Meeting minutes
Components
<martin> Open PRs for UI components: https://
Zitao_Wang: martin has sent PRs
… any comments?
Dan_Zhou: working on Addressing
… haven't looked at the Components PRs yet
Zitao_Wang: MiniApp Components will be a Note
… next step is to talk with the Web Components folks
Dan_Zhou: I will review these PRs before next week
… and will either approve or comment on them
martin: if you see anything you want to change, just comment on the PRs
… I'll iterate
Addressing
Dan_Zhou: when I update the Addressing explainer last year
… I found some issues
… @@ origin needs help
[Dan_Zhou shares her screen]
Dan_Zhou: when the URI scheme is https, the origin is the part before the first slash
… but the origin should be the whole URL, which includes the platform, miniapp name, and miniapp platform
… there are differences between URL origin and miniapp origin
Zitao_Wang: I think we can talk about it later to see how we can harmonize
… thank you
Manifest and Packaging
martin: no activity on manifest
… about Packaging
<martin> w3c/
martin: would like to address the comment from the privacy review
… this is not related to the TAG review
… but it is an issue we need to solve
… to protect the user's privacy we should clear the data
… it's referring to the Lifecycle spec
… unless you have any objections, I would like to merge it
Dan_Zhou: +1
martin: when the Lifecycle spec is updated, I'll update the Packaging spec
QingAn: I've submitted a PR to the Lifecycle spec
… please take a look
<martin> w3c/
TAG's comments on MiniApp specs
Zitao_Wang: I think people have reviewed this and understand the issue around origin model
… martin, can you introduce your idea?
martin: most of my comments are related to the use cases
… the first one is about the origin model
… if the miniapp protocol is http/https we can preserve the origin model
… user agents can implement this
… in this case the problem is solved
QingAn: is the miniapp publisher the miniapp platform?
martin: it's where you find the miniapp on the web
… a marketplace, or a web server
… can be accessed using https
QingAn: I'm not sure if it can address TAG's concern
… if the miniapp publisher is a marketplace, if a miniapp is developed by the marketplace, we can achieve this, but if the miniapp is developed by a third-party developer, I don't think we can achieve this
martin: in this case the origin will be the publisher
QingAn: I discussed this with zitao and dan
… if the miniapp is not developed by the miniapp platform, we should also preserve the origin model
… I think folks from Baidu has a proposal, but they're not ready to present this today
Dan_Zhou: I think the TAG asked us to use the http scheme, not the file scheme
… first we need to make packages use http(s)
Dan_Zhou: my colleegue will talk about it next time
… the second question is end-to-end cryptographically guaranteed scheme
… we need to make the digital signature more secure
… my colleegue will talk about this too next time
… he knows more than me
martin: @@1
… feel free to comment on the issue
… another thing is a new member in the Manifest spec about Content Security Policy
Zitao_Wang: I'm thinking about how the super app is initiating the miniapp
… the miniapp developer develops the miniapp, publish it in the miniapp platform
… if the miniapp publisher can directly uses the miniapp developer's URL, it could just work
… we should think about whether it works
… maybe it can help move forward
martin: if you want to comment on the issue, I think we can continue the discussion offline
… if you want to organise a special meeting, I'm also OK with it
Zitao_Wang: I think it is a really important issue and we need to address it
QingAn: for the thrid point ZIP, martin, do you think we should continue using ZIP?
martin: when we started working on the spec, the requrirement was to use ZIP
… if there's strong objection on using ZIP then we could change it
… I'd be happy to evolve the document based on your comments
QingAn: I think this comment is not a blocking issue comparing with the first and second one
… but my suggestion is that if we can reuse the web bundles spec it can help resolve this issue
… not sure if it's possible, but just an idea
Zitao_Wang: most MiniApps use ZIP
… Bilibili and Bytedance might have ways of streaming a miniapp
… I'll talk with them
… I agree with you that #1 and #2 are more important
<Github> w3c/
<Github> w3c/
QingAn: we can have a separate meeting next week on the TAG feedback
… since we're recharting the group, this could help reducing potential objections on rechartering the WG
xfq: Looking forward to this discussion to clarify the blocking issues.
TPAC
xfq: I wonder what is your plan for TPAC 2023.
https://
xfq: will we meet at TPAC?
Zitao_Wang: maybe we can discuss this on github
Zitao_Wang: We need to think on this, it could be possible. I think we should be there.
martin: I'll be there, for sure
Dan_Zhou: for me it's a little bit difficult
martin: good food, good whether, nice people here in Spain!
martin: the event we organised in Spain was a really nice event
… organised by the W3C Spanish Chapter
… the local authorities were there
… many people were interested in W3C technologies
… tom presented pwa and fugu
… QingAn presented MiniApps for IoT
… three different orgs asked me to repeat the event in Spain
… it was really good
Zitao_Wang: if you have videos or other resources please share it with the group
martin: I'll create a report
… and a 4-minute video
So far this is the video posted by W3C Spain: https://
AOB
Next meeting, April 27
+1 27