spec for the vendors to implement
... may have to be wait and see

Rotan Hanrahan, MobileAware: you are trying to condense info. the human being is receiving a huge amount of info
... I fear information overload for the users
... Is there a way to filer the social network to a human level
... My best situation would have plenty of flow, tables and beer mats

David Recordon: When you look at FB news feed compared to live feed
... it's algorithmic
... What content did you see, who commented, what content do you interact with
... versus here is everything you can possibly see

<timeless> <http://www.facebook.com/livefeed>

Rigo Wenning, W3C: In Open ID, this specification was discussed
... and whether you align with architectures
... Regarding what's in it for us with W3C
... there is more overhead than a web site and a mailing list
... you see a lot of people; so why are they here
... You could just have a mailing list and a web site
... There is more of it
... Not sure if you here when we discussed privacy, security, internet governance
... social networks are young
... there are more things that come along
... so mailing list and server not enough

David Recordon: I didn't mean to say way was to create a spec with a mailing list and web site
... doesn't guarantee adoption and success
... interested in the trade-offs

:

Jeremy Carroll, TopQuadrant: W3C standards have been getting better. Recent ones have been clearer before they get to recommendation state, have implementations
... and clear success criteria
... people who have thought about what it means to interoperate
... this community has developed expertise on what it means to interoperate

David Recordon: Yes, absolutely
... Yes, coming to W3C offers tools that are needed
... but also looking at back of napkin math
... but for OAUTH to be created inside W3C would have cost $20 million

Daniel Appelquist: Tim, do you want to say something?

TimBL: Insert three quarter hour of standards bodies
... You talked about two dimensions
... You called it a meritocracy
... friends, put together a spec
... versus an organization with a process
... W3C then, now
... After a while
... one person said stop, wait
... this is not good enough; we need to know certain things
... have more solide ground; criteria for making a standard
... certain level of polity for my company
... and if you organize a meeting, give us 8 weeks' notice
... I have to travel, get permission to travel
... so we created a process document
... I suggest you talk to people about the history, especially Carl Cargill (Adobe)
... Companies came to me to put consortium together
... Web was a fast-moving field
... They felt it was worth their putting money into it
... If you want to put money into it, the ROI; $20K investment
... compare to number of minutes
... what people on average spend on FaceBook
... if they spend, it would cover $20K

David Recordon: Yes, I saw this with Open ID
... yes, from the wild west approach to more of process
... Not one approach
... Not just about what it would cost FB to participate
... but to strive for that really broad participation
... It's more than $20K

Daniel Appelquist: We are out of time
... I'd like to thank our panelists
... Hope it's the start of a conversation
... Reminds me of when Google came up to stage
... and asked why Google should join W3C
... and now we have TV Raman

[crowd laughs]

Daniel Appelquist: Hope this is start of a new friendship

[applause]

Lightning talks (Part II)

Henry Thompson: This is the final session for today, it is the lightning talks session

Raj Tumuluri (Openstream) and Tom Underhill (Microsoft): Multimodality in Enterprise Applications

Raj Tumuluri: This is an application the does the input in voice, gestures, and photos
[demo of an image of audience, writing on top of it and adding it to the handheld application
... brought it down into Office 2010, added it as an animation, it is all done with interop with Ink spec and SMIL spec.

<timeless> InkML - The Ink Markup Language <http://www.w3.org/2002/mmi/ink>

<timeless> SMIL - Synchronized Multimedia Integration Language <http://www.w3.org/TR/REC-smil>

Tom Underhill: shows markup and InkML spec

Marcos Caceres (Opera): If MacGyver was a spec editor

Marcos Caceres: I am presenting work we are doing editing the Widgets specs
... There are different parts of the text - the really important are the testable assertions: Must, should, may
... they need to be tested and verified
... MUST is expensive it takes an average of 3 tests.

<timeless> [ Slide title: Spec - XHTML ]

<Karen> http://en.wikipedia.org/wiki/Macgyver

Marcos Caceres: MacGyver would would bring together a group of tests, mash them together and have the result shown

<timeless> [ (jeanne 's transcription is from ~2 slides back) ]

<timeless> [ (marcos is jumping too fast through his slides) ]

Marcos Caceres: given a Spec, look for the ids in the code
... Reduce your musts, use shoulds and may's with caution, use active voice. Keep things simple.
Question: How did you get the editor to do the annotations needed?
Answer: I asked my self, We created the data that we needed.

<IanJ> (and was natural based on Anne van Kesteren practices)

Rigo Wenning (W3C): Privacy and data governance

Rigo Wenning: Don't touch my data: instead of modifiying database, it is just added on to legacy data
make the policy travel with the data
... treated in W3C Workshop on Access Control
... Next Workshop on Obligations in 2010

Henry thompson: who is your customer, who are you trying to convince?

Rigo Wenning: The database professionals, that is who we want to convince.

Robin Berjon (Robineko): A fresh specification writing tool

<Steven> Slides http://berjon.com/slides/20091104-respec/_respec.html

Robin Berjon: Why? Not because others are bad, but I wanted the spec editors to be able to move faster.
... you create a document, you go to the browser, look at it and fix the bugs.
... with most of the tools you have to launch another tool. This saves 30% of the rules.
... It creates pubrules compliant output

Robin Berjon: it pretty much writes the spec for you.

<dom> Example of usage of ReSpec.js in WARP spec

Robin Berjon: it does references and highlighting automatically.
... it has syntax highlighting in examples
... Limitations, there are more features being developed.

Rigo Wenning: Can you integrate an EMACS/Eliza tool to write the text for you? [laughs]

Dan Connolly: Can you show an example?

[demos]

Jacques Durand (Fujitsu): TAMElizer

<dom> Tamelizer project

<Steven> Slides: http://www.w3.org/2009/Talks/1104-tpac-lt2/tamelizer-lightning-final.pdf

Jacques Durand: Small Open Source code you can download... Test assertions are between Spec and Testing
... Test Assertion markup language. Simple markup, it could be more sophisticated for advanced user.
... the report gives you more diagnostic information

Jacques Durand: XML files that are embedded in the documents
... it can show the individual pass/fail of tests.
... In the second phase, you do test analysis
... this is where we do much better than other tools.
... You can get the entire chain into the Test Report

Henry Thompson: What spec did you do this for and how many assertions?

Jacques Durand:web services operatibility and 250 test assertions

<IanJ> EARL Guide

Shadi Abou-Zhara: I encourage you to look at the EARL protocol, it is an RDF protocal but backward compatible to XML.

Daniel Glazman (Disruptive Innovations): The End of the Beginning

<arun> Note that glazou is tilting his screen

Daniel Glazman: demos of rotating cube, tilt detector ["level"] application (in 15 lines of code) and a game done is SVG that is in Canvas. Very simple
... "font dragr" to test new fonts

Henry Thompson: The box you were holding has an accelerometer, right?

Daniel Glazman:Yes. All laptops have accelerometers in their hard disk drives to handle shocks.

Judy Brewer: How was the accessibility?

Daniel Glazman: I don't know.

<IanJ> [Reminder: feedback form, thanks!: http://www.w3.org/2002/09/wbs/35125/tpac2009-feedback/]

Judy Brewer: It looks neat. It would be great if the accessibility support right from the beginning. Can we be sure we can get you hooked up with the right people to help with that.

Chaals: the accessibility are in the hardware APIs, the hardware knows when it is working. We have to work on how we make that an acessible application (by making things like canvas accessible)

<IanJ> [Applause]

Ralph closing comments

<IanJ> Feedback!

<tantek> I think this might have been the best Tech Plenary Day I have attended. Well done organizers, speakers, and panelists.

This was a large team effort. I especially want to thank the Internet Society for their generous support. There is a feedback survey, please complete it.