<scribe> scribenick: kaz
McCool: looked at number of
issues
... Elena's PR
... should be accepted
... I'll polish the PR update by the f2f
... (goes through the issues)
... brought issue 70 to the TD call as well
... fundamental assumption of URL is immutable
... complicated mechanism
... issue 99 was addressed
... issue 100
... issue 98
... whole bunch of discussions
... mixture of different level
... issue 64, again notification
... f2f
... actions all ongoing
... carry on discussion this week
... would update the action status
... "talk with security guys" to be updated as "IIC Security TF
and W3C Web Security IG"
... "look into URI" is ongoing
... and one typo "would access this PR" to be fixed as "would
accept this PR"
... accept the minutes?
(no objections)
[the previous minutes have been accepted with the above changes]
McCool: Matthias is working on the schedule
McCool: (goes through the
agenda)
... (changes the moderator of PlugFest Security Review to
"McCool/Elena")
... (and Secure Implementation Recommendation to
"Elena/McCool")
Elena: mentions her availability for
the f2f
... can join webex after 11am Korea time
McCool: Monday/Tuesday in CET?
Elena: yes
... Monday/Tuesday/Wednesday after 11am Korea time
McCool: ideally Tuesday
afternoon
... want to talk about the schedule
McCool: (updated the schedule)
... external review and finalization
... final version to be in Nov.
... if we can get extension, +3 months would make sense, i.e.,
Feb. 2019
... regarding external review
... should be Sep-Oct
... if we get 3-month extension, can be Dec-Jan
... would aim the first date (for the first round)
... first external review by Sep-Oct
... good first draft by Nov
... implication here is that we need to have
... first draft for review by end of Aug
... meaning in 2 months
... next release after the Bundang f2f, i.e., mid-July
... empty sections can be kicked out from the review
McCool: talked with IIC guys
... Dave is the liaison contact for IIC
... would like security review
... actually 3 topics
... security topics, semantic interoperability, use
cases/testbeds
... used to know one of the guys
... we can hopefully get something scheduled
... getting someone to review
... can negotiate the timing
... also W3C Web Security IG
... questions/comments?
(none)
McCool: would open a new PR
... working->master 2018.06.25
... update, prior to Bundang plugfest
... can merge this?
(no objections)
McCool: merges PR 104
McCool: (adds comments to issue 102)
McCool: should cover both security and privacy
McCool: authorize users
... then mitigate privacy issues
... associate new things
... comments?
Elena: no
McCool: custom login page
... you have to put parameters
... we need to do something about this
... one of the issues
... associate semantic meanings
... need to be able to associate common variables
... URL template kind of assume the same
... annoying assumption
[[ parameters with fixed names that the system "knows" mean certain things. But then you run into the problem of what to do it those names don't match what is needed in the query parameter (eg if the "special name" in the TD is "password" but the API needs the query parameter "pw"... I have to look to see if there are URI templates that let you separately specify the name and the value, as I mentioned in the meeting.
]]
McCool: suspended issue
McCool: would put a label
... (adds a new label of "SUSPENDED")
... will leave open but suspend action on it unless we see an
actual use case
... marked as "SUSPENDED" which means "won't fix unless someone
comes up with a use case that needs it"
McCool: potentially superseded by security by IIC
McCool: think this is resolved but we
should wait until after the Bundang plugfest
... and implementation feedback from Matthias
... one issue is dealing with both protocol-aware proxies
(e.g., HTTP Proxy) and transparent (application-level)
proxies
... may require different strategies
McCool: a little bit old
McCool: Matthias suggested we merge
this issue with issue 80
... need to leave it open until we talk with Matthias again
McCool: maybe we can close
this?
... will leave interledger out in this version
... not clear interledger in particular will also be
standardized in time
... maybe next version
Kaz: do we want to add some specific label for that purpose?
McCool: (adds "DEFERED" label)
McCool: suspended
... (adds "SUSPENDED" label)
McCool: documentation thing
McCool: (responds to @jasonnovak on the GH issue 71)
McCool: immutable hardware
identifies
... there was some discussion about this
... unique identifier by hash would be easier to clarify the
dependency
... have to have update mechanism
... things can identify who get access, etc.
... another counter proposal by linked data community
... would keep this issue open at the moment
... bunch of stuff to look at
... maybe next time we should talk about issue 67
... any questions? concerns?
(none)
McCool: we should discuss privacy
mitigation
... and may discuss proposals by the main call on
Wednesday
... will move to adjourn the call
[adjourned]