IRC log of tagmem on 2010-03-04

Timestamps are in UTC.

17:59:06 [RRSAgent]
RRSAgent has joined #tagmem
17:59:06 [RRSAgent]
logging to http://www.w3.org/2010/03/04-tagmem-irc
17:59:19 [noah]
zakim, this will be TAG
17:59:19 [Zakim]
ok, noah; I see TAG_Weekly()1:00PM scheduled to start in 1 minute
17:59:31 [DanC]
trackbot, start meeting
17:59:33 [trackbot]
RRSAgent, make logs public
17:59:35 [trackbot]
Zakim, this will be TAG
17:59:36 [Zakim]
ok, trackbot; I see TAG_Weekly()1:00PM scheduled to start in 1 minute
17:59:36 [trackbot]
Meeting: Technical Architecture Group Teleconference
17:59:36 [trackbot]
Date: 04 March 2010
18:00:05 [DKA]
DKA has joined #tagmem
18:00:07 [Zakim]
TAG_Weekly()1:00PM has now started
18:00:13 [Zakim]
+jar
18:00:39 [Ashok]
Ashok has joined #tagmem
18:00:46 [Zakim]
+DanC
18:00:54 [Zakim]
+DKA
18:01:15 [ht]
As signalled in email, I will be joining after I get off a transition call
18:01:28 [noah]
Right, Henry, I got that in the agenda
18:01:39 [noah]
I'm having some Zakim problems at the moment...trying again
18:01:52 [DKA]
Scribe me up.
18:01:58 [DKA]
Scribe: DKA
18:02:04 [DKA]
ScribeNick: DKA
18:02:07 [Zakim]
+[IBMCambridge]
18:02:14 [noah]
zakim, [IBMCambridge] is me
18:02:14 [Zakim]
+noah; got it
18:02:18 [Zakim]
+Ashok_Malhotra
18:03:55 [noah]
chair: Noah Mendelsohn
18:03:58 [DKA]
Chair: noah
18:03:58 [masinter]
masinter has joined #tagmem
18:04:17 [noah]
agenda: http://www.w3.org/2001/tag/2010/03/04-agenda
18:04:36 [noah]
zakim, who is here?
18:04:36 [Zakim]
On the phone I see jar, DanC, DKA, noah, Ashok_Malhotra
18:04:37 [Zakim]
On IRC I see masinter, Ashok, DKA, RRSAgent, Zakim, noah, ht, jar, timbl, ht_home, DanC, trackbot
18:04:50 [Zakim]
+Larry
18:05:39 [DKA]
Topic: Approve minutes of previous meeting.
18:06:00 [DKA]
zakim, mute me
18:06:02 [Zakim]
DKA should now be muted
18:06:03 [DanC]
+1 approve http://www.w3.org/2001/tag/2010/02/25-minutes.html
18:06:09 [DKA]
+1
18:06:23 [DKA]
RESOLUTION: Minutes of the 25th are approved.
18:06:36 [DKA]
Topic: Admin Items
18:07:11 [DKA]
Noah: TAG status report. HTML working group has made a few small comments. I have made small updates to reflect their contributions.
18:07:19 [DKA]
... I will publish this tomorrow or monday.
18:07:27 [DKA]
http://www.w3.org/2001/tag/2010/sum03.html
18:07:45 [DKA]
Noah: It's member-only currently.
18:08:02 [DKA]
Larry: I wondered - I scanned for a reference to the versioning work.
18:08:15 [DKA]
Noah: Can you draft a few sentences and send them to me? I'll put them in.
18:08:21 [DKA]
Larry: Ok.
18:08:43 [DKA]
Noah: Just email me "change request for the status report." I want to have it out so people can review it before the AC meeting.
18:09:20 [DKA]
Noah: Two teleconferences between now and the f2f. One on the 11th and one on the 18th. Neither I nor Tim will be available on the 18th. Can we cancel?
18:09:26 [DKA]
+1 to cancel the 18th.
18:09:34 [DKA]
RESOLUTION: Cancel the telecon on the 18th.
18:09:45 [DKA]
Noah: On the 11th, Tim will be unavailable.
18:09:59 [DKA]
I will also be unavailable next week BTW as I will be on a plane.
18:10:14 [DKA]
Noah: We may cancel it but let's leave it for now.
18:10:17 [Zakim]
+TimBL
18:10:26 [DKA]
Topic: Face to Face Meeting Agenda Preparation
18:11:04 [DanC]
q+
18:11:14 [DKA]
Noah: Quick update. We did a good job asking each of you what you're doing. Anything related to the f2f agenda to discuss?
18:11:18 [timbl_]
timbl_ has joined #tagmem
18:11:25 [DanC]
re http://www.w3.org/2001/tag/2010/03/actionsbyshepherd.html
18:11:48 [DKA]
DanC: You sent out a list - I looked at Mine and Tim's and a bunch of stuff got assigned to him. I tweaked some of those.
18:11:51 [DKA]
Noah: Fine.
18:12:33 [DKA]
Noah: I ran a little script to list all the issues open/pending by shepherd. By Monday please alert me to any of your issues that need attention in the f2f that do not have actions.
18:12:45 [DanC]
(I think I'll be sending something about ISSUE-56: (abbreviatedURIs-56), where I sent a proposal ages ago...)
18:12:49 [DKA]
Noah: Part of the role of the shepherd is to keep thinking about things we don't have actions associated with.
18:12:56 [DKA]
Noah: Questions?
18:13:42 [timbl_]
timbl_ has left #tagmem
18:14:02 [DKA]
Topic: ISSUE-41 & ACTION-396
18:14:09 [timbl]
Wonders if what is a WebID
18:14:11 [DKA]
ACTION-396?
18:14:11 [trackbot]
ACTION-396 -- Henry S. Thompson to henry to draft emails for NM to send to HTML WG chairs and to Liam+MS authors encouraging a change proposal wrt distr. extensibility by 23 March -- due 2010-03-04 -- PENDINGREVIEW
18:14:11 [trackbot]
http://www.w3.org/2001/tag/group/track/actions/396
18:14:35 [DKA]
Noah: We want to send emails on behalf of the TAG...
18:14:54 [DKA]
zakim, unmute me
18:14:54 [Zakim]
DKA should no longer be muted
18:15:07 [DKA]
zakim, mute me
18:15:07 [Zakim]
DKA should now be muted
18:15:22 [DKA]
zakim, unmute me
18:15:22 [Zakim]
DKA should no longer be muted
18:15:59 [masinter]
we were saying two things: (a) we'd reviewed the documents and think they're interesting, and (b) we're encouarging certain people to engage in the HTML WG process and offering our help in doing that.
18:16:09 [DKA]
Noah: two notes Henry was asked to send. One to HTML chairs and one to Liam Q. and MS authors and one to Henry himself...
18:16:13 [masinter]
just though the message should make the two things clear
18:16:16 [DKA]
zakim, mute me
18:16:16 [Zakim]
DKA should now be muted
18:16:31 [noah]
zakim, who is talking?
18:16:42 [Zakim]
noah, listening for 10 seconds I heard sound from the following: jar (36%), TimBL (25%), Larry (69%)
18:16:54 [noah]
Did Larry's mail ever show up in the archive?
18:17:10 [DKA]
Noah: Let's look specifically at the notes that Henry has drafted ...
18:18:17 [DKA]
Noah: Let's bless Henry's notes or fix them.
18:18:22 [DKA]
Larry: I think the fixing is just minor.
18:18:31 [masinter]
use your discression, that's fine with me
18:18:33 [DKA]
Noah: We need text I can mail.
18:18:41 [DKA]
DanC: What should we do?
18:18:57 [DKA]
Noah: Henry and Larry should go off-line and do this or we should do this now [in the call].
18:19:10 [DKA]
Noah: I'm happy with Henry's text but if Larry is concerned then we have to work through that.
18:19:14 [DKA]
Larry: That's OK.
18:19:24 [DKA]
Noah: We can go with Henry's text?
18:19:27 [DKA]
Larry: Yes.
18:19:39 [DKA]
:)
18:19:43 [masinter]
just consider in future, i think, is fine with me
18:20:02 [DKA]
RESOLUTION: Noah to send both of henry's ACTION-396 emails.
18:20:37 [DanC]
action-396?
18:20:37 [trackbot]
ACTION-396 -- Noah Mendelsohn to henry to draft emails for NM to send to HTML WG chairs and to Liam+MS authors encouraging a change proposal wrt distr. extensibility by 23 March -- due 2010-03-05 -- PENDINGREVIEW
18:20:37 [trackbot]
http://www.w3.org/2001/tag/group/track/actions/396
18:20:38 [noah]
Noah assigns himself as owner of ACTION-396
18:21:08 [DanC]
action-395?
18:21:08 [trackbot]
ACTION-395 -- Noah Mendelsohn to guide TAG to a response on HTML decentralized extensibility (self-assigned) -- due 2010-03-23 -- OPEN
18:21:08 [trackbot]
http://www.w3.org/2001/tag/group/track/actions/395
18:21:10 [noah]
ACTION-395?
18:21:10 [trackbot]
ACTION-395 -- Noah Mendelsohn to guide TAG to a response on HTML decentralized extensibility (self-assigned) -- due 2010-03-23 -- OPEN
18:21:11 [trackbot]
http://www.w3.org/2001/tag/group/track/actions/395
18:21:11 [DKA]
Noah: I would like to have permission to close ACTION-395 when I send that note.
18:21:21 [DKA]
Noah: Anyone have a problem with that?
18:21:26 [DKA]
Noah: OK I am going to do that.
18:21:31 [DKA]
Topic: http://www.w3.org/2001/tag/group/track/issues/57 & http://www.w3.org/2001/tag/group/track/actions/348: Retaining address bar following redirect
18:21:35 [jar]
zakim, unmute me
18:21:35 [Zakim]
jar should no longer be muted
18:22:04 [DanC]
close action-395
18:22:04 [noah]
close ACTION-395
18:22:04 [trackbot]
ACTION-395 Guide TAG to a response on HTML decentralized extensibility (self-assigned) closed
18:22:04 [trackbot]
ACTION-395 Guide TAG to a response on HTML decentralized extensibility (self-assigned) closed
18:22:15 [DanC]
action-395: see action-396 for follow-up
18:22:15 [trackbot]
ACTION-395 Guide TAG to a response on HTML decentralized extensibility (self-assigned) notes added
18:22:24 [DKA]
jar: Before I joined the TAG there was an open issue-57. I got assigned an action to close up one of these sub-issues.
18:22:54 [noah]
FWIW, there's still an open ISSUE-57
18:22:58 [DKA]
... question is: why is it that even though direction of HTTP spec says address should be retained on a temp redirect that none of the browsers do this?
18:23:15 [DKA]
... couldn't find much material. A mozilla bug report and a wikipedia article.
18:23:39 [DKA]
... I drafted a memo of what I know about this issue. http://www.w3.org/2001/tag/2010/02/redirects-and-address-bar.txt
18:23:45 [DKA]
Noah: Any thoughts?
18:24:00 [noah]
Noah: What, if anything, should TAG do next on this?
18:24:11 [DKA]
jar: I looked at Mozilla [bug database] but didn't look at other bug database. Should I look at others?
18:24:22 [DKA]
DanC: you found the relevant bug...
18:24:23 [timbl]
q+
18:24:37 [DKA]
Larry: Obscure wrinkle with IRIs in the address bar...
18:24:44 [DKA]
q?
18:24:46 [noah]
ack next
18:24:49 [DanC]
"I would *not* like to see this wontfixed." -- David Wood 2010-02-10 10:15:02 PST https://bugzilla.mozilla.org/show_bug.cgi?id=68423
18:24:50 [noah]
ack next
18:25:05 [timbl]
q+ to suggest that that the next step is to email the browser vendoers engineers
18:25:38 [masinter]
q+ to note that location & content-location are difficult for IRIs, since the HTTP headers are URIs but what is presented should probably be translated back, but then there are spoofing issues?
18:25:45 [noah]
q+ to say that this seems broken, but I have a sinking feeling that this train has long since left, that there might be compatibility issues, etc.
18:25:45 [DanC]
(I think "broadcast more widely" is consistent with posting a blog item)
18:25:51 [DKA]
Tim: This is interesting - next step I suggest is to mail the browser vendors. We've got them in the HTML working group. We need to broadcast more widely with what we've got. And if they still don't know why - it may well be that nobody's ever coded it because nobody's ever got round to it.
18:26:11 [jar]
q+ jar to say they probably will consider it a security bug
18:26:14 [noah]
ack next
18:26:15 [Zakim]
timbl, you wanted to suggest that that the next step is to email the browser vendoers engineers
18:26:15 [noah]
ack next
18:26:21 [Zakim]
masinter, you wanted to note that location & content-location are difficult for IRIs, since the HTTP headers are URIs but what is presented should probably be translated back, but
18:26:24 [Zakim]
... then there are spoofing issues?
18:27:30 [noah]
ack next
18:27:31 [Zakim]
noah, you wanted to say that this seems broken, but I have a sinking feeling that this train has long since left, that there might be compatibility issues, etc.
18:27:33 [DKA]
... Could we make a patch in the Mozilla codebase? Or a firefox plug-in that fixes it?
18:27:33 [DKA]
Larry: IRI document - this has more serious security problems when you allow unicode than ascii-only to the point that we [re]moving the requirement in the IRI document that human-...
18:27:35 [DanC]
(yeah... I was thinking it's orthogonal, but maybe not...)
18:28:23 [DKA]
Noah: I'm less convinced that spoofing is relevant - copy-paste - copy-paste is usually not vunerable to spoofing.
18:28:53 [DanC]
q+ to swap in a comment that boris endorses: "if I could get bigCorp.com to redirect me to mysite.com, then I could make it look as if the data was from their site" and to note the spoofing issue happens when mysite is spelled bigc&oumlaut;om
18:28:56 [noah]
ack next
18:28:57 [Zakim]
jar, you wanted to say they probably will consider it a security bug
18:28:59 [DKA]
... this seems like an obvious thing that browser vendors would have fixed it. Are there other barriers than getting the code written?
18:29:14 [Zakim]
+Ht
18:29:39 [DKA]
jar: It's worth while to try to contact the browser people. My bet is that every one of them would say that this is a spoofing or phishing risk.
18:30:13 [DKA]
... the compromise option would be to have some alternative UI control that could give you access to the original URI.
18:30:17 [DanC]
("david wood and I were suggesting" refers to what, I wonder?)
18:30:24 [noah]
I don't think we can do UI design at the level of particular new dialogs, we can just encourage exploration of ways of making two URIs available....I'm suspicous that users will just be confused.
18:30:45 [noah]
q?
18:30:51 [DKA]
... the thing about the address bar - users are going to look at the address bar - even if it's not meant to provide a particular info or endorsement, users will use it in this way.
18:31:24 [DKA]
... claim is that users are looking at the address bar to assess the trustworthiness of the content they see on the page. Things can go wrong if the redirect happened in error.
18:31:30 [masinter]
<t>There seems to be little hope of relying on either administrative or technical means to reduce the availability of spoofing exploits. For this reason, user agents SHOULD NOT relying on humans doing visual or perceptual comparison or verification of IRIs as any means of validating or assuring safety, correctness or appropriateness of an IRI. Other means of presenting users with the validity, safety, or appropriateness of visited sites
18:31:30 [masinter]
are being developed in the browser community as an alternative means of avoiding these difficulties.</t>
18:31:30 [masinter]
18:31:44 [DKA]
Tim: you've got to convince me. A trustworthy site won't redirect you to an untrustworthy site.
18:31:56 [DKA]
jar: I think the claim is it will.
18:32:06 [noah]
Is the concern that the "trustworthy" site might have been compromised?
18:32:08 [masinter]
above is proposed wording for IRIBIS
18:32:15 [DKA]
Tim: The definition of the a trustworthy site is that it won't.
18:32:19 [masinter]
q+ to note that
18:32:37 [DKA]
Tim: You could provide the effect of hiding the URI of something using frames - to retain the right to be linked to.
18:33:01 [DKA]
Tim: I want to see an attach scenario.
18:33:09 [masinter]
wonder if conneg should refer to more specific URI
18:33:11 [noah]
ack next
18:33:12 [timbl]
s/ch/ck/
18:33:13 [Zakim]
DanC, you wanted to swap in a comment that boris endorses: "if I could get bigCorp.com to redirect me to mysite.com, then I could make it look as if the data was from their site"
18:33:17 [Zakim]
... and to note the spoofing issue happens when mysite is spelled bigc&oumlaut;om
18:33:18 [DKA]
Noah: DanC can you explain what the threat is?
18:33:21 [DanC]
https://bugzilla.mozilla.org/show_bug.cgi?id=68423
18:33:56 [DKA]
DanC: Got to the bottom of this page with the more modern comments. Comment from Boris Zbarsky.
18:34:44 [DKA]
... In comment 20 - he says comment 12 seems right on the money. https://bugzilla.mozilla.org/show_bug.cgi?id=68423#c12
18:35:19 [DKA]
DanC: I don't find this persuasive.
18:35:33 [DKA]
DanC: [but others do]
18:35:35 [masinter]
convention is that temporary redirection doesn't imply delegation of speaks for
18:35:52 [masinter]
and that the address bar should match what you got and not what you asked for
18:36:11 [jar]
"if I could get bigCorp.com to redirect me to
18:36:11 [jar]
mysite.com, then I could make it look as if the data was from their site."
18:36:25 [DKA]
Tim: If I can get bigcorp.com to redirect to mysite.com, I own bigcorp.com.
18:36:42 [DanC]
("the transitive property of insecurity" was a paper by tchrist@convex, but it seems to have disappeared from the net)
18:36:49 [DKA]
Noah: You can make the case that you could own a bit of bigcorp.com but you don't own the whole site.
18:37:09 [DKA]
Tim: If I can get bank of america to redirect to my site...
18:37:48 [DKA]
Noah: ...these guys are saying that the protection is that the address bar will then say "Tim's bank". [The IRI issue is not addressed.]
18:38:08 [DKA]
DanC: if you can keep the BofA logo up there [in the address bar] then that's quite a bit less secure.
18:38:14 [timbl]
Line 1 Bank of America .. as served by akamai.com
18:38:25 [timbl]
in line 2.
18:38:26 [DKA]
Noah: UI design and security are in tension.
18:38:34 [masinter]
q?
18:38:52 [timbl]
The "Permalink:"
18:38:53 [DanC]
"I'm fine with having a way to retrieve the original URL the user tried to resolve... I just don't think it should be in the url bar." -- Boris https://bugzilla.mozilla.org/show_bug.cgi?id=68423#c22
18:38:55 [timbl]
word
18:39:10 [DKA]
... two addresses and a complex relationship between them as to what's trusted. What's the chances that this will actually help my mother notice that she's been phished.
18:39:32 [DKA]
DanC: The point of moving forward is not to stop phishing...
18:39:51 [DKA]
Noah: I'm afraid that a collareral damage from this effort is to make it less obvious when they've been phished.
18:40:10 [noah]
q?
18:40:11 [DanC]
ack next
18:40:13 [Zakim]
masinter, you wanted to note that
18:40:18 [DKA]
I wonder if secure browsing and site certificates and UI around these play into this?
18:40:40 [DanC]
q+ to say this flies in the face of trademark use
18:40:49 [DKA]
Larry: [reading requirements around human verification of IRIs]
18:41:03 [noah]
ack next
18:41:04 [Zakim]
DanC, you wanted to say this flies in the face of trademark use
18:41:17 [DKA]
Larry: Additional annotation of the IRI int he address bar as to how safe it is - like is it likely to be a spoof.
18:41:24 [noah]
That's next up on our agenda, FWIW
18:41:30 [DKA]
DanC: So people should not rely on looking at names?
18:41:33 [DKA]
Larry: Right.
18:41:55 [DKA]
[some discussion on this point]
18:42:16 [DKA]
Noah: This is Agenda Item 7 - shall we leave the floor open for discussion on both?
18:42:33 [DKA]
Noah: Can you introduce your proposal on spoofing?
18:42:54 [noah]
Larry's proposal on spoofing: http://lists.w3.org/Archives/Public/www-tag/2010Feb/0175.html
18:43:13 [noah]
=============draft============
18:43:13 [noah]
There are serious difficulties with relying on a human to verify that
18:43:13 [noah]
a presentation of an IRI to them (whether visually or read out loud)
18:43:13 [noah]
is the same as another identifier or is the one intended. These
18:43:13 [noah]
problems exist with ASCII-only URIs (bl00mberg.com vs. bloomberg.com)
18:43:14 [noah]
but are enormously exacerbated when using the larger character
18:43:16 [noah]
repertoire of Unicode; these problems are elaborated in [UTR#36].
18:43:21 [DanC]
(that was bcc'd... I wonder if the thread is only in public-iri)
18:43:22 [noah]
There seems to be little hope of relying on either administrative or
18:43:22 [noah]
technical means to reduce the availability of such exploits, to the
18:43:22 [noah]
extent that user agents SHOULD NOT relying on visual or perceptual
18:43:24 [noah]
comparison or verification of IRIs as any means of validating or
18:43:26 [noah]
assuring safety, correctness or appropriateness of an IRI.
18:43:28 [noah]
[UTR#36] also identifies additional security considerations that are
18:43:30 [noah]
applicable to IRIs.
18:43:32 [noah]
======draft============
18:43:59 [DKA]
Larry: copy-paste is still an interesting use case. .. I can see the advantage of both - having the actual URI you got to and the one you started with. That the thing you see in the address bar corresponds to what you're looking at is compelling.
18:44:09 [DKA]
DanC: But people want to bookmark the right URI.
18:44:20 [DKA]
Larry: So maybe the operation of bookmarking should be where we push.
18:44:27 [DKA]
jar: That's my suggestion.
18:44:40 [DanC]
(bookmarking and in general making links)
18:44:54 [masinter]
there are several URIs IRIs available, and which you want depends
18:45:03 [masinter]
there's also the URI vs. the IRI
18:45:20 [timbl]
12https://bugzilla.mozilla.org/token.cgi?t=ZXbZHfzCvo&a=cfmpw
18:45:27 [DanC]
(the http spec is pretty clear on which you want in the case in question, larry; don't muddy the waters)
18:45:28 [masinter]
since "location:" and "content-location:" are URI only, and yet your bookmark and copy/paste should be IRI
18:45:29 [DKA]
Tim: People bookmark things in lots of ways. I drag the icon to the left of the URI onto the desktop. You can drag that into different places [email messages, IRC channels, etc..] to do different things. My assumption is that it matches the URI I see next to it when I do that.
18:45:32 [noah]
I agree with what Tim's saying. I very often copy/paste from URI bar into email
18:45:41 [masinter]
HTTP spec doesn't account for IRIs
18:45:49 [noah]
Bookmarking is just one UI gesture. There are many others.
18:45:53 [noah]
q?
18:45:54 [masinter]
q+
18:46:06 [DKA]
Tim: I think it's a serious bug if when I bookmark it's not what's in the URI bar.
18:46:22 [noah]
q+ to wonder about hooking copy/paste?
18:46:27 [DKA]
Tim: I'm happy to be a "perm bar" with its own icon...
18:46:31 [noah]
I think this happens
18:46:37 [DKA]
Tim: How often would the permalink button come up?
18:46:41 [noah]
ack next
18:46:48 [DKA]
Many: a lot
18:47:19 [noah]
ack next
18:47:20 [Zakim]
noah, you wanted to wonder about hooking copy/paste?
18:47:24 [DKA]
Larry: What you want to present to the user is a IRI but what [they often get] is a URI...
18:47:36 [DanC]
(when there's an HTTP redirect, do the browsers map back from uri to iri before displaying in the address bar?)
18:48:41 [masinter]
the HTTP headers here are URIs, not IRIs. But the address bar, the user visual display, as well as the bookmark, should be unicode, not ASCII hex or punicoded hostnames
18:48:45 [DKA]
Noah: What if the guideline is - whenever the UA performs an operation that copies or processes a URI, at that point the user should be given a choice and make informed consent as to which one would be copied.
18:48:56 [DKA]
Noah: Could agents buy into that?
18:48:57 [masinter]
so if you redirect, you redirect to a URI, but the view should be IRI
18:49:04 [DanC]
q+ to agree that designing the UI here isn't useful, but...
18:49:04 [jar]
(TimBL above was saying he likes to drag from the favicon in the location bar onto desktop or into email etc)
18:49:08 [noah]
ack next
18:49:11 [Zakim]
DanC, you wanted to agree that designing the UI here isn't useful, but...
18:49:30 [DKA]
DanC: Jar - Please do post a blog item - that is a way to encourage UI design in this space.
18:49:52 [DKA]
Larry: I think it's worth going down the URI / IRI transition route as well.
18:50:23 [DanC]
"Dear Lazyweb, can I have a browser that knows how to bookmark the right address?" <- suggested blog title
18:50:26 [DKA]
... I actually don't think that if you redirect to something that was an IRI, the address bar doesn't seem to show a URI it shows a presentation of the IRI that undoes the unicoding of the hostname for example.
18:50:43 [DKA]
jar: I'm happy to do this as a blog post.
18:51:03 [timbl]
s/https://bugzilla.mozilla.org/token.cgi?t=ZXbZHfzCvo&a=cfmpw//
18:51:11 [timbl]
s?https://bugzilla.mozilla.org/token.cgi?t=ZXbZHfzCvo&a=cfmpw??
18:51:28 [DKA]
Noah: Either let's close action-348 or put it in another state and let's go on to the spoofing stuff.
18:51:33 [masinter]
blog posting and then other TAG members commenting on it sounds like a good way of TAG action
18:51:48 [DKA]
jar: I'm happy to close it. I will make a couple of changes based on what Dan and Tim have said.
18:51:56 [noah]
close ACTION-348
18:51:56 [trackbot]
ACTION-348 Research reasons why browser providers (e.g. Mozilla) aren't willing to meet requests (e.g. from purl) to retain address bar URL following successful redirect closed
18:51:58 [masinter]
+1 to doing that more often... use the web rather than email to post results
18:52:02 [DKA]
Noah: So we will have no option actions on the address bar thread.
18:52:14 [DKA]
Topic: http://www.w3.org/2001/tag/group/track/issues/27 & http://www.w3.org/2001/tag/group/track/actions/343: IRI Spoofing
18:52:27 [DKA]
Noah: We've had some discussion already... Anything else?
18:52:37 [noah]
FWIW, email I see because of the push model. Web I tend to miss.
18:52:43 [noah]
Email linking the Web is fine.
18:52:54 [DKA]
Larry: There is active discussion on the IRI mailing list. There's a unicode technical report that [explores] a number of the issues which I think is good.
18:52:59 [DKA]
Noah: Close the action?
18:53:05 [DanC]
fwiw, the thread: http://lists.w3.org/Archives/Public/public-iri/2010Mar/thread.html#msg0
18:53:16 [DanC]
q+
18:53:16 [DKA]
Larry: Yes I think it's under control and the relevant parties are engaged.
18:53:19 [noah]
close ACTION-343
18:53:19 [trackbot]
ACTION-343 Discuss petname application to IRI spoofing in public-iri and www-tag closed
18:53:28 [DKA]
Noah: any objections to close action-343?
18:53:30 [DKA]
[none heard]
18:53:43 [DKA]
DanC: How does public-IRI relate to the new working group?
18:53:52 [DKA]
Larry: it's now the official mailing list.
18:53:53 [DanC]
(http://lists.w3.org/Archives/Public/public-iri/ should be updated )
18:54:33 [DKA]
Topic: ACTION-380: Device API Policy Issues
18:55:24 [DKA]
DanC: Can we move to item 10?
18:55:43 [DKA]
Topic: ISSUE-62 & ACTION-363: WebFinger and Metadata Access
18:55:56 [DanC]
ACTION-354: defer to ftf
18:55:56 [trackbot]
ACTION-354 Review client side storage apis (web simple storage etc.), looking for architectural issues or other critical problems... or interesting design features the TAG should know about notes added
18:56:03 [DKA]
Noah: Defer ACTION-354 o the face-2-face.
18:56:10 [DanC]
ACTION-354 due 8 March
18:56:10 [trackbot]
ACTION-354 Review client side storage apis (web simple storage etc.), looking for architectural issues or other critical problems... or interesting design features the TAG should know about due date now 8 March
18:56:32 [DKA]
jar: gave a summary of what's going on with link header and "well known".
18:56:49 [DKA]
... semantic web coordination group meeting a week or two ago...
18:56:49 [DanC]
q+
18:57:02 [DanC]
(email to where?)
18:57:11 [noah]
q?
18:57:13 [noah]
ack next
18:57:13 [DKA]
zakim, mute me
18:57:15 [Zakim]
DKA was already muted, DKA
18:57:51 [DKA]
Jar: I was thinking of composing a short email - writing to them - copying www-tag - with recommendations.
18:58:04 [DKA]
jar: no actions were assigned at sw-cg.
18:58:29 [DKA]
Noah: What do you propose for state of ACTION-363?
18:58:43 [DKA]
DanC: Leave it open...
18:59:15 [noah]
DC: ACTION-363 should stay open as umbrella for JAR to send email to www-tag and Ivan(?)
18:59:24 [DanC]
ACTION-363: looks like next step is for jar to mail Ivan H. with copy to www-tag
18:59:24 [trackbot]
ACTION-363 Inform SemWeb CG about market developments around webfinger and metadata access, and investigate relationship to RDFa and linked data notes added
18:59:28 [DKA]
Ashok: It would work better if you guys proposed what you would like standardized.
18:59:37 [DKA]
Noah: What's WebFinger?
18:59:41 [DanC]
q+
19:00:05 [DanC]
(have we all completely forgotten what we discussed at at our last f2f? ;-)
19:00:06 [noah]
JAR: uses .wellknown at the host
19:00:25 [DKA]
Jar: WebFinger is a way to get a little bit of XML associated with an email address. It uses a well known URI at the host that gives a rule that tells you how to turn the username into another URI that you fetch to get [e.g.] public key or whatever you want.
19:00:52 [DanC]
"Personal Web Discovery, making email addresses readable again" -- http://code.google.com/p/webfinger/
19:01:01 [DKA]
Tim: smtp protocol originally had this but it was designed out due to security issues...
19:01:03 [noah]
ack next
19:01:53 [DKA]
DanC: The TAG has said "identify things with URIs" and the experience in this community of people managing accounts is that URIs are unusable but name@domainame is usable. So this is a way to use email addresses as URIs.
19:02:16 [masinter]
mailto: is a URI scheme, being updated to deal with I18N issues
19:02:28 [DKA]
q+ to note similarities to XMPP <-> HTTP community issues.
19:02:32 [noah]
ack next
19:02:35 [Zakim]
DKA, you wanted to note similarities to XMPP <-> HTTP community issues.
19:02:49 [DKA]
DanC: what I meant was that the change from the email address the URI is a local function.
19:02:59 [masinter]
prepend "mailto:" turns email address into URI
19:03:04 [timbl]
Global convention for a local function
19:03:11 [DKA]
Tim: It's a globally agreed locally executed function.
19:04:12 [noah]
DKA: XMPP community also found URI's to be inconvenient for users
19:04:16 [jar]
I think there's a level of indirection... http://x/.well-known/host-meta contains a rewrite rule that will transform user@x into an arbitrary URI (presumably containing the user name)
19:04:16 [noah]
q?
19:04:16 [DKA]
zakim, mute me
19:04:18 [Zakim]
DKA should now be muted
19:04:43 [DanC]
action-363?
19:04:43 [trackbot]
ACTION-363 -- Jonathan Rees to inform SemWeb CG about market developments around webfinger and metadata access, and investigate relationship to RDFa and linked data -- due 2010-02-24 -- OPEN
19:04:43 [trackbot]
http://www.w3.org/2001/tag/group/track/actions/363
19:04:51 [DanC]
action-363 due +2 weeks
19:04:51 [trackbot]
ACTION-363 Inform SemWeb CG about market developments around webfinger and metadata access, and investigate relationship to RDFa and linked data due date now +2 weeks
19:05:07 [DanC]
(feel free to make a better guess at due date, jar)
19:05:11 [DKA]
Topic: Device API Policy issues
19:05:16 [DKA]
ACTION-380?
19:05:16 [trackbot]
ACTION-380 -- Daniel Appelquist to draft response to Fredrick, short and to the point. Larry to review. -- due 2010-03-04 -- PENDINGREVIEW
19:05:16 [trackbot]
http://www.w3.org/2001/tag/group/track/actions/380
19:05:20 [DKA]
ack me
19:05:48 [DKA]
Noah: Along the way I had a to-do to respond to Frederick. Why is 380 there and why is it different to what I already did?
19:06:15 [masinter]
q+ to note DAP issue on W3C/IETF coordination call
19:06:21 [noah]
DKA: So, I'm a new guy...
19:06:32 [noah]
DKA: This was to be a response from the TAG.
19:06:51 [masinter]
http://lists.w3.org/Archives/Public/public-ietf-w3c/2010Mar/0002.html
19:06:55 [masinter]
yesterday
19:07:26 [noah]
http://www.w3.org/2001/tag/group/track/actions/318
19:07:31 [noah]
Send note to Device APIs and Policy (DAP) Working Group on behalf of the TAG
19:07:47 [noah]
The note I sent ends with:
19:07:47 [noah]
Thank you very much.
19:07:47 [noah]
Noah Mendelsohn
19:07:47 [noah]
For the W3C Technical Architecture Group
19:08:29 [masinter]
Thomas R. reported there Thomas: TAG feedback was that this wasn't necessarily a good approach
19:08:29 [masinter]
19:08:42 [masinter]
q?
19:09:23 [DanC]
q+ to borrow some TAG time to do team business about geolocation news...
19:09:24 [noah]
This action got opened at: http://www.w3.org/2001/tag/2010/01/28-minutes
19:09:28 [noah]
ack next
19:09:29 [Zakim]
masinter, you wanted to note DAP issue on W3C/IETF coordination call
19:10:01 [DanC]
q+ to note http://lists.w3.org/Archives/Public/public-geolocation/2010Mar/0007.html
19:10:16 [noah]
q+ to look a bit at Jan 28 minutes
19:10:31 [noah]
ack next
19:10:32 [Zakim]
DanC, you wanted to borrow some TAG time to do team business about geolocation news... and to note http://lists.w3.org/Archives/Public/public-geolocation/2010Mar/0007.html
19:10:33 [DKA]
Larry: The topic of this was the subject of the W3C-IETF coordination call. Thomas R. reported that the TAG was concerned. The message has been received [by the IETF].
19:10:48 [DKA]
q?
19:11:17 [DKA]
Larry: Topic 5 on security.
19:12:01 [masinter]
if there were assurances, they weren't in the minutes
19:12:51 [DKA]
DanC: There is a 3-march message from John Morris of CDT. Long message giving all the ingredients of a formal objection but not objecting [to Geo going to CR] and in particular to the API should include privacy.
19:13:06 [DanC]
(he's not affiliated with the IETF, but he holds a similar position)
19:13:08 [DKA]
Ashok: this is part of the action I took on last week.
19:13:13 [noah]
From John Morris' note:
19:13:13 [noah]
Thus, to be clear, we think that the W3C should proceed to finalize
19:13:13 [noah]
the 1.0 version of the specification. But – and here is where we hope
19:13:13 [noah]
the W3C Team will accommodate a variation on the normal process – we
19:13:13 [noah]
believe that the W3C Director should ALSO carefully review and
19:13:14 [noah]
evaluate the objections we have raised.
19:13:21 [noah]
Our goal is not to delay the
19:13:21 [noah]
specification, but instead is to seek guidance from the W3C as to
19:13:21 [noah]
whether both the process and substantive output of this WG meet the
19:13:22 [noah]
current standards of the W3C. If they do – and they may well – then
19:13:24 [noah]
that guidance would factor into my organization’s evaluation of its
19:13:26 [noah]
continued involvement in the W3C.
19:13:39 [DKA]
DanC: John Morris is representing CDT in this case.
19:15:41 [noah]
Minutes of 1-28 TAG meeting are: Our goal is not to delay the
19:15:41 [noah]
specification, but instead is to seek guidance from the W3C as to
19:15:41 [noah]
whether both the process and substantive output of this WG meet the
19:15:41 [noah]
current standards of the W3C. If they do – and they may well – then
19:15:41 [noah]
that guidance would factor into my organization’s evaluation of its
19:15:42 [noah]
continued involvement in the W3C.
19:15:45 [noah]
argh!!!
19:15:53 [noah]
http://www.w3.org/2001/tag/2010/01/28-minutes#item04
19:15:58 [DKA]
Tim: We [the TAG] looked at whether there was a serious technical problem. After our involvement, the working group did make a more thorough job of going over the input even though they didn't change their course.
19:16:39 [noah]
http://www.w3.org/2001/tag/2010/01/28-minutes#item04 is the telcon where ACTION-380 got assigned to DKA
19:17:12 [noah]
F2F session with TLR: http://www.w3.org/2001/tag/2009/12/08-tagmem-minutes.html#item03
19:17:17 [DanC]
tx
19:17:26 [DKA]
Tim: The architectural issue here - the architecture of including privacy information with other information. Should we encourage the consortium to have a consistent architecture across different APIs [for privacy]. Should this be designed independent of Geo and other things? There are lots of APIs for different sorts of things many of which are sensitive.
19:18:09 [DKA]
... geo has some specific issues [but] should we be looking for a consistent way of packaging information with the privacy information around it?
19:18:10 [noah]
I still like my idea of mandating the right extensibility hooks; have heard of objections from implementors, but I don't yet understand what those objections are
19:18:14 [masinter]
q+ to try to generalize privacy with security, internationalization, accessibility issues
19:18:20 [noah]
ack next
19:18:21 [Zakim]
noah, you wanted to look a bit at Jan 28 minutes
19:18:31 [noah]
http://www.w3.org/2001/tag/2010/01/28-minutes#item04 is the telcon where ACTION-380 got assigned to DKA
19:18:49 [Zakim]
-Ht
19:19:01 [timbl]
Should we be building systems so that whenever they expect data X they can also accept package of X and the social metadata about X?
19:19:04 [DKA]
http://www.escholarship.org/uc/item/0rp834wf is a good article on this BTW
19:19:29 [masinter]
to enable quality "X" protocols must accompodate transmission of auxiliary information and representation to preserve X. For I18N, it's ability to do unicode and including "lang" annotations in cases where the language context. For security, it's being clear about authority of information and a way of accessing that. For privacy there has to be a channel, and use cases of using the channel. etc.
19:19:34 [DanC]
(380 and 371 are don't to my satisfaction, regardless of their history)
19:19:39 [DKA]
Noah: I mentioned interest in extensibility mechanisms and how they play here.
19:19:58 [masinter]
because these qualities (privacy, security, internationalization, accessibility) are often not enforced merely by market forces
19:20:15 [DKA]
... wrt "ACTION-380" what is "this"?
19:20:40 [DKA]
Noah: So you did send a note.
19:20:42 [DKA]
Dan: Yes:
19:20:43 [DanC]
he sent http://lists.w3.org/Archives/Public/www-tag/2010Feb/0044.html
19:20:49 [noah]
DKA sent: http://lists.w3.org/Archives/Public/www-tag/2010Feb/0044.html
19:21:09 [DKA]
Noah: I propose we agree to close ACTION-380 then. Any objections?
19:21:13 [DKA]
Larry: It's fine.
19:21:18 [DKA]
[no objections]
19:21:26 [DKA]
close ACTION-380
19:21:26 [trackbot]
ACTION-380 Draft response to Fredrick, short and to the point. Larry to review. closed
19:21:26 [noah]
q?
19:21:33 [DanC]
action-397?
19:21:33 [trackbot]
ACTION-397 -- Ashok Malhotra to frame F2F discussion on geolocation and geopriv, with help from DKA -- due 2010-03-10 -- OPEN
19:21:33 [trackbot]
http://www.w3.org/2001/tag/group/track/actions/397
19:21:49 [noah]
ack next\
19:22:46 [DKA]
Larry: I just was wondering if there's a way this can cover other kinds of issues we've addressed in the past having to do with i18n, security... some things that are not what customers are asking for but are for the greater good. E.g. use of UNICODE.
19:23:00 [noah]
I take Larry's point in principle; I don't immediately see how to use it to frame an effective set of next steps for the TAG.
19:23:01 [DanC]
(I think the unicode stuff got worked out by market forces, in the end. it took FOREVER. how old is the utf-8 RFC?)
19:23:04 [DKA]
Larry: Similar kinds of policies around accessibility.
19:23:27 [noah]
q+ to ask Larry what to do
19:23:30 [noah]
ack next
19:23:31 [Zakim]
masinter, you wanted to try to generalize privacy with security, internationalization, accessibility issues
19:23:40 [noah]
ack next
19:23:41 [Zakim]
noah, you wanted to ask Larry what to do
19:23:47 [DKA]
Larry: A general piece of direction that we need to look a the higher level policy issues - needs beyond the market forces.
19:23:56 [DKA]
Noah: So what would the TAG do?
19:24:39 [DKA]
Larry: We have some architectural statements around accessibility. We should have a concrete position [on privacy].
19:25:05 [DKA]
Noah: Not sure what to do concretely ...
19:25:05 [masinter]
longer-term economic benefit, even if it doesn't meet short-term market needs
19:25:11 [DanC]
q+
19:25:21 [noah]
ack next
19:25:56 [DKA]
DanC: people are motivated by money or hard-earned experience...
19:26:40 [DanC]
s/money/the prospect of money/
19:26:48 [DKA]
q+ isn't there a genera architectural principle here around privacy data packaged with other data that we could / should say something about?
19:27:25 [DKA]
we did
19:27:43 [DanC]
action-380?
19:27:43 [trackbot]
ACTION-380 -- Daniel Appelquist to draft response to Fredrick, short and to the point. Larry to review. -- due 2010-03-04 -- CLOSED
19:27:43 [trackbot]
http://www.w3.org/2001/tag/group/track/actions/380
19:27:43 [timbl]
t-3
19:27:54 [DanC]
action-371?
19:27:54 [trackbot]
ACTION-371 -- Noah Mendelsohn to schedule TAG discussion of DAP WG query on policy (self-assigned) -- due 2010-01-26 -- CLOSED
19:27:54 [trackbot]
http://www.w3.org/2001/tag/group/track/actions/371
19:28:49 [noah]
DKA: Is there a concrete, technical point about packaging privacy with data?
19:29:00 [timbl]
re here around privacy data packaged with other data that we could / should say something about? ... you need to sat "q+ to ...."
19:29:16 [noah]
DKA: At the first geo meetings, I was not happy with the notion that privacy should go with APIs, now starting to doubt based on UC Berkeley paper.
19:29:22 [noah]
t-1
19:30:00 [DKA]
The Berkeley Paper: http://www.escholarship.org/uc/item/0rp834wf
19:30:16 [DanC]
action-397: perhaps take a look at http://www.escholarship.org/uc/item/0rp834wf
19:30:16 [trackbot]
ACTION-397 Frame F2F discussion on geolocation and geopriv, with help from DKA notes added
19:30:37 [DKA]
Noah: Dan A, Ashok is to propose help from you (ACTION-397) what we will discuss on the f2f.
19:30:53 [Zakim]
-Ashok_Malhotra
19:30:57 [DKA]
Noah: Adjourned.
19:31:53 [Zakim]
-DKA
19:32:02 [timbl]
How can we take advice on privacy from someone who uses frames and flash and and
19:32:30 [timbl]
javascript:dynamicLink("0rp834wf.pdf",%20true,%20"action=transientDownload;expire=72h;from=2010-03-04:11:30;key=1fe20ca9476a51e2f01d1d65ae2f4f31")
19:32:57 [noah]
Abstract:
19:32:57 [noah]
<p>The W3C's Geolocation API may rapidly standardize the transmission of location information
19:32:57 [noah]
on the Web, but, in dealing with such sensitive information, it also raises serious privacy
19:32:57 [noah]
concerns. We analyze the manner and extent to which the current W3C Geolocation API provides
19:32:57 [noah]
mechanisms to support privacy. We propose a privacy framework for the consideration of location
19:32:58 [noah]
information and use it to evaluate the W3C Geolocation API, both the specification and its use in
19:33:00 [noah]
the wild, and recommend some modifications to the API as a result of our analysis.</p>
19:33:00 [timbl]
<p>The W3C's Geolocatio
19:33:44 [timbl]
http://www.escholarship.org/uc/item/0rp834wf.pdf?action=transientDownload;expire=72h;from=2010-03-04:11:30;key=1fe20ca9476a51e2f01d1d65ae2f4f31
19:34:02 [timbl]
Cool URIs never change theu just expire
19:35:57 [noah]
noah has joined #tagmem
19:35:57 [Zakim]
-TimBL
19:36:04 [timbl]
Thank you for chairing Noah
19:40:46 [Zakim]
-DanC
19:40:48 [Zakim]
-jar
19:40:49 [Zakim]
-Larry
19:40:49 [Zakim]
TAG_Weekly()1:00PM has ended
19:40:51 [Zakim]
Attendees were jar, DanC, DKA, noah, Ashok_Malhotra, Larry, TimBL, Ht
19:47:29 [Ashok]
zakim, pointer?
19:47:29 [Zakim]
I don't understand your question, Ashok.
19:47:41 [Ashok]
rrsagent, pointer?
19:47:41 [RRSAgent]
See http://www.w3.org/2010/03/04-tagmem-irc#T19-47-41
19:51:50 [masinter]
i promised to do something today and now i don't remember what
20:01:37 [DanC]
thanks for taking the ball on updating the public-iri archive homepage, larry.
21:15:01 [jar]
jar has joined #tagmem
22:03:33 [Zakim]
Zakim has left #tagmem