See also: IRC log
<AndersonQuach_> list the agenda
<AndersonQuach_> Zhiheng: TonyG has gone thru security review with the Chrome team, suggestions include zero'ing out redirectCount in different origin navigations in the timeline, and to provide a means to disable the interface completely
<AndersonQuach_> AndersonQuach: Sounds good, as long as the disable via UI is a non-normative requirement.
<AndersonQuach_> Sigborn: We must be safe by default. The timings that reveal off-domain must not be available programmatically.
<AndersonQuach_> scribe: AndersonQuach
<AndersonQuach_> AndersonQuach: It can be feasible to attack with the same origin and a redirect service. We could remove redirectCount altogether.
<AndersonQuach_> AndersonQuach: And disable redirect and unloading timings for different origin.
<AndersonQuach_> Zhiheng: We need to hear more feedback from user-agent and security experts about the removal of redirectCount
<AndersonQuach_> Zhiheng: where is navigationStart?
<AndersonQuach_> Sigborn: What is same domain, same cookie domain?
<AndersonQuach_> Zhiheng: Same host
<AndersonQuach_> Sigborn: Cookie domain, sub domains of yahoo.com
<AndersonQuach_> AndersonQuach: where did we land with navigationStart
<AndersonQuach_> NicJansma: A->B->A->A, navigationStart should begin immediately prior the second A
<AndersonQuach_> NicJansma: for same domain with different origin redirections
<AndersonQuach_> Zhiheng: need to look to clarify navigationStart and redirectStart
<AndersonQuach_> AndersonQuach: Zhiheng, can you capture your thoughts and we'll get feedback from Jonas and TonyG?
<AndersonQuach_> NicJansma: Anderson and I will follow-up with additional feedback from our security review via mail and for the next meeting.
<AndersonQuach_> Sigborn: Should make the same domain be the same as the cookie domain, I will write it up.
<AndersonQuach_> AndersonQuach: Let's move the spec to a working draft as all the latest feedback has been incorporated.
<AndersonQuach_> AndersonQuach: Let's be explicit that this is not a user-agent benchmark.
<AndersonQuach_> Sigborn: Let's say due to the non-normative phases, the individual phases should not be used as a benchmark.
<AndersonQuach_> AndersonQuach: Agreed.
<AndersonQuach_> AndersonQuach: Let's simplify the accessing of the ResourceTiming
<AndersonQuach_> AndersonQuach: Let's say have a fixed buffer of 1000, have the ability to clear the buffer, and to expand the buffer to cater to WebApps.
<AndersonQuach_> Zhiheng: We don't want developers to crawl the page.
<AndersonQuach_> AndersonQuach: Agreed, we should have the timing centralized.
<AndersonQuach_> Zhiheng: Yup, the object should be easily serialized into a JSON object.
<AndersonQuach_> Zhiheng: How can a developer get the timing about a specific image?
<AndersonQuach_> NicJansma: Timing of a specific image?
<AndersonQuach_> Zhiheng: Yes.
<AndersonQuach_> NicJansma: ResourceTiming can have the URL and potentially the id and provide a means to filter based on type and/or id.
<AndersonQuach_> NicJansma: Goal for ResourceTiming to get timing that is inaccessible to JS.
<AndersonQuach_> NicJansma: We should keep in mind to be able to get the timing for individual elements and the collection.
<AndersonQuach_> Zhiheng: Come up with a short summary proposal and review the proposals.
<AndersonQuach_> AndersonQuach: I can write that out.
<AndersonQuach_> Zhiheng: ResourceTiming has privacy concern as well. To have an HTML header to turn this on.
<AndersonQuach_> Zhiheng: implement the allow policy in the http header.
<AndersonQuach_> Sigborn: This is possible but difficult to implement as seen in other W3C discussions.
<AndersonQuach_> NicJansma: For different origin we can reduce the amount of details, just having fetchStart -> loadEventEnd, not providing additional info via JS. Provide total time to load the content.
<AndersonQuach_> Sigborn: Expand definition of Same Origin to include Same Cookie Domain + Sub Domain.
<AndersonQuach_> AndersonQuach: 1. We agree to move spec to working draft.
<AndersonQuach_> AndersonQuach: 2. Discuss privacy offline, feedback from Tony and Jonas.
<AndersonQuach_> AndersonQuach: 3. Zhiheng will provide a proposal for navigationStart.
<AndersonQuach_> AndersonQuach: 4. Anderson will respond with the simplified resource timing proposal.
<AndersonQuach_> AndersonQuach: Thanks everyone for meeting!
list the agenda
rrsagent publish minutes
This is scribe.perl Revision: 1.135 of Date: 2009/03/02 03:52:20 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found Scribe: AndersonQuach Inferring ScribeNick: AndersonQuach WARNING: 4 scribe lines found (out of 83 total lines.) Are you sure you specified a correct ScribeNick? WARNING: No "Topic:" lines found. WARNING: Replacing previous Present list. (Old list: Sigbjorn) Use 'Present+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Present+ Zhiheng WARNING: Replacing previous Present list. (Old list: Zhiheng) Use 'Present+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Present+ NicJansma WARNING: Replacing previous Present list. (Old list: NicJansma) Use 'Present+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Present+ AndersonQuach WARNING: Replacing previous Present list. (Old list: AndersonQuach) Use 'Present+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Present+ Biesi Present: Biesi AndersonQuach Zhiheng NicJansma Sigbjorn ArvindJain WARNING: Replacing previous Regrets list. (Old list: JasonWeber) Use 'Regrets+ ... ' if you meant to add people without replacing the list, such as: <dbooth> Regrets+ plh Regrets: plh Got date from IRC log name: 20 Oct 2010 Guessing minutes URL: http://www.w3.org/2010/10/20-webperf-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report[End of scribe.perl diagnostic output]