See also: IRC log
<inserted> scribenick: koalie
Jeff: This year is a record, last count we had
over 560 registrants, a 10% increase since last year
... I'd like to welcome those colleagues from the IETF who took advantage of
the proximity of the IETF meeting next week in yokohama
... I am also please that Vint Cert was able to join us today
... I'm calling our panelists
... Tim Berners-Lee, inventor of the WWW and Director of the W3C
... Vint Cerf, father of the Internet
... and Jun Murai, best known as the Internet Samurai
... format of the panel is very unstructured
... I wanted to encourage conversation
<scribe> scribenick: Ian
Jeff: (to panelists) What should we be doing better as organizations? What is it important that these orgs should be working more closely together?
vint: It's pretty clear that the W3C code call
space tends to lie above the IETF layer, but there are clearly overlaps like
the hot topic of security.
... ...one thing that would be helpful if it's not already happening is for
the two organizations to share their work plans
... W3C and IETF leadership should look for ways to share current state of
developments
Jun: In Japan, we've hosted IETF and W3C meetings
...more than 30 years have passed since the origins and now everyone is using
the technologies, and driving new requirements
... I think that the Web developments are also having an impact on the lower
layers, so it's especially important that the two bodies work closely
... that's why the Japan internet group decided to host both the meetings over
these two weeks
timbl: Layering was really important to the
ability to create the Web.
... to put layering in perspective: you can run IP over anything and it's
scaled from 300 baud to much faster.
... the web browser that I wrote will still run over much faster networks
thanks to the layering
... though we have layers you have to break layers from time to time
<dom> [for those interested on discussing this layering and its needed evolutions, there is a breakout session for that: https://www.w3.org/wiki/TPAC/2015/SessionIdeas#Interacting_with_the_Networking_Layer_.28please_keep_early_in_the_day_due_to_participants_constraints.29 ]
timbl: e.g., when you need to determine whether
you trust a connection you look at TCP
... and when things break you need to be able to look into the lower layer to
see what went wrong
... e.g., I couldn't connect to a site due to a DNS issue
... layer breaking lets you fix things
... furthermore, now we have things like WebRTC / RTC Web
... you can build a P2P network between web pages...so you can build a whole
new system exchanging packets on your own mesh network, all running in a
browser
... the layers get churned up
Jun: that's a good point about connected efforts
of engineering
... as Tim said, when the Web tries to create a P2P communication model on the
edge side, which is very important in terms of traffic on the network moving
forward
... eventually it's going to be a big engineering issue around
traffic...protocol design....
Jeff: We got a lot out of the first question! Security, real-time.....
Vint: One other observation if I may stop you.
... this discussion shows you that anything can be encapsulated within
anything else.
... as a result we are seeing a lot of technology interacting
... the standards bodies that are concerned with devices such as mobile are
also being swept into these discussions.
... so not just IETF and W3C but also the standards-makers of the mobile world
(e.g., 3GPP, ITU)
... or new radio frequencies in the upper ranges
... the implications for the future is that there will be more people,
companies, researchers interested in a variety of aspects, including
security
Jeff: we are all familiar with security and the
lack thereof.
... where did we go wrong and how are we going to fix it?
Vint: I have an anecdote to share that is a
source of schizophrenia for me.
... started work on TCP with Bob Kahn .... and I started early working with
NSA to design packet cryptography
... the previous problem with crypto was that there was continuous crypto
between points
... we had the possibility of packets arriving out of order, so packet crypto
was new
... this was coming from defense dept and they wanted security
... we started working on this in 1975
... some of the equipment was classified so I couldn't share with students or
others without clearance
... in 1977, two of my colleagues published their paper on public key
crypto
... but they didn't tell you how to do it.
... and 1977 was on the edge of standardizing TCP v. 4
... I need to get something implemented and by 1978 I need to get something
built
... we freeze the design one year before RSA....
... there were a lot of operating systems back then, too
... we spent 4 years doing implementations...
... if I could go back in time and say "hang on just 1 more year...."
... we didn't quite catch the technology at the right time.
... but we were able to retrofit the architecture with the technology.
Vint: the other part, that I recall was 32-bit
address space (rather than IPV6 128bit)
... I can explain how we came up with 32 bit
... we had just done Arpanet...and it wasn't cheap
... we guessed 2 nets per country
... we guessed 128 countries
... we came up with 256.... then we guessed the number of computers
... we came up with 32 bits based on size of computers at the time
... and we thought that was enough for an experiment
... and then in 1977 we had an argument on variable length addresses...we
rejected that due to processing power
... then we thought maybe 128-bit address space...but that seemed crazy for an
experiment.
... we thought we would start with an experiment and then increase from
there
... but the experiment escaped the lab!
... sorry I am defending myself <laugh>
Jun: This is a great story about security!
... I think if you had made other choices you might have delayed the
deployment of the internet
... a lot of good security solutions were generated from our experience
... to had to learn from deployment of the Internet and it may have slowed
down deployment if we had tried to solve the security issues before the
experience
Vint: I would like to challenge people who are concerned about security...is there some irreducible level of inconvenience that's needed
timbl: The level of convenience has also gone up
so much.
... In a way, security has to be in everything. Everything you code or write
in a spec can be exploited.
... the cool thing as you pointed out implicitly about RSA.....
... public key technology was a massive change.
... that has been very exciting
... I've been frustrated that we've not been able to live up to the potential
of RSA
... people have said it didn't take off due to patents
... but you could also say it wasn't the technology piece, but rather the
social aspect
... the PGP people said "I will only trust people I've had a beer with."
... you have a key-signing party ... and you can create a trusted
infrastructure
... you had another social attitude which was that the world would have trust
imposed upon them by world bodies
... these social structures came into conflict
... if you look at the security situation, one implication of moving from the
Web to the social web
... is that we may be able to produce social protocols that will enable us to
connect to each other or friend each other
... using standard protocols in a compatible way, and once we've done that we
may realize "oh, we've all got public keys"
... so the keys could come to us through social graph, and we learn to create
user interfaces that let us vouch for each others in different ways
... so we could fulfill the promise of powerful crypto
[Jeff invites people to the mic...still no takers]
Jeff: Panelists have alluded to the broadening of
the space of people interested in what we do
... people at the physical layer (e.g., 3GPP)
... we constantly hear about internet governance topics, and nations asserting
themselves
... there is a meeting of the IGF in Brazil
... what does the engineering community need to know about govt level
conversations?
Vint: Engineers should realize that many
policymakers don't understand the Internet.
... part of our job is to help them understand what makes sense and doesn't in
policy making
Vint: I would like to suggest that the more we
use what you (engineers) do
... the more important strong authentication and integrity will be.
... there are government concerns about that.
... Toomas Hendrik Ilves is president of Estonia...he has pointed out that he
is much more concerned about integrity of data than privacy...e.g., bad data on
blood type is more a concern than someone knowing his blood type
<inserted> President Toomas Hendrik Ilves's opening speech at CyCon in Tallinn on June 4, 2014
Vint: that's a somewhat trivial example but makes
the point. The public is using the system. The system is neutral and can be
used both for good and ill.
... most governments are organized to protect people from harm.
... you are seeing reactions from people to harms that people have
perceived
... some governments want to exercise control as a response
<npdoty> Toomas Hendrik Ilves
Vint: we are spending more and more time in
various venues coping with reactions to harms that have happened to citizens
... our job is to try to help them create implementable responses that do not
destroy the fabric of the internet that has made it so valuable
timbl: We need everyone else to know how to code,
so when they sit down to write laws, they know what's possible. Just as, as a
citizen, even if you have not been formally taught the law, you understand what
the law is capable of, what police are capable of, and other similar things
... E.g., response to spam can be informed by knowledge of how to code among
policy makers
... We end up with a system that is a mix of law and code (cf. Larry
Lessig)
... when you create something like Napster, it would have been interesting to
have a forum where there could have been discussion about both the technical
ideas and the social impact
... DMCA tends to demonize hackers....risks in some cases of people reporting
bugs and going to jail
... so I think it's important to have both security angle and policy
awareness
... e.g., what is the impact of this protocol on police powers?
... Just as we'd like people in parliament to write laws that make more sense,
we also ourselves need to be prepared to take laws into account in creating
standards.
Jun: A point on policy....the Internet and the
Web are "one space".
... engineering perspective is single global space, but there are many
boundary / jurisdiction questions
Manu_Sporny: Question about getting a better
trust layer in the Web.
... we have work going on in different groups (payments, credentials)
... the W3C for the past 10 years have put effort into publishing data, but
not a lot of effort into ensuring the validity of the data.
... for several years there have been efforts to sign data
... when we bring ideas to the Membership we are met with responses such as
"we know that's important to solve, but we don't have the expertise to address
it"
... there are crypto people at W3C and IETF, but many organizations say "we
don't have a expertise" and so the work doesn't get started
... there are proposals on the table to address some of these security issues,
but we've had difficulty advancing proposals.
... if we don't have these basic specifications in place, working groups will
find themselves in a position of assuming that the data is not trustworthy,
instead of just verifying a signature
... how should we make progress?
Jun: That's an important topic. As I mentioned,
everyone is using the Web and data. Many services would like to share data with
big needs to trust.
... example, if train is delayed 2 minutes people will complain
... quality of service creates trust
... from top to bottom there are strong demands for reliability
... you asked about process... now we have a lot of service designers on top
of the Internet who are waiting for your work to be complete due to their need
for trusted services
Vint: I'm glad you've brought this up. I think
that W3C and IETF are enablers. Would it be interesting to have a conversation
among the W3C/IETF leadership
... to discuss this question "What is missing from the enabling protocol space
to make strong authentication, high integrity, and other trust building
mechanisms? What's missing from our palette that needs to be addressed?"
(Without decisions about where the work would happen.)
... what would make a big difference to the many people who are concerned
about trust and integrity? I would welcome that discussion.
Jeff: Great idea...and we can assign action items
at TPAC!
... Wendy Seltzer is the right person as IETF liaison and head of T&S
<scribe> ACTION: Wendy Seltzer to help organize a high-level discussion on what's missing in the technology and would improve the platform as an enabler? [recorded in http://www.w3.org/2015/10/27-tpac-minutes.html#action01]
Vint: Can we make a list of missing properties
that we need to enable solutions to arise?
... I think it would be worth your time to think about how to achieve that.
Timbl: You have in you head a stack of
technologies that would be great enablers. You put together a deck that shows
what you can do with these technologies. You can put together a deck and
alienate 98% of the audience. Maybe getting momentum comes somewhere in the
middle.
... avoid the trap of thinking there is one social structure.
... you need to examine how things apply in different social settings
... I agree it's a hard problem to speak to one audience and not alienate
other communities...it's a known hard problem.
Vint: Distinguish vision from hallucination
Jeff: We've been talking a lot about history and
future in broad strokes
... people will be collecting themselves into breakout groups
... Are there things we should be doing in breakouts we've not already thought
about?
Vint: I'm not sure what the sessions are. I would not want to sound arrogant. :)
<koalie> TPAC 2015 breakout sessions ideas
Vint: but one topic that might not fall within
your purview is the use of broadcast media as broadcast media (as opposed to
turning broadcast into point to point channel).
... if we could do broadcast (not multicast) to build applications that take
advantage of single transmission deliverable to multiple recipients
... what protocols would you create
... the hallucination I have is that satellites are raining packets down on
millions of receivers.
... if we could do broadcast, what would we need in terms of protocols?
Jun: Actually, Vint, there is a Web and TV group
that has been looking into that issue...not as a broadcasting protocol...
... we have a demo here at the conference center
... there is also work that's started in Europe.
Vint: Suppose we could make it possible to
transmit data to people who are in certain geographic locations (e.g., for
emergency services)
... you don't want everyone to have to receive that
... but if we could provide that in the protocol space, what would we do with
it? What would we need to build?
Jun: There are strong levels of trust necessary
for some sort of interactions (e.g., doctor)...
... every single segment of industry and agriculture has a number of issues
... starting from new areas and analyzing what's missing will be necessary.
... I was impressed with the LG presentation
... shapes other than rectangles
... for display
... I was speaking with a student at my university. She wants to be able to
display whatever she wants to design.
... what would be needed to display things in other shapes? 3 dimensions?
Timbl: There's been a lot of work put into
enterprise data integration
... typically without that a large company would not be able to function
... there's a push in some quarters that I should be able to get data that is
about me.
... I should be able to take all the data that various devices know about me
(e.g., my phone in my pocket knowing that I'm sitting on stage)
... all that data is relevant to my lifestyle and could be leveraged to make
better choices.
... I think it would be nifty to enable that.
Vint: There is an interesting challenge. Suppose
we said "Everyone should have a right to have access to all the information you
have about me." Tough question - how do you ensure that the requestor is the
person the information should be delivered to?
... which takes us back to the need for strong authentication without losing
the ability to retain anonymity at will?
<tantek> Timbl brings up how he wants to own his data, from his phone etc.
Jeff: Thank you to the panelists, join me in thanking them!
Jeff: HTML and WebApps have merged into Web Platform; Yoav Weiss will explain how we're moving forward
<deiu> scribenick: deiu
Yoav: Hi!
... first we would like to talk about use cases
... the problem is that the Web is huge!
... there a billions of users, millions of devs and not many of us
... all in all there are about 1000 people working on building the Web
platform for the entire world
... businesses need better building blocks; we don't know all the uses cases
for the devs out there
... whenever a Web developer is encountering a problem, they are supposed to
come up with a description of that problem and bring it to the right working
group
... this gets translated into implementations and features, which not always
match the expectations
[ Slide: Truck (side showing: On the road to success / there are no shortcuts) that didn't make it under an underpass (i.e. its top hit the overpass) ]
[ Laughter ]
Yoav: one way to tackle this problem is thorough
an "extensible web"
... we need to make less assumptions about what/how the dev will use the
API
... the problem is that a lot of devs just want to use the regular (high
level) features that don't reinvent the wheel
... javascript has a high cost, downloading and parsing a lot of scripts
... we need to bake stuff in and to have high level features
... so how do we improve this process?
... we also need to get customers involved in this high-level feature
development process
... we also need to get more companies involved
... the solution we came up with is the WebPlatform Incubator Community
Group
... we want to get early feedback from the community and developers, leading
to a better process
Chris: I would like to briefly give an
overview
... the basic idea is that anyone can join the CG
... we already have members from the different groups
... if you have a problem you want to attack, you post it on the discourse and
submit the problem on github
... once you get other people to say it's an interesting problem, you move
that idea to the incubator group
... you try and building momentum behind the idea
... if you think you want to move the idea to the REC track, you go and
discuss with the chairs and then try to transition to a WG
[ Slide: Thanks! ]
florian_rivoal: part of the inspiration for this CG was the responsive image, is that right?
Chris: yes, that is correct
florian_rivoal: how do you imagine the functioning of this CG to work?
Chris: we don't expect the CG to be the only
place where discussion happens
... you will get more outside participation in CGs sometimes, but at the same
time there's no interest for us to force people to only use this process
Yoav: on top of that, you can also use the discourse instance as the platform to receive feedback
<Bert1> ScribeNick: Bert1
(Adrian replaces chaals)
Adrian: WP groups combines most of delivs of
WebApps and HTML
... Really a transition
... chartered for 1 year
... Figuring out a more structured way to make progress on large # of
delivs.
... Is one group the best?
... Bringing together large # of organisations is important.
<annbass> yay for Team scribes!
Adrian: But maybe lacks focus.
... Orgs may find IP review difficult
... Maybe better structure will be more domain-specific expert together.
... We'll try this next year.
... Maybe we'll find this is the right structure. or maybe we find out what
is.
... What is the right structure of developing HTML spec?
... Consensus was for more modular specs.
... HTML5 is huge spec.
... Difficult to consume.
... Important part of the platform.
... Consensus last year was for more modular design. But difficult.
... And little progress so far.
... So work next year is to figure that out.
... The plan is to have another break-out today.
... Would be helpful if people have ideas.
... Questions?
tantek: Modularizing turned out difficult, you
said. Maybe start with a minimal HTML5
... a subset that is usable and desirable.
... Evidence exists that it is possible
adrian: I said difficult, not *too* difficult.
<tantek> evidence is the example of AMP as an experiment and proposal.
mikeC: How do the chairs and team see the WG working together with the CG and the maintenance of th old specs of prev. groups?
adrian: Good q.
... Charter calls out for new work to start in the incubator group.
... I past seen rush to adopt first proposal.
... And difficult to convince people we made a mistake.
... Ability to start with rough idea, iterate.
... Ideas may fall by wayside.
... Co-chairs of incubator group can help people find a good home for
proposals.
... Incubator group continues to work on specs added to its charter.
... We will maintain specs from the past.
... More interoperable.
... I'll be around today for more questions.
[ Applause ]
jeff: One slot before lunch.
... three this afternoon
... Next half hour - 45 mins to put the breakouts together.
... Thanks to the people who set this up.
... We all work to lead the Web to its full potential.
... I'd like to thanks the admin team
... [names] who have done tremendous work
... Also thanks to systems team.
... We got some supporter companies also
... [systeam names], thank you all!
... Couldn't run it without the dedicated team here in Japan
... entire Keio staff
... Thanks!
... Also the speakers, panelists, in AC, in WGs, and scribes!
... Invite Ian up here to set up the rest of the day.
<timeless> scribenick: timeless
Ian: raise your hand if you have not participated in unconference
[ some hands, not many ]
Ian: ok, so for those of you who are new...
... this is the chaotic portion
... there are 52 slots
... capacity (red at the top)
... I want to do a thing about Web Payments architecture
... imagine Adrian wants to do web payments in some room
... when we stabilize the board, it'll be obvious, and we'll transfer it to
the web
... we have big pads to be laid out vertically
... we have smaller pads when things run out
... we have black markers
... any questions?
... it'll stabilize and then you'll know when
MarkWatson: which rooms have dialin?
Ian: Don't know
koalie: None
Ian: Other questions?
[ None ]
Ian: come up, put sessions on board
... you don't have to come up at once
[ Rush ]
glazou: cwilso, it's not a rugby session
Ian: Another comment, for those who put their
sessions in the wiki, thank you
... we have a great selection ahead of us
... we didn't copy them, please come up and place yours on the board
... (we weren't sure if you were here)
[ Scribing pauses while people make a mess of the grid ]
JudyZhu: We welcome you to attend HTML5 Testing breakout session
Ian: within 5 minutes, we'll close the bidding
... chaals is here
... with that, we have a frozen board
... we'll be transferring that to the web site
... pictures are good too
... we're also tweeting the schedule, you can check it from the @w3c twitter
account
... thank you very much
<giuseppe> will someone fill in the wiki with the breakout sessions?
<koalie> Yes, in https://www.w3.org/wiki/TPAC/2015#Session_Grid