W3C

- DRAFT -

Technical Plenary 2015

27 Oct 2015

Agenda

See also: IRC log

Attendees

Present
Jeff_Jaffe, Tim_Berners-Lee, Vint_Cerf, Jun_Murai
Regrets
Chair
JeffJaffe
Scribe
koalie, Ian, deiu, Bert1, timeless

Contents


Welcome

<inserted> scribenick: koalie

Jeff: This year is a record, last count we had over 560 registrants, a 10% increase since last year
... I'd like to welcome those colleagues from the IETF who took advantage of the proximity of the IETF meeting next week in yokohama
... I am also please that Vint Cert was able to join us today
... I'm calling our panelists
... Tim Berners-Lee, inventor of the WWW and Director of the W3C
... Vint Cerf, father of the Internet
... and Jun Murai, best known as the Internet Samurai
... format of the panel is very unstructured
... I wanted to encourage conversation

<scribe> scribenick: Ian

What should we be doing better as organizations

Jeff: (to panelists) What should we be doing better as organizations? What is it important that these orgs should be working more closely together?

vint: It's pretty clear that the W3C code call space tends to lie above the IETF layer, but there are clearly overlaps like the hot topic of security.
... ...one thing that would be helpful if it's not already happening is for the two organizations to share their work plans
... W3C and IETF leadership should look for ways to share current state of developments

Jun: In Japan, we've hosted IETF and W3C meetings ...more than 30 years have passed since the origins and now everyone is using the technologies, and driving new requirements
... I think that the Web developments are also having an impact on the lower layers, so it's especially important that the two bodies work closely
... that's why the Japan internet group decided to host both the meetings over these two weeks

timbl: Layering was really important to the ability to create the Web.
... to put layering in perspective: you can run IP over anything and it's scaled from 300 baud to much faster.
... the web browser that I wrote will still run over much faster networks thanks to the layering
... though we have layers you have to break layers from time to time

<dom> [for those interested on discussing this layering and its needed evolutions, there is a breakout session for that: https://www.w3.org/wiki/TPAC/2015/SessionIdeas#Interacting_with_the_Networking_Layer_.28please_keep_early_in_the_day_due_to_participants_constraints.29 ]

timbl: e.g., when you need to determine whether you trust a connection you look at TCP
... and when things break you need to be able to look into the lower layer to see what went wrong
... e.g., I couldn't connect to a site due to a DNS issue
... layer breaking lets you fix things
... furthermore, now we have things like WebRTC / RTC Web
... you can build a P2P network between web pages...so you can build a whole new system exchanging packets on your own mesh network, all running in a browser
... the layers get churned up

Jun: that's a good point about connected efforts of engineering
... as Tim said, when the Web tries to create a P2P communication model on the edge side, which is very important in terms of traffic on the network moving forward
... eventually it's going to be a big engineering issue around traffic...protocol design....

Jeff: We got a lot out of the first question! Security, real-time.....

Vint: One other observation if I may stop you.
... this discussion shows you that anything can be encapsulated within anything else.
... as a result we are seeing a lot of technology interacting
... the standards bodies that are concerned with devices such as mobile are also being swept into these discussions.
... so not just IETF and W3C but also the standards-makers of the mobile world (e.g., 3GPP, ITU)
... or new radio frequencies in the upper ranges
... the implications for the future is that there will be more people, companies, researchers interested in a variety of aspects, including security

Jeff: we are all familiar with security and the lack thereof.
... where did we go wrong and how are we going to fix it?

A regret: Releasing early (just before RSA)

Vint: I have an anecdote to share that is a source of schizophrenia for me.
... started work on TCP with Bob Kahn .... and I started early working with NSA to design packet cryptography
... the previous problem with crypto was that there was continuous crypto between points
... we had the possibility of packets arriving out of order, so packet crypto was new
... this was coming from defense dept and they wanted security
... we started working on this in 1975
... some of the equipment was classified so I couldn't share with students or others without clearance
... in 1977, two of my colleagues published their paper on public key crypto
... but they didn't tell you how to do it.
... and 1977 was on the edge of standardizing TCP v. 4
... I need to get something implemented and by 1978 I need to get something built
... we freeze the design one year before RSA....
... there were a lot of operating systems back then, too
... we spent 4 years doing implementations...
... if I could go back in time and say "hang on just 1 more year...."
... we didn't quite catch the technology at the right time.
... but we were able to retrofit the architecture with the technology.

Choosing on 32bits for IPv4 addressing

Vint: the other part, that I recall was 32-bit address space (rather than IPV6 128bit)
... I can explain how we came up with 32 bit
... we had just done Arpanet...and it wasn't cheap
... we guessed 2 nets per country
... we guessed 128 countries
... we came up with 256.... then we guessed the number of computers
... we came up with 32 bits based on size of computers at the time
... and we thought that was enough for an experiment
... and then in 1977 we had an argument on variable length addresses...we rejected that due to processing power
... then we thought maybe 128-bit address space...but that seemed crazy for an experiment.
... we thought we would start with an experiment and then increase from there
... but the experiment escaped the lab!
... sorry I am defending myself <laugh>

Jun: This is a great story about security!
... I think if you had made other choices you might have delayed the deployment of the internet
... a lot of good security solutions were generated from our experience
... to had to learn from deployment of the Internet and it may have slowed down deployment if we had tried to solve the security issues before the experience

An irreducible level of inconvenience that's needed for security

Vint: I would like to challenge people who are concerned about security...is there some irreducible level of inconvenience that's needed

timbl: The level of convenience has also gone up so much.
... In a way, security has to be in everything. Everything you code or write in a spec can be exploited.
... the cool thing as you pointed out implicitly about RSA.....
... public key technology was a massive change.
... that has been very exciting
... I've been frustrated that we've not been able to live up to the potential of RSA
... people have said it didn't take off due to patents
... but you could also say it wasn't the technology piece, but rather the social aspect
... the PGP people said "I will only trust people I've had a beer with."
... you have a key-signing party ... and you can create a trusted infrastructure
... you had another social attitude which was that the world would have trust imposed upon them by world bodies
... these social structures came into conflict
... if you look at the security situation, one implication of moving from the Web to the social web
... is that we may be able to produce social protocols that will enable us to connect to each other or friend each other
... using standard protocols in a compatible way, and once we've done that we may realize "oh, we've all got public keys"
... so the keys could come to us through social graph, and we learn to create user interfaces that let us vouch for each others in different ways
... so we could fulfill the promise of powerful crypto

[Jeff invites people to the mic...still no takers]

Jeff: Panelists have alluded to the broadening of the space of people interested in what we do
... people at the physical layer (e.g., 3GPP)
... we constantly hear about internet governance topics, and nations asserting themselves
... there is a meeting of the IGF in Brazil
... what does the engineering community need to know about govt level conversations?

Vint: Engineers should realize that many policymakers don't understand the Internet.
... part of our job is to help them understand what makes sense and doesn't in policy making

Authentication as (possibly) more important than Confidentiality

Vint: I would like to suggest that the more we use what you (engineers) do
... the more important strong authentication and integrity will be.
... there are government concerns about that.
... Toomas Hendrik Ilves is president of Estonia...he has pointed out that he is much more concerned about integrity of data than privacy...e.g., bad data on blood type is more a concern than someone knowing his blood type

<inserted> President Toomas Hendrik Ilves's opening speech at CyCon in Tallinn on June 4, 2014

Vint: that's a somewhat trivial example but makes the point. The public is using the system. The system is neutral and can be used both for good and ill.
... most governments are organized to protect people from harm.
... you are seeing reactions from people to harms that people have perceived
... some governments want to exercise control as a response

<npdoty> Toomas Hendrik Ilves

Vint: we are spending more and more time in various venues coping with reactions to harms that have happened to citizens
... our job is to try to help them create implementable responses that do not destroy the fabric of the internet that has made it so valuable

timbl: We need everyone else to know how to code, so when they sit down to write laws, they know what's possible. Just as, as a citizen, even if you have not been formally taught the law, you understand what the law is capable of, what police are capable of, and other similar things
... E.g., response to spam can be informed by knowledge of how to code among policy makers
... We end up with a system that is a mix of law and code (cf. Larry Lessig)
... when you create something like Napster, it would have been interesting to have a forum where there could have been discussion about both the technical ideas and the social impact
... DMCA tends to demonize hackers....risks in some cases of people reporting bugs and going to jail
... so I think it's important to have both security angle and policy awareness
... e.g., what is the impact of this protocol on police powers?
... Just as we'd like people in parliament to write laws that make more sense, we also ourselves need to be prepared to take laws into account in creating standards.

Jun: A point on policy....the Internet and the Web are "one space".
... engineering perspective is single global space, but there are many boundary / jurisdiction questions

Question about Better Trust layer in the web

Manu_Sporny: Question about getting a better trust layer in the Web.
... we have work going on in different groups (payments, credentials)
... the W3C for the past 10 years have put effort into publishing data, but not a lot of effort into ensuring the validity of the data.
... for several years there have been efforts to sign data
... when we bring ideas to the Membership we are met with responses such as "we know that's important to solve, but we don't have the expertise to address it"
... there are crypto people at W3C and IETF, but many organizations say "we don't have a expertise" and so the work doesn't get started
... there are proposals on the table to address some of these security issues, but we've had difficulty advancing proposals.
... if we don't have these basic specifications in place, working groups will find themselves in a position of assuming that the data is not trustworthy, instead of just verifying a signature
... how should we make progress?

Jun: That's an important topic. As I mentioned, everyone is using the Web and data. Many services would like to share data with big needs to trust.
... example, if train is delayed 2 minutes people will complain
... quality of service creates trust
... from top to bottom there are strong demands for reliability
... you asked about process... now we have a lot of service designers on top of the Internet who are waiting for your work to be complete due to their need for trusted services

Vint: I'm glad you've brought this up. I think that W3C and IETF are enablers. Would it be interesting to have a conversation among the W3C/IETF leadership
... to discuss this question "What is missing from the enabling protocol space to make strong authentication, high integrity, and other trust building mechanisms? What's missing from our palette that needs to be addressed?" (Without decisions about where the work would happen.)
... what would make a big difference to the many people who are concerned about trust and integrity? I would welcome that discussion.

Jeff: Great idea...and we can assign action items at TPAC!
... Wendy Seltzer is the right person as IETF liaison and head of T&S

<scribe> ACTION: Wendy Seltzer to help organize a high-level discussion on what's missing in the technology and would improve the platform as an enabler? [recorded in http://www.w3.org/2015/10/27-tpac-minutes.html#action01]

Vint: Can we make a list of missing properties that we need to enable solutions to arise?
... I think it would be worth your time to think about how to achieve that.

Timbl: You have in you head a stack of technologies that would be great enablers. You put together a deck that shows what you can do with these technologies. You can put together a deck and alienate 98% of the audience. Maybe getting momentum comes somewhere in the middle.
... avoid the trap of thinking there is one social structure.
... you need to examine how things apply in different social settings
... I agree it's a hard problem to speak to one audience and not alienate other communities...it's a known hard problem.

Vint: Distinguish vision from hallucination

Leading to Breakout Sessions

Jeff: We've been talking a lot about history and future in broad strokes
... people will be collecting themselves into breakout groups
... Are there things we should be doing in breakouts we've not already thought about?

Vint: I'm not sure what the sessions are. I would not want to sound arrogant. :)

<koalie> TPAC 2015 breakout sessions ideas

Vint: but one topic that might not fall within your purview is the use of broadcast media as broadcast media (as opposed to turning broadcast into point to point channel).
... if we could do broadcast (not multicast) to build applications that take advantage of single transmission deliverable to multiple recipients
... what protocols would you create
... the hallucination I have is that satellites are raining packets down on millions of receivers.
... if we could do broadcast, what would we need in terms of protocols?

Jun: Actually, Vint, there is a Web and TV group that has been looking into that issue...not as a broadcasting protocol...
... we have a demo here at the conference center
... there is also work that's started in Europe.

Vint: Suppose we could make it possible to transmit data to people who are in certain geographic locations (e.g., for emergency services)
... you don't want everyone to have to receive that
... but if we could provide that in the protocol space, what would we do with it? What would we need to build?

Jun: There are strong levels of trust necessary for some sort of interactions (e.g., doctor)...
... every single segment of industry and agriculture has a number of issues
... starting from new areas and analyzing what's missing will be necessary.
... I was impressed with the LG presentation
... shapes other than rectangles
... for display
... I was speaking with a student at my university. She wants to be able to display whatever she wants to design.
... what would be needed to display things in other shapes? 3 dimensions?

Timbl: There's been a lot of work put into enterprise data integration
... typically without that a large company would not be able to function
... there's a push in some quarters that I should be able to get data that is about me.
... I should be able to take all the data that various devices know about me (e.g., my phone in my pocket knowing that I'm sitting on stage)
... all that data is relevant to my lifestyle and could be leveraged to make better choices.
... I think it would be nifty to enable that.

Vint: There is an interesting challenge. Suppose we said "Everyone should have a right to have access to all the information you have about me." Tough question - how do you ensure that the requestor is the person the information should be delivered to?
... which takes us back to the need for strong authentication without losing the ability to retain anonymity at will?

<tantek> Timbl brings up how he wants to own his data, from his phone etc.

Jeff: Thank you to the panelists, join me in thanking them!

Web Platform Incubator Community Group

Jeff: HTML and WebApps have merged into Web Platform; Yoav Weiss will explain how we're moving forward

<deiu> scribenick: deiu

Yoav: Hi!
... first we would like to talk about use cases
... the problem is that the Web is huge!
... there a billions of users, millions of devs and not many of us
... all in all there are about 1000 people working on building the Web platform for the entire world
... businesses need better building blocks; we don't know all the uses cases for the devs out there
... whenever a Web developer is encountering a problem, they are supposed to come up with a description of that problem and bring it to the right working group
... this gets translated into implementations and features, which not always match the expectations

[ Slide: Truck (side showing: On the road to success / there are no shortcuts) that didn't make it under an underpass (i.e. its top hit the overpass) ]

[ Laughter ]

Yoav: one way to tackle this problem is thorough an "extensible web"
... we need to make less assumptions about what/how the dev will use the API
... the problem is that a lot of devs just want to use the regular (high level) features that don't reinvent the wheel
... javascript has a high cost, downloading and parsing a lot of scripts
... we need to bake stuff in and to have high level features
... so how do we improve this process?
... we also need to get customers involved in this high-level feature development process
... we also need to get more companies involved
... the solution we came up with is the WebPlatform Incubator Community Group
... we want to get early feedback from the community and developers, leading to a better process

Chris: I would like to briefly give an overview
... the basic idea is that anyone can join the CG
... we already have members from the different groups
... if you have a problem you want to attack, you post it on the discourse and submit the problem on github
... once you get other people to say it's an interesting problem, you move that idea to the incubator group
... you try and building momentum behind the idea
... if you think you want to move the idea to the REC track, you go and discuss with the chairs and then try to transition to a WG

[ Slide: Thanks! ]

florian_rivoal: part of the inspiration for this CG was the responsive image, is that right?

Chris: yes, that is correct

florian_rivoal: how do you imagine the functioning of this CG to work?

Chris: we don't expect the CG to be the only place where discussion happens
... you will get more outside participation in CGs sometimes, but at the same time there's no interest for us to force people to only use this process

Yoav: on top of that, you can also use the discourse instance as the platform to receive feedback

<Bert1> ScribeNick: Bert1

Web Platform WG

(Adrian replaces chaals)

Adrian: WP groups combines most of delivs of WebApps and HTML
... Really a transition
... chartered for 1 year
... Figuring out a more structured way to make progress on large # of delivs.
... Is one group the best?
... Bringing together large # of organisations is important.

<annbass> yay for Team scribes!

Adrian: But maybe lacks focus.
... Orgs may find IP review difficult
... Maybe better structure will be more domain-specific expert together.
... We'll try this next year.
... Maybe we'll find this is the right structure. or maybe we find out what is.
... What is the right structure of developing HTML spec?
... Consensus was for more modular specs.
... HTML5 is huge spec.
... Difficult to consume.
... Important part of the platform.
... Consensus last year was for more modular design. But difficult.
... And little progress so far.
... So work next year is to figure that out.
... The plan is to have another break-out today.
... Would be helpful if people have ideas.
... Questions?

tantek: Modularizing turned out difficult, you said. Maybe start with a minimal HTML5
... a subset that is usable and desirable.
... Evidence exists that it is possible

adrian: I said difficult, not *too* difficult.

<tantek> evidence is the example of AMP as an experiment and proposal.

mikeC: How do the chairs and team see the WG working together with the CG and the maintenance of th old specs of prev. groups?

adrian: Good q.
... Charter calls out for new work to start in the incubator group.
... I past seen rush to adopt first proposal.
... And difficult to convince people we made a mistake.
... Ability to start with rough idea, iterate.
... Ideas may fall by wayside.
... Co-chairs of incubator group can help people find a good home for proposals.
... Incubator group continues to work on specs added to its charter.
... We will maintain specs from the past.
... More interoperable.
... I'll be around today for more questions.

[ Applause ]

rest of today

jeff: One slot before lunch.
... three this afternoon
... Next half hour - 45 mins to put the breakouts together.
... Thanks to the people who set this up.
... We all work to lead the Web to its full potential.
... I'd like to thanks the admin team
... [names] who have done tremendous work
... Also thanks to systems team.
... We got some supporter companies also
... [systeam names], thank you all!
... Couldn't run it without the dedicated team here in Japan
... entire Keio staff
... Thanks!
... Also the speakers, panelists, in AC, in WGs, and scribes!
... Invite Ian up here to set up the rest of the day.

<timeless> scribenick: timeless

Ian: raise your hand if you have not participated in unconference

[ some hands, not many ]

Ian: ok, so for those of you who are new...
... this is the chaotic portion
... there are 52 slots
... capacity (red at the top)
... I want to do a thing about Web Payments architecture
... imagine Adrian wants to do web payments in some room
... when we stabilize the board, it'll be obvious, and we'll transfer it to the web
... we have big pads to be laid out vertically
... we have smaller pads when things run out
... we have black markers
... any questions?
... it'll stabilize and then you'll know when

MarkWatson: which rooms have dialin?

Ian: Don't know

koalie: None

Ian: Other questions?

[ None ]

Ian: come up, put sessions on board
... you don't have to come up at once

[ Rush ]

glazou: cwilso, it's not a rugby session

Ian: Another comment, for those who put their sessions in the wiki, thank you
... we have a great selection ahead of us
... we didn't copy them, please come up and place yours on the board
... (we weren't sure if you were here)

[ Scribing pauses while people make a mess of the grid ]

JudyZhu: We welcome you to attend HTML5 Testing breakout session

Ian: within 5 minutes, we'll close the bidding
... chaals is here
... with that, we have a frozen board
... we'll be transferring that to the web site
... pictures are good too
... we're also tweeting the schedule, you can check it from the @w3c twitter account
... thank you very much

<giuseppe> will someone fill in the wiki with the breakout sessions?

<koalie> Yes, in https://www.w3.org/wiki/TPAC/2015#Session_Grid

Photo of the breakout sessions post-it notes

Summary of Action Items

[NEW] ACTION: Wendy Seltzer to help organize a high-level discussion on what's missing in the technology and would improve the platform as an enabler? [recorded in http://www.w3.org/2015/10/27-tpac-minutes.html#action01]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/11/02 05:34:10 $