14:50:12 RRSAgent has joined #webmachinelearning 14:50:17 logging to https://www.w3.org/2026/05/14-webmachinelearning-irc 14:50:17 RRSAgent, make logs Public 14:50:18 please title this meeting ("meeting: ..."), anssik 14:50:18 Meeting: WebML CG Teleconference – 14 May 2026 14:50:23 Chair: Anssi 14:50:30 Agenda: https://github.com/webmachinelearning/meetings/blob/main/telcons/2026-05-14-cg-agenda.md 14:50:34 Scribe: Anssi 14:50:39 ScribeNick: anssik 14:50:50 Present+ Anssi_Kostiainen 14:50:54 RRSAgent, draft minutes 14:50:55 I have made the request to generate https://www.w3.org/2026/05/14-webmachinelearning-minutes.html anssik 14:54:15 JeffWhelpley has joined #webmachinelearning 14:55:45 Present+ Jeff_Whelpley 15:00:22 Present+ Guru_Singh 15:00:23 Present+ Mike_Wasserman 15:00:35 Present+ Wenson_Ssieh 15:00:53 Mark_Foltz has joined #webmachinelearning 15:01:00 Present+ Chris_Needhan 15:01:05 Present+ Mark_Foltz 15:01:23 cpn has joined #webmachinelearning 15:01:27 Present+ Mark_Foltz 15:01:52 Present+ Ben_VanderSloot 15:02:06 Present+ Iris_Johnson 15:02:06 bvandersloot has joined #webmachinelearning 15:02:12 domfarolino has joined #webmachinelearning 15:02:19 Present+ Dominic_Farolino 15:02:32 Present+ Yongjun_Zhang 15:02:41 brwalder has joined #webmachinelearning 15:02:46 Victor has joined #webmachinelearning 15:02:47 Present+ Victor_Huang 15:02:48 present+ Chris Needham 15:02:50 gurusingh has joined #webmachinelearning 15:02:51 present+ Benjamin_VanderSloot 15:02:59 AlexN has joined #webmachinelearning 15:03:07 Present+ Alex_Nahas 15:03:07 iris has joined #webmachinelearning 15:03:19 RRSAgent, draft minutes 15:03:21 I have made the request to generate https://www.w3.org/2026/05/14-webmachinelearning-minutes.html anssik 15:03:38 Anssi: as a reminder, we'll use IRC-based queue management in this meeting: 15:03:42 -> https://www.w3.org/guide/meetings/zakim.html#speakerqueue 15:03:49 present+ Guru_Singh 15:03:56 Anssi: to suggest agenda topics, use Agenda+ label, e.g.: 15:04:02 -> Agenda+ https://github.com/webmachinelearning/webmcp/labels/Agenda+ 15:04:18 Anssi: welcome to the new participants to the group: 15:04:23 ... Sarah Drasner from Google 15:04:28 ... Guru Singh and Cathy Li from Meta 15:04:38 ... Chandi Cumaranatunge and Phillip Long from Arizona State University 15:04:44 ... Arham Awan, Sean Brunnock, Thomas Jones and Simeon Vincent as individuals 15:04:51 ... welcome all to the WebML Community Group! 15:05:06 Topic: WebMCP 15:05:11 gb, this is webmachinelearning/webmcp 15:05:11 anssik, OK. 15:05:16 Subtopic: WebMCP early wide review 15:05:38 Anssi: due to strong interest in WebMCP at large, we are planning to do an early wide review of the spec to gather feedback from a broader audience 15:05:56 ... this includes W3C's horizontal groups such as Accessibility, Internationalization, Privacy, Security, and the TAG 15:06:04 Ehsan has joined #webmachinelearning 15:06:19 ... input from the broader web community, web developers and users, will be considered by the group as well 15:06:49 ... and I ask all participants to help with gathering such feedback through their channels and bring it to the group for consideration, including experimental implementations and prototypes 15:06:55 ... we are tracking related issues in the WebMCP repo with the following labels: 15:07:01 -> https://github.com/webmachinelearning/webmcp/labels/a11y-tracker 15:07:05 -> https://github.com/webmachinelearning/webmcp/labels/tag-tracker 15:07:10 -> https://github.com/webmachinelearning/webmcp/labels/i18n-tracker 15:07:16 -> https://github.com/webmachinelearning/webmcp/labels/privacy-tracker 15:07:16 alispivak has joined #webmachinelearning 15:07:20 -> https://github.com/webmachinelearning/webmcp/labels/security-tracker 15:07:49 Anssi: I encourage the group to help triage issues with these labels, and to bring up any issues that you think should be part of the early wide review 15:08:04 ... I will work with the editors on a plan how to reach out to the groups when we are ready to start the reviews 15:08:28 ... many of these horizontal groups expect some pre-work, and we will need to prepare for that, e.g. make sure the explainer is up to date, and that we have a clear list of issues that we want to get feedback on 15:08:34 ... I will reach out to the chairs of the respective horizontal groups to give a heads up on our plans 15:09:06 ... W3C Process does not require CG work to go through a wide review, but I think it's important to get early feedback for this spec, given the potential impact on the web platform and the strong interest from the broader web community 15:09:27 ... do folks have a preference with respect to the priority order of the reviews? 15:09:29 whsieh has joined #webmachinelearning 15:09:33 q+ 15:09:35 ack anssik 15:09:37 q+ 15:09:41 ... we already have engaged with the TAG, Security IG and i18n WG, so we could start with those groups 15:09:44 ack domfarolino 15:10:06 Dominic: we had discussion with the TAG, I'd like to get a formal review from them for the spec 15:10:46 ... Johann may know about security threat model for WebMCP, that artifact exists in our heads, we can document that and work with the Security IG 15:10:59 Johann: no update yet on formal threat model 15:11:09 Dominic: do we have a draft yet? 15:11:13 Johann: not yet 15:11:15 johannhof has joined #webmachinelearning 15:11:24 Dominic: let's coordinate on that 15:12:35 Anssi: Johann would you like to own the threat modeling exercise? 15:12:48 Johann: I understood Simone was interested in working with us 15:12:49 JakeA has joined #webmachinelearning 15:12:57 ... Victor could also be interested 15:13:19 Victor: I would be interested, I did understand this is a new exercise 15:14:23 Johann: we could move the S&P Considerations markdown that Victor initiated is already pretty solid, we could use it as a starting point for the Security review and threat model 15:16:38 BenjaminV: could help fill in S&P questionnaire 15:18:51 +1 15:18:57 RESOLUTION: Group starts WebMCP early wide review with the TAG, Security IG/WG, Privacy WG. 15:19:31 Subtopic: Consider making registerTool() return a Promise 15:19:35 Anssi: issue #175 15:19:37 https://github.com/webmachinelearning/webmcp/issues/175 -> Issue 175 Consider making `registerTool()` return a Promise (by domfarolino) [Agenda+] 15:19:48 ... Domenic proposed that registerTool() should return a Promise due to cross-origin iframe integration, already asynchronous by nature 15:20:05 ... most importantly, this would help with forward compatibility, enable reporting on failure cases ergonomically 15:20:21 ... alternative proposed design would be signal failures through the ontoolchange attribute 15:20:27 ... yet per issue discussion everything points to the Promise-based design as the more ergonomic and forward-compatible approach 15:20:28 q? 15:21:02 Dominic: I think myself and Francois are aligned, we want to hide sync failures behind a microtask, ontoolchange is not at odds with this proposal 15:21:08 q? 15:21:20 Is the S&P questionnaire needed for TAG review? 15:21:26 +1 15:21:56 +1 15:21:59 RESOLUTION: Make registerTool() return a Promise for forward compatibility and improved ergonomics. (issue #175) 15:22:15 Subtopic: Hint for reversible or consequential actions 15:22:19 Anssi: issue #176 15:22:20 https://github.com/webmachinelearning/webmcp/issues/176 -> Issue 176 Hint for reversible or consequential actions (by johannhof) [Agenda+] 15:22:33 ... currently read v write actions are differentiated with readOnlyHint only 15:22:41 ... Johann points out this does not align too well with the Human in the Loop principles 15:23:05 ... per HCI guidelines, humans like to undo things when they explore user interfaces, the agents should be able to do the same 15:23:32 Johann: I'd like to hear from Ben and Victor on their thoughts 15:23:40 q+ 15:23:44 ... we seem to agree reversible is the correct signal 15:23:54 ... destructive isn't too far off was another comment 15:23:55 q? 15:23:57 ack Victor 15:24:01 q+ 15:24:22 Victor: I think destructive, per historical discussion, it can from a bucket of things, he just made it happen 15:24:37 ... CRUD construct motivated that design 15:25:12 ... on the front of whether reversible is the right thing for this API, consequential could be too loosely applies 15:25:27 ... reversible is bigger could, consequential is a subset 15:26:01 Johann: nuances in each of these hints, example for each that won't perfectly fit 15:26:07 ... example use case: drafting an email is reversible, while sending is not 15:26:23 ... what is creating a calendar invite that goes to other people? 15:26:42 ... a ton of nuance on these examples 15:27:38 reversible seems the best match, could also argue we want to go with what MCP spec uses 15:28:00 Victor: calendar use case could be both consequential and destructive 15:28:08 ... combined together 15:28:50 ... I think MCP has openWorldHint, does not make sense for the web that is always open world 15:29:28 ... maybe we bring in destructive and add a similar semantic such as "open world" 15:29:43 Johann: make it something like action is "noticeable by other peoples" 15:30:03 ... not sure if there's enough use cases for destructive in the narrowest sense 15:30:18 q? 15:30:42 Dominic: we want to reduce actions the agent can do 15:31:19 ... maybe there's a use case for all the actions, semantics or hints are hard to get apply to all use cases 15:31:49 ... lifting the user interaction action from the tool's implementation to the registration seems clearer to me 15:32:30 Johann: I think the idea is user agents may make some rules based on security state, having that available at runtime so the website could decide if it should confirm with the user 15:32:54 Victor: pushing people to use requestUserInteraction seems wrong 15:33:04 ... "I have made my decision with the agent" 15:33:21 ... pushing people to do user interaction, you force developers to a specific UX 15:34:06 q+ 15:34:11 Dominic: makes sense, maybe this is covered by tool description, "this calendar event may be booked with someone important that cannot be taken away" 15:34:47 ... embed hint to description, agent would get more context this way filling the user's intent 15:35:00 ack bvandersloot 15:35:03 q+ 15:35:22 BenjaminV: I want to push back on the idea everything is open world, for example, adding to the shopping cart 15:35:47 ... question is do you try to mimic the regular MCP trying to get some level of synergy there 15:36:12 ... I like Dominic's alternative of readOnlyHint imply "no user interaction" 15:36:35 ... lifting the context out and making it explicit what it does makes more sense to me, unless you want to stick to the regular MCP interface 15:36:36 q? 15:36:41 ack Victor 15:36:51 q+ 15:36:57 Victor: either boolean or enum 15:37:14 ... you could filter all tools and do only readOnlyHint research 15:37:36 ... you can deterministically do that, boolean or something that can be iterated on 15:37:49 ack johannhof 15:38:04 Johann: pushing back on free text to the agent, this is not meant for the model 15:38:34 ... we are in an environment were we trust the model less, not show you the tool that do certain actions 15:38:35 q? 15:38:37 ack bvandersloot 15:39:18 BenjaminV: we should try to have a property that requestUserInteraction inside a call means the user will always going to see it 15:39:28 ... abusive site could be hammering away 15:39:28 q? 15:40:01 Victor: I should narrow down on the set we want to add 15:41:59 Johann: there will be agents with no capacity of big tech first, we want to allow also simpler agents to be compliant 15:42:10 +1 15:42:14 +1 15:42:16 Present+ Reilly_Grant 15:42:18 +1 15:42:28 Subtopic: Support cross-frame tool enumeration and composability while handling name collisions 15:42:32 Anssi: issue #160 15:42:33 https://github.com/webmachinelearning/webmcp/issues/160 -> Issue 160 Support cross-frame tool enumeration and composability while handling name collisions (by markafoltz) [Agenda+] 15:42:46 ... this is how to allow enumeration of tools across frames without name collisions 15:42:51 ... MarkF did the initial investigation and proposed three possible solutions 15:43:05 ... in follow-ups I see Dominic suggesting a postMessage() inspired security model 15:43:37 Dominic: "getTools() returns a flat list of tool objects, each containing at least the WindowProxy or origin of the source that registered the tool." 15:43:51 MarkF: tool enumeration steps should address this issue 15:44:04 q+ 15:44:08 Dominic: I will update the spec and explainer accordingly 15:44:08 q? 15:44:24 ack reillyg 15:44:54 Reilly: does not matter for in-browser agents, but for in-page agents, do we want to include that tool enumeration has explicit opt-in for cross-origin tools? 15:45:10 ... so that need to opt-in to possible malicious cross-origin tools? 15:45:27 Dominic: we try to match postMessage semantics, similar security model applies 15:45:52 ... no need to specialize for this, filter inside getTools(), I think 15:46:10 Reilly: I agree 15:46:41 Dominic: we mirror the target origin, and give information who registered the tool 15:47:48 +1 15:47:59 +1 15:48:01 RESOLUTION: Adopt a postMessage() inspired security model for cross-frame tool enumeration, getTools() returns a flat list of tool objects with their source information. (issue #160) 15:48:02 +1 15:48:09 Subtopic: Human in the Loop support for non-browser clients 15:48:12 Anssi: issue #165 15:48:13 https://github.com/webmachinelearning/webmcp/issues/165 -> Issue 165 Human in the Loop support for non-browser clients (by MiguelsPizza) [Agenda+] 15:48:23 ... Alex raised a question about how non-browser clients can support Human in the Loop interactions 15:48:45 ... where HITL is interpreted as "the agent lives in the context of the browser", the agent could be browser's agent, extension agent, iframe agent 15:48:59 ... the initial design is focused on HITL and as a consequence not on automation use cases 15:49:09 ... we're seen emerging interest in automation use cases, including new implementation experience 15:49:22 ... Cloudflare for example experimentally supports WebMCP in their headless Chrome product aka "Browser Run" 15:49:27 -> https://developers.cloudflare.com/browser-run/features/webmcp/ 15:49:48 Anssi: Alex also presented a proposal how a 1P integration between WebMCP and a non-browser-native client such as Claude Desktop, Gemini CLI etc. might look like 15:49:51 ... in this scenario, quoting Alex: 15:50:05 ... "The user might be present but driving from outside the browser, so does this fall into our Human-in-the-Loop domain?" 15:51:04 Alex: thanks Anssi, we see more and more browser automation use cases happen with browser harnesses, E2E testing, a use case worth looking 15:51:28 ... it is difficult to do, if you want to be roped in at some point and get the user's input, not clear how to do that 15:51:36 ... I've seen some deployments of this 15:51:51 ... Cloudflare implementation provides an iframe that allows the user to interact 15:52:03 ... would be great to have a programmatic solution to this 15:52:24 Anssi: BrandonW asks "what the requestUserInteraction primitive would look like in the remote scenario?" 15:52:49 BrandonW: an open question, seems to me the reasonable starting point would be similar to MCP elicitation API 15:53:17 ... we have a similar arrangement, MCP Server does not have UI directly accessible to the user, and that's where elicitation comes in 15:53:48 Dominic: is requestUserInteraction adequate for this if harnesses hook into e.g. Discord 15:54:19 BrandonW: the way requestUserInteraction is spec'd, it is up to the page to present UI and collect that input in local input and do something with that information 15:54:44 ... to make it useful in this scenario, requestUserInteraction would need to carry more information to the agent, know what UI to pop up 15:55:17 Dominic: directly reaching out to the agent would be one possible path 15:55:59 BrandonW: requestUserInteraction is handled within the page, and agent does not need to know that interaction happened, interplay between the page and agent, could use the same code path 15:55:59 q? 15:56:16 Dominic: requestUserInteraction does not do back to the agent, is that the problem here? 15:56:59 BrandonW: yes, to give an example, imagine having a single too, order a product, go to checkout process, form gets presented to the user in the middle 15:57:09 q+ 15:57:11 ... agent just gets the final result 15:57:26 ... from the agent's point of view it is just a tool call with user intervention 15:57:42 Dominic: if user interaction is required, the tool tells the agent what it needs 15:58:24 BrandonW: Kushal shared, a page asking user attention too often can be user by malicious page, a more structure mechanism would help address this malicious use 15:58:26 q? 15:58:36 ack bvandersloot 15:59:32 q? 16:01:13 +1 16:01:13 +1 16:01:28 +1 16:01:30 RESOLUTION: Form a concrete design for user interaction to satisfy non-browser client Human-in-Look use cases. 16:02:14 Topic: Prompt API 16:02:18 gb, this is webmachinelearning/prompt-api 16:02:18 anssik, OK. 16:02:41 Anssi: I wanted the group to pay attention to the TAG review issues with recent activity 16:02:57 ... and focus on issues that are both actionable and have a possible interoperability impact 16:03:01 ... let's look at tag-tracker issues with activity in the last 60 days: 16:03:04 -> https://github.com/webmachinelearning/prompt-api/issues?q=is%3Aissue%20state%3Aopen%20updated%3A%3E%40today-60d%20label%3Atag-tracker 16:03:34 Anssi: all issues: 16:03:37 -> https://github.com/webmachinelearning/prompt-api/labels/tag-tracker 16:04:08 MikeW: thanks for bringing these topics, I hope we can have more discussion in upcoming meeting on this API 16:04:14 ... we have made most progress on parameters 16:04:52 ... finding categories to allow clients to find creative behaviours and allow implementers to align on implementations that fit that category with topK etc. 16:05:05 q+ 16:05:16 ... developers are interested in tuning parameters, so we took to heart TAG feedback on this design point 16:05:36 ... we're done basic design and invited developer feedback to explore this categorical preset approach 16:05:49 Anssi: this was issue #170 16:05:50 https://github.com/webmachinelearning/prompt-api/issues/170 -> Issue 170 [Tag Review] - Interoperable model parameters (by etiennenoel) [tag-tracker] 16:05:52 q? 16:05:58 ack bvandersloot 16:06:39 BenjaminV: we had Jake in the room who wrote standards position for this API, the concerns around model tuning and parameter tuning, people designing for one particular model 16:07:49 Anssi: I'd invite feedback to be provided in the spec 16:07:51 -> https://github.com/webmachinelearning/prompt-api/labels/tag-tracker 16:08:23 s/in the spec/in the spec repo 16:08:24 q? 16:08:52 RRSAgent, draft minutes 16:08:54 I have made the request to generate https://www.w3.org/2026/05/14-webmachinelearning-minutes.html anssik 16:09:53 s/we've done/we've done 16:10:32 RRSAgent, draft minutes 16:10:33 I have made the request to generate https://www.w3.org/2026/05/14-webmachinelearning-minutes.html anssik 16:12:02 s/… we're/… we've 16:12:04 RRSAgent, draft minutes 16:12:06 I have made the request to generate https://www.w3.org/2026/05/14-webmachinelearning-minutes.html anssik 16:12:51 s/these topics/these topics for group discussion 16:13:54 Present+ Brandon_Walderman 16:14:35 s/Present+ Chris_Needhan/Present+ Chris_Needham 16:15:30 s/Present+ Wenson_Ssieh/Present+ Wenson_Hsieh 16:15:55 Present+ Sarah_Drasner 16:16:09 Present+ Ehsan_Toreini 16:16:31 Present+ Ali_Spivak 16:16:43 RRSAgent, draft minutes 16:16:44 I have made the request to generate https://www.w3.org/2026/05/14-webmachinelearning-minutes.html anssik 16:18:22 s/Ben_VanderSloot// 16:18:37 RRSAgent, draft minutes 16:18:39 I have made the request to generate https://www.w3.org/2026/05/14-webmachinelearning-minutes.html anssik 16:21:11 s/initiated/initiated to the spec, it 16:21:41 s/Domenic/Dominic 16:22:18 s/be signal/be to signal 16:23:49 s/can from/came from 16:24:05 s/he just made/we just made 16:24:27 s/loosely applies/loosely applied 16:24:53 s/bigger could/a bigger set 16:25:16 s/of nuance/of nuances 16:25:50 s/other peoples/other people 16:26:12 s/get apply/get to apply 16:33:28 i/Subtopic: Support cross-frame tool enumeration and composability while handling name collisions/RESOLUTION: Identify use cases for hints. (issue #176) 16:33:38 RRSAgent, draft minutes 16:33:40 I have made the request to generate https://www.w3.org/2026/05/14-webmachinelearning-minutes.html anssik 16:35:28 s/seen emerging/seeing emerging 16:37:25 s/not do back/not go back 16:37:38 s/single too/single tool 16:38:19 s/user by/used by 16:39:01 s/Human-in-Look/Human-in-the-Loop 16:39:04 RRSAgent, draft minutes 16:39:06 I have made the request to generate https://www.w3.org/2026/05/14-webmachinelearning-minutes.html anssik 18:32:06 Zakim has left #webmachinelearning