15:39:20 RRSAgent has joined #json-ld 15:39:20 logging to https://www.w3.org/2019/06/07-json-ld-irc 15:39:21 rrsagent, set log public 15:39:21 Meeting: JSON-LD Working Group Telco 15:39:21 Chair: azaroth 15:39:21 Date: 2019-06-07 15:39:21 Agenda: https://lists.w3.org/Archives/Public/public-json-ld-wg/2019Jun/0002.html 15:39:21 ivan_ has changed the topic to: Meeting Agenda 2019-06-07: https://lists.w3.org/Archives/Public/public-json-ld-wg/2019Jun/0002.html 15:41:06 present+ 15:41:36 rubensworks has joined #json-ld 15:42:33 ivan_ has joined #json-ld 15:43:34 ivan_ has joined #json-ld 15:44:10 rrsagent, who is here? 15:44:10 I'm logging. Sorry, nothing found for 'who is here' 15:44:19 present+ 15:50:55 regrets+ gkellogg 15:50:59 regrets+ dlongley 15:53:29 pchampin has joined #json-ld 15:56:51 present+ 15:57:45 present+ 15:58:00 present+ 15:58:10 present+ rubensworks 16:00:03 timCole has joined #json-ld 16:00:12 workergnome has joined #json-ld 16:01:31 scribe: timCole 16:01:36 present+ timCole 16:01:42 present+ 16:01:49 TOPIC: Approve minutes of previous call 16:02:02 PROPOSAL: Approve minutes of the previous call https://www.w3.org/2018/json-ld-wg/Meetings/Minutes/2019/2019-05-31-json-ld 16:02:03 +1 16:02:04 +1 16:02:05 +1 16:02:06 +1 16:02:15 +1 16:02:16 +1 16:02:23 RESOLVED: Approve minutes of the previous call https://www.w3.org/2018/json-ld-wg/Meetings/Minutes/2019/2019-05-31-json-ld 16:02:31 TOPIC: Announcements / Reminders 16:02:39 SUBTOPIC: TPAC 16:02:52 present+ 16:03:10 azaroth: TPAC registration is open. Please remember to register before 21 June close to early registration 16:03:24 ... this is earlier than usual because TPAC is in Sept 16:03:57 ... any other announcements? 16:04:10 SUBTOPIC: Horizontal Review 16:04:22 ajs6f has joined #json-ld 16:04:26 present+ 16:04:32 ivan: we really need to get the horizontal reviews done in a timely fashion 16:04:50 ... don't expect issues but reviewers will appreciate if we get to these early 16:05:34 ... we need somebody for security and privacy 16:05:59 ... privacy wants our person to attend IG call and gives an overview 16:06:32 ... we would like people for horizontal reviews to volunteer asap 16:06:52 regrets+ simonstey 16:07:00 azaroth: happy to volunteer (depending on time) but would be good to have Greg and others help 16:07:23 q? 16:07:27 pchampin: also happy to help but less comfortable about API 16:08:03 ivan: Rob should send email to privacy group asking time when they can fit us on their agenda 16:08:30 ... probably Rob and pchampin for sure, Ivan and Greg as available 16:08:43 ... same thing for security - they'll come to us 16:08:56 ... for accessibility we start with their questionaire 16:09:08 https://w3c.github.io/apa/fast/checklist.html 16:09:37 ... once this is done then we contact them as next step 16:10:14 azaroth: one person will need to take lead on filling out questionaire - others could be on irc to help 16:11:04 ... so, we should ask Greg about availability when he gets back 16:11:09 q+ 16:11:24 ack ivan 16:11:27 ... Rob and Pierre-Antoine will do best to make themselves available 16:11:36 ... other volunteers would be appreciated. 16:11:55 SUBTOPIC: I18N 16:11:58 ivan: we will need one more to work with internationalization 16:12:35 ... the big issue we may have is ability to add base string direction 16:12:59 ... (Rob should still contact soon to deal with any other issues) 16:13:18 reference: https://github.com/w3c/json-ld-syntax/issues/11 16:13:30 ... with regard to string direction this is coming up with a lot of WGs and we have talked about it in this WG 16:14:02 ... we should discuss next week when Greg is back and we've had a little more time to catch up on topic 16:14:24 -> https://w3c.github.io/rdf-dir-literal/ discussion on direction issue 16:14:27 azaroth: any other issues or announcements 16:15:08 TOPIC: Issues 16:15:39 azaroth: tried to pick issues for this week less related to API and more related to syntax and policy 16:15:43 SUBTOPIC: Profile IRIs 16:15:53 https://github.com/w3c/json-ld-syntax/issues/170 16:16:03 q+ 16:16:16 ack ivan 16:16:32 ivan: one background - transition calls with WOT people 16:16:45 ... they were interested in a profile for their own needs 16:16:51 present+ 16:17:04 ... but what came up is what is policy with regard to what is said in W3C documents 16:17:47 ... by default each WG has its own profile space (e.g., ns/jsonld...) 16:17:57 ... and that's it 16:18:18 azaroth: there are profile URIs (e.g., Web Annotation) 16:18:35 ... if you don't understand it, you must ignore it 16:18:36 q? 16:19:34 PROPOSAL: Accept #170, with the clarification that processors MUST ignore IRIs that that they do not recognize, and that json-ld* IRIs are reserved for future WG use 16:19:45 +1 16:19:46 +1 16:19:46 +1 16:19:49 +1 16:19:53 +1 16:20:02 +1 16:20:08 +1 16:20:19 +1 16:20:21 +1 16:20:27 RESOLVED: Accept #170, with the clarification that processors MUST ignore IRIs that that they do not recognize, and that json-ld* IRIs are reserved for future WG use 16:21:21 azaroth: Action to implement this resolution is on pchampin or greg 16:21:27 ACTION: pchampin to update syntax with issue #170 resolution 16:21:43 SUBTOPIC: Compact IRIs and URI Schemes 16:22:01 https://github.com/w3c/json-ld-syntax/issues/177 16:22:22 azaroth: we discussed this a few weeks ago, but only to point of introducing the issue. 16:22:29 ... hopefully people have thought about it 16:22:57 ... the issue is that IRI schemes that don't start with // are seen as compact IRIs 16:23:20 ... e.g., icon:... is seen as a compact IRI not a full IRI 16:23:43 ... we could define these as undefined (rather than a prefix) 16:24:07 q+ 16:24:18 ack ivan 16:24:20 ... this approach adds a little security without banning all non // schemes 16:24:32 q+ 16:24:54 ivan: I don't fully understand - so in your example in the issue, what's the role of protected 16:25:13 ack bigbluehat 16:25:21 azaroth: avoids someone stealing the meaning of prefix (e.g., mailto:) 16:25:51 bigbluehat: the goal is to allow continued use of these kinds of IRI prefixes 16:26:17 q+ 16:26:23 q+ 16:26:33 azaroth: having it in the context seems a good solution since it allows you to specify only the scope where you use the scheme 16:26:38 rather than everywhere 16:26:44 ack pchampin 16:26:50 bigbluehat: yes, it is good to scope this 16:27:13 pchampin: it seems to me the protected approach would not be very efficient 16:27:57 ... I'm not sure I fully grasp the use cases, but it seems you still get around protected 16:28:35 ... the only way to really protect against redirection of mailto: is to protect the individual properties (e.g., email) 16:28:55 azaroth: so you say that email values not to be expected 16:29:17 q? 16:29:18 ack ivan 16:29:19 pchampin: not sure this requires anything additional since we already have prefix 16:29:28 ... seems a matter of best practice 16:29:57 ivan: in the example you have two approaches nul and prefix=false 16:30:29 azaroth: probably prefix=false, this works well since we already have prefix 16:30:34 ivan: do we? 16:30:42 azaroth: issue 76 16:30:48 ref;: https://github.com/w3c/json-ld-api/issues/76 16:31:10 a more efficient protection would be { "email": { "@id": "http://example.org/emailAddress", "@type": "@id", "@protected": true, "@context": { "mailto": { "@prefix": false } } } 16:31:24 q? 16:31:34 ... proposal was made to add prefix with 3 allowed values (one of which would be false, as required by issue 177) 16:32:27 ... the issue in doing this was that you need to have an @id, which is why we might still need @id nul 16:32:48 ... seems like we shouldn't need that if prefix: false 16:32:56 q? 16:33:00 q+ 16:33:03 ack rubensworks 16:33:13 ... Pierre-Antoine, does prefix: false already sufficient? 16:33:19 pchampin: not sure 16:33:37 rubensworks: doesn't seem to work right now 16:33:58 azaroth: but maybe it protects against intentional mischief 16:34:24 ... anyone willing to take action to verify that prefix: false does work or can be made to work? 16:34:59 pchampin: okay, put this action on me 16:35:28 ACTION: pchampin to test if `@prefix: false` without `@id` works as expected 16:35:42 q+ 16:36:03 dlehn: find it a little hard to understand the attack line here 16:36:31 ... if we assume all contexts are a risk, seems a bigger problem 16:36:58 ... protect should be more about extension and override 16:37:34 azaroth: we have run into this issue with regard to content being incorrectly expanded 16:37:37 q+ 16:37:43 ack dlehn 16:37:45 ack bigbluehat 16:38:15 bigbluehat: not directly on point, but it feels like a lot of our issues have had to do with managing context intermingling 16:38:34 ... we may need to zoom out a little 16:39:09 ... while there are issues here it seems like its about trust of contexts, ownership of contexts, etc. 16:39:38 ... this fragility that is still there is where we may have issues with security and privacy reviews 16:40:06 ... I sometimes feel like we're applying pressure to the wrong part of the ecosystem 16:40:26 ... it's not clear the role and motivation of the actors 16:40:51 ... so maybe we need a broader view 16:41:09 ... would not be an issue if you always trusted the context file you reference 16:41:38 azaroth: not certain about that. If you define mailto: you need to undefine it elsewhere in your instance 16:42:01 bigbluehat: so this is partly about remixing within instance / context 16:42:46 azaroth: I think at least we need to determing how prefix: false works without @id or @id: nul 16:43:29 q+ 16:43:31 ... need to be able to treat these as resource IRI when you want to 16:43:33 ack ivan 16:43:54 ivan: I share bigbluehat's concerns in a general way 16:44:19 ... for this issue you are asking if prefix: false solves current issue 16:44:54 ... since prefix is a 1.1 key, we need it to work as we want and so if it's not working that way now, let's make it work 16:44:59 q? 16:45:05 the questions becoming: is it possible (i.e. not over-complicated) to implemet `@prefix` to work like this 16:45:25 azaroth: the action should allow us to do this 16:45:51 q+ 16:47:07 pchampin: i just realized during discussion we have already introduced redefining a term that looks like an IRI because no useful use case for doing this 16:47:44 ... in a way this desire to limit prefixes that are sometimes used as schemes 16:48:05 ... not clear how critical the use cases are 16:48:17 q+ 16:48:21 ack pchampin 16:48:32 ... may confuse users to say some IRIs cannot be anything else, but some could be compact IRIs in disguise 16:49:15 ivan: does this mean we should have a list of prefixes that are schemes? 16:49:28 pchampin: no, trying hard not to say that 16:49:39 ... current rule is scheme:// 16:49:54 ... and this is clear cut, non-ambiguous 16:50:27 ... it might be confusing to do this for non // schemes 16:50:51 azaroth: so our approach is to leave this to context authors rather than trying to maintain a universal list 16:51:07 ... this will almost certainly come up in security horizontal review 16:51:20 ... it would be nice to solve or improve it 16:51:39 ... if prefix: false works, we're done 16:51:45 PROPOSAL: If `@prefix: false` works, then we can turn 177 into a best practice. If not, then 177 becomes an issue to improve `@prefix` to allow it. 16:51:51 +1 16:51:52 +1 16:51:52 +1 16:51:53 +1 16:51:54 ... otherwise we have to improve prefix: false so it does work 16:51:57 +1 16:52:00 +1 16:52:05 +1 16:52:14 +1 16:52:16 +1 16:52:18 RESOLVED: If `@prefix: false` works, then we can turn 177 into a best practice. If not, then 177 becomes an issue to improve `@prefix` to allow it. 16:52:53 SUBTOPIC: IRI expansion 16:53:07 ref: https://github.com/w3c/json-ld-syntax/issues/191 16:53:45 azaroth: essentially, what I took away from this issues, is that what is wanted is a way to set defaults per prefixe 16:54:00 ... e.g., everything with x prefix, everything is a list 16:55:05 ... since we declare intent to close to new features (after last published draft) 16:55:19 q+ 16:55:23 ... so, can we defer this? 16:55:24 q- 16:55:25 ack bigbluehat 16:55:30 ... or is it a bug we have to address 16:55:51 bigbluehat: the use of this seems to want ad hoc terms mixed in with the prefix declaration 16:56:04 ... the first example seems that way 16:56:32 q+ 16:56:35 ... seems he could get same result with slightly more verbose (less confusing) instance 16:56:36 ack ajs6f 16:56:56 ajs6f: this reminds me of java server ads 16:57:07 s/ads/tags 16:57:26 ... not clear that this is something json-ld was supposed to do. 16:57:47 ... this seems to be about complex structures, almost transformative 16:57:59 q+ 16:58:03 ack ivan 16:58:06 ... this is not the focus of json-ld. important to do, but not really our intent here 16:58:34 ivan: so what I understood from the issue is that this is not a bug, but really is a new feature 16:58:45 q+ 16:58:49 ack ajs6f 16:59:02 ... so the answer should simply be that we defere because of the feature freeze and avoid discussing the details 16:59:05 q? 16:59:13 ajs6f: should we send to CG 16:59:29 ivan: since we are not closing issue, we don't need to send to CG 16:59:29 q? 16:59:38 ... the person submitting may want to do so. 17:00:19 PROPOSAL: Defer syntax#191 and api#94 as new features after feature freeze 17:00:21 +1 17:00:25 azaroth: will do same for issue in api 17:00:27 +1 17:00:28 +1 17:00:30 +1 17:00:31 +1 17:00:34 +1 17:00:37 +1 17:00:50 +1 17:01:03 RESOLVED: Defer syntax#191 and api#94 as new features after feature freeze 17:01:13 ACTION: azaroth to post blog reference for feature freeze 17:01:14 ivan: please add to issue link to blog where we declared feature freeze 17:01:41 azaroth: can we add mention of feature freeze in repos readme 17:02:24 ACTION: bigbluehat to add feature freeze note to the syntax, api, and framing READMEs and issue template for bugs only 17:02:51 adjourn - next call in a week (azaroth regrets) 17:02:52 TOPIC: Adjourn 17:03:31 rrsagent, draft minutes 17:03:31 I have made the request to generate https://www.w3.org/2019/06/07-json-ld-minutes.html ivan