See also: IRC log
we only have 5 people on the phone right now
<eprodrom> sorry, just joining
<eprodrom> scribe?
i'll scribe
<annbass> whoops .. I said I would, but guess I'm muted
<scribe> scribenick: ben_thatmustbeme
<scribe> Scribe: Ben Roberts
Chair Evan Prodrom
eprodrom: lets get started, we have a few minutes to review
<annbass> I really appreciate Amy's summary notes: http://rhiaro.co.uk/2016/03/socialwg5-summary
<eprodrom> https://www.w3.org/wiki/Socialwg/2016-03-08-minutes
<annbass> +1
<tsyesika> +1
<eprodrom> +1
<aaronpk> +1
eprodrom: this is a little bit of catch up, but from 3 weeks ago. +1's
+1
eprodrom: without any objections
<eprodrom> https://www.w3.org/wiki/Socialwg/2016-03-16-minutes
<eprodrom> https://www.w3.org/wiki/Socialwg/2016-03-17-minutes
RESOLUTION: approve https://mit.webex.com/mit/j.php?MTID=m50f0bafc1786c39b29ccd41ad22a98a9
<tantek> (btw it's ok to ask for more time to review)
<tantek> ben_thatmustbeme, wat?
<eprodrom> +1
eprodrom: as annbass mentioned in IRC, rhiaro did a very nice summary of minutes from f2f
<annbass> +1
<tantek> (I admit I was at the f2f and have not reviewed the minutes, but if everyone else is ok, I'm not objecting)
<aaronpk> +1
RESOLUTION: approve https://www.w3.org/wiki/Socialwg/2016-03-08-minutes
eprodrom: i have only given a
slight look but they look ok to me. Would anyone like to defer
to next week?
... if not we'll just call this resolved
RESOLUTION: approve the minutes for 3/16 and 3/17
<Loqi> Cwebber2 made 1 edit to [[Socialwg/2016-03-29]] https://www.w3.org/wiki/index.php?diff=97979&oldid=97977
eprodrom: i think this covers all
our administrative issues, but its worth noting that we set up
a schedule for face to faces for the next 9 months
... our plan is to have them in June, Sept, and i think
November
<tantek> see https://www.w3.org/wiki/Socialwg#Future_Meetings for next f2fs
eprodrom: if you were not at the
F2F you should check that to see that they fit your
schedule
... see link in IRC, thank you tantek
<tantek> in particular please RSVP ASAP to https://www.w3.org/wiki/Socialwg/2016-06-07
eprodrom: we have Portland in June, Lisbon in September
<tantek> (only 7 RSVPs so far https://www.w3.org/wiki/Socialwg/2016-06-07#Participation everyone should say if they can go or not)
eprodrom: maybe i can, as unfortunately both chair and editor today, you'll hear me a lot
<tantek> ack eprodrom :)
eprodrom: where we got at the F2F
is that a couple of the big items for AS2 we got worked
out
... conformance clause and ?
... test suite
... unfortunately by the time we got to Boston, we had a number
of issues that arose
... our current list is 13 issues, we addressed a number of
these at f2f
... a majority of the ones tha required input from the group we
resolved
... unfortunately some of them, the main editor who was not
participating in boston, -1'd them and so we may have to
resolve some of those again
<eprodrom> jasnell?
eprodrom: it comes down to an
issue of an editor is opposed to a group resolution so i
suggest we re-open some of these issues and try to resolve them
again
... i think james is not on the call
<Zakim> tantek, you wanted to discuss procedural clarification
eprodrom: I think that we pushed these forward while james wasn't there, he pushed back on them, and I'd like to come to a resolution with him on these, if we can't we'll have to figure out the proceedure
tantek: for w3c, we do try to get
consensus, we try to get the dissenter to explain their
position. Its possible that person has found a flaw that no one
else sees
... when they present that, often others see the issue and
change their vote
... if after the explanation, no one else is still opposed,
after that it becomes an issue for the chairs and a chair can
declare consensus and just note the official objection
... but to do that we need james to call in
... the next step would be to get james to commit to a specific
telcon where he can call in and give his explanation, we really
need him to explain it himself, since there is usually back and
forth
... if he is not on the call, that falls to the chair, to
decide how long to wait and if it runs too long we have to make
a judgement call on that
... maybe we could action you evan to contact james
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-29]] https://www.w3.org/wiki/index.php?diff=97980&oldid=97979
eprodrom: that sounds good, i'll
take it as an action on myself to get in contact with james and
try to resolve these
... if we can get these resolutions done the rest is just
editorial issues
tantek: and remind james that these are blocking CR for us, so the sooner he can get them done, the better
eprodrom: hopefully we can get
james in for next weeks telcon
... hopefully we can get some resolutions online
tantek: great
<eprodrom> https://github.com/w3c-social/activitystreams-validator
i think this is a left-over from before, as we haven't had much movement in the past two weeks
<eprodrom> https://as2.rocks/
eprodrom: i gave a demo at f2f, there is still quite a bit of work to be done as far as making it look better and such, but it is at a usable point for people to test their as2 documents
<eprodrom> https://github.com/w3c-social/activitystreams-validator/issues
eprodrom: at the f2f we felt this
met our needs for our test suite. I think there is some
additional work that is going to go on there. There are a few
open issues that i will link in IRC, but thats going to be an
ongoing developement effort
... any questions about validator or test suite?
... hearing none, lets move on
eprodrom: we've already discussed
as2 lets start discussing other documents
... i'm not sure it makes sense to just highlight changes in
the last week
... i note that aaronpk has added a seperate discussion item
around webmention
... for any of the OTHER documents, have we had any significant
developements since 2 weeks ago
aaronpk: with micropub i don't have a new draft published, but i do have an editors draft with the combined micropub and activitypub syntax. I'd say it is very much in progress right now
eprodrom: excellent and you are
coordinating with amy chris and jessica about that?
... do you need anything else from us?
aaronpk: no
eprodrom: anything for activitypub?
<annbass> aaronpk -- I'll be happy to edit your new draft (for 'English'), when it's ready
tsyesika: we have done some work, but we have been busy and have not had a chance to close all the issues YET
<aaronpk> thanks ann!
eprodrom: lets move on to webmentions
<aaronpk> https://www.w3.org/TR/2016/WD-webmention-20160329/
aaronpk: i published a new draft
of webmention with things we disucssed (links new
version)
... its not a huge change but there is a bunch of language and
phrasing clarification, some of that thanks to annbass.
... there is a new section about sending webmentions when you
edit posts
... there is a new section on conformance criteria
... and the note about not sending to localhost
... and the note about turning field names in to URIs
... those are the summary of changes in this draft
eprodrom: and this is a live WD,
FANTASTIC
... thats a good step forward for us
... are there other issue around WM we need to discuss
aaronpk: yes, i used our new labels and went through all old issues and added appropriate labels to them
aaronpk: in doing that there were
a couple that were marked for review by the group
... i wanted to get some group feedback on this
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-29]] https://www.w3.org/wiki/index.php?diff=97981&oldid=97980
<aaronpk> https://github.com/aaronpk/webmention/issues/20
aaronpk: issue 20 is a
challenging one, we talked about this at F2F, said its similar
to how HTML loads external resources, and its actually slightly
different in that is does POST not just perform GET
... i am not sure how to word the security warning
... its really an issue about systems outside of
webmention
... anyone have any suggestions?
tantek: i just read the updates
on the issue, and in terms of the post vs get. There is one
more place in HTML you can get similar data. That is Forms. its
possible to POST cross site that way
... and presumably HTML has to say something about that
... we could just reference HTML and say that it follows HTMLs
security concerns
aaronpk: okay, i can take a look at that and hope i find something there
<KevinMarks> is xmlhttprequest relevant too?
eprodrom: yeah, i'm just
wondering if we can make this more general as tantek suggests.
I don't think describing each and every possibility is worth
it. but noting that a sender can get anyone to post to
... something like "this is an URL that someone is giving to
you, and you can't fully trust that"
tantek: its acting just like a
browser would when doing a cross-site form POST
... and maybe we just say we should follow the same method
browsers use
... at least implementers can look at that as a starting
point
eprodrom: it would be nice to find some common language and point to that rather than having to rewrite it all in webmention
tantek: exactly, thats why i say point to HTML unless someone can come up with some way that its actually different
eprodrom: aaronpk, with webmention, are there other issues?
aaronpk: one more
<aaronpk> https://github.com/aaronpk/webmention/issues/14
aaronpk: #14, the thread is long
but the end of it describes it, basically webmention only
requires that source and target exist and doesn't use anything
else. Right now there is no access token or cookies or
anything
... there is a concern that if a webmention request accidently
does have credentials in it, someone might be committed to
something they might not be aware of
... however i don't want to disallow tokens, as it will be
important for private webmentions
tantek: this happens in CSS a
lot, there is some potentially advanced feature that we are not
ready for, but we want to allow for, but its to put in a note
saying this spec does not define any handling for webmentions
that may have additional headers such as authentication headers
such as ... etc
... by specifically saying that the spec doesn't specify any
special handling, you are basically saying If you implement
with them, thats fine
... that leave the possibility open
... just say "this specification does not define ....."
aaronpk: will that handle the origianl issue? is sandro on the call since he commented on it before.
eprodrom: i'm not sure i understand, leaving authentication open, or unspecified, i'm not sure i understand henry's point here, can you break that down?
aaronpk: i can try. He is saying that there is a risk of (as source and target are not uris) the target page could use query parameters in the webmention url you could send any specific values you want
eprodrom: so he wants to disallow authentication why?
aaronpk: no its that it could generate a generic post to some endpoint that could do some action
eprodrom: ahh, i see, if you are
logged in, you browser could send your cookies etc
... so if i provide the webmention URL that could be set to
"friend someone on facebook" etc
... i've always thought of webmention for server to server
only
<Zakim> tantek, you wanted to also note webmention forms people are using on their blogs
aaronpk: me too, but its possible that the server could include cookies
tantek: there is also a growing
practice by many to include a form on their site that says
"paste your URL here to send me a webmention"
... to allow people who don't support webmention yet to still
send a webmention. thats the one existing scenario i know of
where there is a browser sending a webmention
... so maybe thats worth mentioning that its only to the site
its on
... thats again something that seems HTML level, and not
specific for webmention
aaronpk: thats exactly html, this is a standard XSS issue. so maybe the solution is the same as issue 20 which is about preventing these cross site posts
eprodrom: i think thats probably
best, saying there is a possibility of XSS here and take
necerssary precautions to avoid that
... i realize the issues tend to be pretty esoteric, but thats
probably a good sign that we covered the low hanging
fruit
... thats the end of the agenda for today, any other discussion
items for today?
*crickets*
scribe: i can get into tracker but i don't think there is anything new there
hearing nothing, we can... oh, tantek?
<eprodrom> Arnaud: ?
<Arnaud> I am
tantek: i thought i saw arnaud on the call maybe we can get it resolved now who is chairing next week?
<Arnaud> yes
Arnaud: yes, i can do it next week
<annbass> thanks Evan and Ben!
<eprodrom> Thanks for scribing, ben_thatmustbeme
trackbot, end meeting
<eprodrom> ben_thatmustbeme++
<Loqi> ben_thatmustbeme has 137 karma
This is scribe.perl Revision: 1.144 of Date: 2015/11/17 08:39:34 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found ScribeNick: ben_thatmustbeme Found Scribe: Ben Roberts Default Present: tantek, annbass, ben_thatmustbeme, aaronpk, Arnaud, eprodrom, tsyesika, KevinMarks Present: tantek annbass ben_thatmustbeme WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 29 Mar 2016 Guessing minutes URL: http://www.w3.org/2016/03/29-social-minutes.html People with action items:[End of scribe.perl diagnostic output]