13:07:07 RRSAgent has joined #tagmem 13:07:07 logging to http://www.w3.org/2010/11/04-tagmem-irc 13:07:09 RRSAgent, make logs public 13:07:09 Zakim has joined #tagmem 13:07:11 Zakim, this will be TAG 13:07:11 I do not see a conference matching that name scheduled within the next hour, trackbot 13:07:12 Meeting: Technical Architecture Group Teleconference 13:07:12 Date: 04 November 2010 13:07:15 zakim, this is tag 13:07:15 sorry, DKA, I do not see a conference named 'tag' in progress or scheduled at this time 13:09:12 present: Ashok, Thomas Roessler, Tim, Larry, Noah, Yves, Dan, Alexei 13:10:07 ok, Yves; conference Team_(tagmem)13:10Z scheduled with code 26636 (CONF6) for 60 minutes until 1410Z 13:10:38 zakim, who is here? 13:10:38 Team_(tagmem)13:10Z has not yet started, DKA 13:10:39 On IRC I see RRSAgent, timbl, lmm, noah, DKA, Norm, trackbot, Yves 13:10:52 present: Ashok, Thomas Roessler, Tim, Larry, Noah, Yves, Dan, Alexei 13:10:53 zakim, who is here? 13:10:53 Team_(tagmem)13:10Z has not yet started, DKA 13:10:54 On IRC I see RRSAgent, timbl, lmm, noah, DKA, Norm, trackbot, Yves 13:11:23 Scribe: Dan 13:11:28 ScribeNick: DKA 13:11:47 [intros and description of TAG's purpose] 13:12:01 Thomas: I am here representing W3C-IETF liaison. 13:12:52 Noah: [pointing out point 3 in mission statement - help coordinate cross-technology architecture developments inside and outside of W3C. 13:13:02 Noah: Topics? 13:13:33 topics: process: coordinating with IETF 13:13:46 specific documents: mime-web-info 13:13:53 specific documents: iri 13:14:25 more generally: how to coordinate better with IAB, IESG, getting TAG review of IETF things that affect web architecture 13:14:32 agenda+ specific documents: mime-web-info 13:14:33 topics: web security & privacy 13:14:40 agenda+ specific documents: iri 13:14:56 agenda+ specific documents: iri 13:15:00 tag as member of apps area review board? 13:15:09 agenda+ topics: web security & privacy 13:15:12 agenda? 13:15:30 agenda+ Web Identity 13:15:42 agenda? 13:16:04 agenda+ 13:16:09 agenda? 13:16:09 agenda? 13:16:29 http://tools.ietf.org/html/draft-masinter-mime-web-info 13:17:09 zakim, take up agendum 1 13:17:09 agendum 1. "specific documents: mime-web-info" taken up [from DKA] 13:17:13 http://tools.ietf.org/id/draft-masinter-mime-web-info-01.html 13:17:40 Noah: Started writing this document... Is this an IETF document? [where should it go?] 13:18:01 Tim: Could it be an Internet draft? 13:18:15 Noah: A TAG finding means the TAG is standing behind it? 13:18:29 Alexei: As an ID it can be circulated in IETF. 13:19:06 ... Purpose to describe issues and realign future work? 13:19:39 tlr has joined #tagmem 13:19:43 q+ 13:20:43 Larry: [describes document] 13:21:27 zakim, remove agendum 2 13:21:27 agendum 2, specific documents: iri, dropped 13:22:05 Noah: should you mention SIP? 13:22:50 Alexei: [touching on possible applicability to SIP] 13:23:06 Larry: This document is about what is wrong with MIME on the Web - it's a set of recommendations for changes. 13:23:33 Larry: Covering what are the requirements for recommendations. 13:23:56 q? 13:24:08 ack tlr 13:24:59 Thomas: looking at this document - another document needs to appear - the web is not mime - it's mime-like. There are things like transfer-encoding out of the scope of mime. 13:25:09 q? 13:25:17 ... there is relatively concrete guidance needed about what those differences are. 13:25:21 agenda? 13:25:27 ... I would love to see that documentation. 13:25:31 agenda 1- 13:25:42 ... these cost us time. 13:26:02 Larry: My goal is to fix things so that the Web can be a mime application. 13:26:13 Zakim, next agendum 13:26:13 agendum 3. "specific documents: iri" taken up [from DKA] 13:26:53 Zakim, take up agendum 1 13:26:53 agendum 1. "specific documents: mime-web-info" taken up [from DKA] 13:27:32 Larry: this document could be an IETF requirements document - it also proposes changes to w3c documents. 13:27:45 Noah: We could publish it on our own track if we wish. 13:28:02 Larry: The TAG could publish an informational document on what we recommend the IETF should do. 13:28:33 Alexei: My concern is - what is the status of this document in IETF? Should this become an IETF consensus document? 13:28:53 Larry: it's intended to be informational. 13:29:12 Alexei: Ideally it should reflect consensus of both [ietf and w3c] communities. 13:29:13 Noah: at this point, from a TAG point of view, this is a draft that Larry has asked us to review. So far, the TAG has expressed no formal opinion, though informally it's clear that we feel the effort spent on this is very worthwhile. 13:29:37 Yves: Should it be a document sent for consideration to the IAB? 13:30:18 Alexei: [possibly...] IAB does publish documents in their stream... 13:30:35 Larry: I would like to push sooner rather than later. Could we ask for review now? 13:31:24 Noah: The TAG could take an opinion on this and express it "to IETF" but this affects lots of other people at W3C - [should we reach out to other working groups and inform them of the current state]? 13:32:06 Noah: Maybe the TAG should reach out to a broader community - e.g. the chairs list and www-tag. 13:32:21 s/community/W3C community/ 13:32:55 DKA: Privacy workshop in December. There's an IAB mailing list where a joint IAB/W3C/IETF community has come together. 13:34:05 Noah: Seems like we should reach out within the w3c... Then we can decide whether to [e.g. create a mailing list].. Don't think it requires that right now. 13:35:27 .ACTION: Noah to send a note to www-tag and chairs mailing list to drive awareness of the mine document and solicit feedback. 13:35:49 s/mine/Larry's mime-web-info/ 13:36:19 .ACTION: Noah to send a note to www-tag and chairs mailing list to drive awareness of Larry's mime-web-info document and solicit feedback. 13:36:30 Larry: having an IEFT co-editor would help? 13:36:36 Alexei: Yes. 13:37:42 Alexei: [agrees to look for someone in the mime community to help with this] 13:38:59 agenda? 13:39:14 zakim, next agendum 13:39:14 agendum 3. "specific documents: iri" taken up [from DKA] 13:40:07 agenda+ more generally: how to coordinate better with IAB, IESG, getting TAG review of IETF things that affect web architecture 13:40:28 q+ to ask about draft-yao-dnsext 13:40:46 Alexei: html wg comments - they thought that some useful text was lost during transition. 13:41:04 ... should be taken care of by reporting bugs on IETF specs. 13:41:24 ... also some issues of perception on IETF process... 13:42:11 q? 13:43:06 [...discussion on current state of the specification...] 13:45:34 Tim: I was concerned with the last document we reviewed - an expectation that anyone who processes an IRI would be expected to code it up as punicode. 13:45:51 Alexei: I think that's one of the open issues. 13:46:04 Tim: There's a huge implication on software to be changed... 13:46:42 Larry: the previous RFC recommended that - compared to the harm of sending a percent-encoded hostname to a dns resolver - to a legacy, unaware client. 13:47:22 ... it was my impression that the implementations parse the URI, got the hostname out as a unicode string, then punicode it (not percent-encode it). 13:47:24 q- 13:48:08 Noah: [paraphrases tim] when these things are flying around they should be unicode or percent encoded, not punicoded. 13:48:44 Noah: if you want to work with old systems and you don't know what they do, something wrong might happen... 13:48:46 q+ 13:49:00 Tim: At some point you have to put the punicode conversion in. 13:49:38 Larry: boundary is - I have a legacy system that only takes URIs - I want to give it something valid - percent-encoded hostnames won't work - only think that will work is punicode. 13:50:39 ack next 13:50:53 Thomas: observation: punicode is something we're able to transmit over the wire with 100% fidelity. We don't have that fidelity for everything that ever may be treated as an IDN. 13:51:26 Thomas: there are mappings. These mappings [are problematic]. 13:52:24 ... e.g. greek sigma problem - difference between IDN versions... 13:52:47 ... robustness consideration that favors punicode as the thing you put on the wire. 13:53:11 Tim: You should do the punicode encoding in one place in your system - near the DNS. 13:53:24 Thomas: No, closest to the authoring. 13:54:25 agenda+ 13:54:29 agenda? 13:54:53 DKA_ has joined #tagmem 13:55:05 ScribeNick: DKA_ 13:55:10 at some point, there needs to be discussion of this draft: http://tools.ietf.org/html/draft-yao-dnsext-identical-resolution-02 13:55:15 (could be next liaison call) 13:56:50 Noah: Break. Re-convene at 4:30. 13:57:11 zakim, take up agendum 6 13:57:11 agendum 6. "more generally: how to coordinate better with IAB, IESG, getting TAG review of IETF things that affect web architecture" taken up [from DKA] 13:57:36 there is one architectural issue from the security piece that I'd like to at least put on the table with TAG, Tim and Alexey in the room. HTTP / HTTPS distinction. 13:57:41 Alexei: You [w3c] have multiple types of working groups - creating new types of groups. 13:58:10 ... Ideally it would be nice to let IETF know and IETF should let you know about BoFs and working group proposals. What's the best way to do this? 13:58:16 Tim: Where do we send it? 13:58:24 Alexei: There is a new work mailing list. 13:58:37 Larry: When new community groups get formed we could let IETF know. 13:59:02 Thomas: There's a dormant[?] new work mailing list [in ietf] 13:59:07 I'll check in with DanielD on that. 13:59:16 Noah: this sounds like a general liaison issue. 13:59:23 Thomas: I know who I need to talk to on that. 13:59:24 matt has joined #tagmem 13:59:46 Noah: In particular, I think Thomas as liaison should undertake to make sure IETF gets the notifications they need; not directly a TAG issue. 13:59:51 Larry: I wonder if there should be any workshops between TAG and IAB - higher level coordination that we should have. 14:00:02 Alexei: There is a coord call. 14:00:10 Larry: It tends to be tactical. 14:00:18 Alexei: Also process. 14:00:21 matt has left #tagmem 14:00:50 Thomas: My advice would be to find a separate channel for architectural discusssion. 14:02:13 Dan: Could we organize one joint conference call? 14:02:25 Alexei: Yes - ISG might also be interested? 14:02:58 Alexei: Could you come up a list of things you want to talk about. 14:03:32 Thomas: [Some IAB members] is trying to think about the Web as an application platform. 14:04:16 Larry: We cam up with an architecture of web applications. We haven't had the bandwidth. Could we collaborate on - e.g. security architecture, sandboxing - the thread analysis crosses protocol boundaries. 14:04:52 Noah: Next steps? 14:05:39 Alexei: IAB is trying to get an IAB presentation for Prague IETF. [Prague is 3rd week of March] 14:06:20 I think I'll take an action to (re)introduce Tim, Noah, Hannes, John, Olaf 14:06:25 Larry: the tag could offer to collaborate with the IAB on a plenary presentation to IETF on Web Application Architecture. 14:07:16 Larry: Schedule telecon time. 14:08:48 ACTION: Larry to prepare us for a teleconference with IETF-IAB on possible prague IETF presentation. 14:08:48 Created ACTION-497 - Prepare us for a teleconference with IETF-IAB on possible prague IETF presentation. [on Larry Masinter - due 2010-11-11]. 14:08:52 agenda? 14:10:31 Topic: Thomas's Security Topic 14:11:43 Thomas: Long-standing position (in IETF and W3C) that https is a mistake... 14:12:50 ... there are 2 RFCs on how to http and tls together - the standards-track one says you should use http upgrade to establish tls - as you do with all other protocols. 14:13:01 Tim: you always go in on port 80. 14:13:11 Thomas: in this case there is no such thing as https. 14:13:30 ... the other RFC (informational) says use HTTPs - new URI scheme - that is the one that is deployed. 14:13:59 Thomas: the document object models you have have different assurance levels. An important security property. 14:14:31 q+ noah 14:14:32 ... so we have and approach that is out of line with all other protocols- but out of that we have an result that is part of the Web security model - unintentional. 14:14:34 q+ tim 14:14:44 ... many are saying that upgrade is preferable. 14:15:08 ... given other dependencies (e.g. scripting environments) [this is a complex domain]. 14:15:21 ... we need to consider this together [possibly with IAB]. 14:15:37 Tim: In alternative, do you use http as the URI? 14:15:42 Thomas: you use http. 14:15:52 ... the upgrade is opportunistic. 14:16:31 Noah: One of the things we would lose then would be e.g. banks being able to hand an identifier to me that implicitly says "this is secure." 14:17:42 Dan: Most banks don't give you a readable https URI... 14:17:50 Noah: Many sidtes do... 14:18:12 Thomas: it's true to say that https takes care of the external signalling piece. 14:18:19 Nah 14:18:27 s/Nah// 14:19:06 Noah: These are different namespaces because of what we're talking about here. The space of http names are not protected. The space of names that use https do have an extra level of protection. 14:19:35 Tim: It's a common myth that it's important to keep the authentication and authorization separate. 14:19:57 ... the way the system works at the moment [is what Noah said.] 14:20:09 ... this cause problems - e.g. in the semantic web. 14:20:46 q+ to wonder what the appetite of the Web community to adopt a different approach? 14:20:57 ack next 14:20:59 ack next 14:21:07 ack next 14:21:08 DKA_, you wanted to wonder what the appetite of the Web community to adopt a different approach? 14:21:27 DKA: Is there any appetite in the Web community (user agent providers and users) to move in this direction? 14:22:43 Thomas: the point I'm getting at - the use http to do upgrade approach lingers as architecturally superior. There is work ongoing that would enable some useful upgrade-like behavior to occur. What I wanted to float: the "but you should do upgrade" approach could appear again. 14:23:14 Thomas: Articulating clearly what the architectural value fo the current distinction is would be useful [to these new efforts]. 14:23:34 Noah: I think this would be [useful to work on]. 14:24:08 Ashok: problem I'm seeing is that there is lots of current usage. 14:24:38 Noah: Tim pointed out that there are also some problems with current practice. 14:25:10 Tim: The idea on the Web is that a URI is all you need. You can follow your nose - look up specifications recursively to find out what was intended. 14:25:14 Noah: I specifically said this seemed like the sort of question the TAG might work on, I.e. whether security of name resolution and of communication to the resource should be signaled in the identifier 14:25:59 ... any system where you have to caveat a URI with extra instructions [is broken]. 14:26:31 Tim: when it's not in the Idenfitier, the breakage moves to worse places, such as shref="..." 14:27:04 agenda? 14:27:46 Adjourned 14:28:32 rrsagent, draft minutes 14:28:32 I have made the request to generate http://www.w3.org/2010/11/04-tagmem-minutes.html DKA_ 14:29:19 rrsagent, make minutes public 14:29:19 I'm logging. I don't understand 'make minutes public', DKA_. Try /msg RRSAgent help 14:29:25 rrsagent, make logs public 14:29:33 rrsagent, draft minutes 14:29:33 I have made the request to generate http://www.w3.org/2010/11/04-tagmem-minutes.html DKA_ 14:43:28 tlr has joined #tagmem 14:44:27 tlr has joined #tagmem 15:13:04 ht has joined #tagmem 15:31:53 Yves has joined #tagmem 15:47:03 timbl has joined #tagmem 15:51:10 tlr has joined #tagmem 16:00:39 tlr has joined #tagmem 16:09:36 noah has joined #tagmem