From W3C Wiki

Social Web Working Group Teleconference

28 Jun 2016

See also: IRC log


sandro, annbass, tantek, akuckartz, rhiaro, aaronpk, cwebber, bengo, tsyesika, !
annbass, ben_thatmustbeme


<cwebber2> hi

<aaronpk> is the audio dropping periodically for anyone else? or is that my wifi?

<annbass> scribenick: annbass

<cwebber2> aaronpk, seems fine for the minute I've been in

<aaronpk> calling back in..

approval of minutes from F2F and last week's meeting


F2F was 6-6 and 6-7, but first day minutes were already approved

this vote is for 6-7

<aaronpk> back

tantek clarifying when resolved to take micropub to CR

aaronpk: we did that last week

<rhiaro> We checked the mintues but we basically just screwed up the wording of the proposal

<aaronpk> that wasn't me

<discussion and clarification>

<aaronpk> ugh having more audio issues. trying again.

tantek: any other questions or issues?

<rhiaro> +1

<bengo> +1

<tsyesika> +1

vote to approve ..

<KevinMarks> +!


<KevinMarks> +1 even

<cwebber2> +1

minutes approved

next: minutes from 6/21 meeting...

(last week)


<rhiaro> +1


<tsyesika> +1

<cwebber2> +1

<bengo> +1

<KevinMarks> +1

minutes approved

<tantek> next:

Topics: AS2 and Micropub transitions

sandro: people are slow...
... I need to send transition request emails out tomorrow morning at latest

tantek: wou ld it help if we tracked the outstanding items?

sandro: not sure that'd help
... no actions for group;
... aaronpk, hold off on formatting if you can and please respond promptly if I ping you in next few hours

tantek: for the record, seeking publication date of 7/7 or 7/12
... ok, the date is pending;
... waiting for some info from Evan (who sent regrets for today)

JS2 and Post Type Discovery

UNKNOWN_SPEAKER: short names approved and publication request approved
... editors need to process HTML output into proper location
... (manual process)

sandro: helpful if it could be done today

tantek: I can do that for Post Type Discovery
... is Ben Roberts (benthatmustbeme) here?
... no
... for jf2
... let's aim for 6/30 publication date

<ben_thatmustbeme> can hear only, conference room is ocupied,

<ben_thatmustbeme> just got on

tantek: date should be 6/30
... asking ben what needs to be done

<ben_thatmustbeme> okay, i have them passing tests, its just i need to finish up one minor piece

<ben_thatmustbeme> and yes, today I should be able to do that

tantek: ; OK, thanks

Follow up on AS2 closed issues labelled 'waiting for commenter'


rhiaro gets massive kudos for contacting all commenters!

<bengo> rhiaro++


<Loqi> rhiaro has 208 karma

<Loqi> rhiaro has 209 karma

rhiaro: contacted everyone via email; gave them a deadline of today
... bunch of no replies; those are presumed to be time-outs
... dret (Erik Wilde) had one hesitation
... wonders if we should give a little more time

sandro: technically one week left

rhiaro: could use help finding email address for 3 people she couldn't find

<KevinMarks> if only you could webmention them

sandro: issue 284 ... <that person> didn't actually raise the issue, KevinMarks did

<KevinMarks> I'll have a look

<KevinMarks> I copied it in

tantek: (clarifying) .. external comment, that KevinMarks brought into github?


<discussion about who gets contacted when there's discussion on github... opinions that is definitely not a reliable way for people to be informed>

<ben_thatmustbeme> rhiaro, annando is pretty active on github, but we can try in #friendica on freenode to see if anyone has contact info there

KevinMarks: I'll try to get in contact with <that person>

<KevinMarks> Cathal Garvey

<rhiaro> @ cathalgarvey

<KevinMarks> hm, is down

sandro: just found email for one of them .. will send to rhiaro

<rhiaro> bengo

rhiaro: next issue .. <something> .. jasnell and Evan aren't here today .. need their inputs

bengo: explains

(would be helpful if bengo could put a small summary in IRC)

tantek: sounds like an editorial fix ... true?

bengo: yes

tantek: functionality was already there, but not adequately described .. this improves understanding

<bengo> It explicitly lists the 'id' property as being allowed on Link object in core.

tantek: asks sandro if we can make editorial fixes after CR

sandro: yes, we can

tantek: <clarifying timing on when the fix is made, and when it will show up>
... if it's not a normative change, group can choose to make the change before CR
... asks rhiaro if she has opinion / ditto Ben

rhiaro: don't care

bengo: see if we can make change before CR

<tantek> PROPOSED: Accept editorial change from bengo to AS2 in pull request pending spec editor approval with the intent of making this fix for CR.

<bengo> :)

<bengo> +1

<rhiaro> +1

<sandro> +1


<ben_thatmustbeme> +1

<akuckartz> +1

<rhiaro> bengo++ for PR

<Loqi> bengo has 16 karma

tantek: resolved

RESOLUTION: Accept editorial change from bengo to AS2 in pull request pending spec editor approval with the intent of making this fix for CR.

rhiaro: 2 issues raised by dret (Erik Wilde)
... one closed


rhiaro: the other is an editorial change, but it's significant
... he notes he has not seen a good explanation of why this change shouldn't be made
... but he'll approve if the group has decided not to do it

tantek: requires addition of non-trivial text?

rhiaro: yes, I might be over-thinking it, but it's about how media type is explained
... would be really helpful if dret could join the call and explain more

sandro: given that the tight timing, and IF it is only editorial, then we could do that after CR

<akuckartz> I do not think it is only editorial

rhiaro: I understand it's only editorial, but there are a lot of threads, so need to clarify

annbass: could dret propose some new language?

sandro: problem is, we don't have time

tantek: asking akuckartz for clarification

<sorry, I can't hear him>

akuckartz: I think this is important, but I don't want to hold up CR process

<ben_thatmustbeme> i think it COULD be resolved as editorial

<ben_thatmustbeme> or as non-editorial

tantek: we can still proceed .. but, if you end up thinking this is a serious implementation issue, you can block it .. then we would resolve the issue and can work toward a new CR

akuckartz: that's OK with me

tantek: resolve per this conversation, this is OK with akuckartz and dret .. and if they decide later this is significant, we will work to resolve and issue a new CR
... notes that any objectors can file a new issue, which we can link back to this discussion

<sandro> fwiw, reading over the issue, it looks editorial to me. Dret doesnt want to use profile.

tantek: clarifying this is true for anyone and all issues ..

<waiting for rhiaro to get reconnected>

<sandro> ( in he says, ""that would be against the intention of the profile parameter)

<rhiaro> Argh

Authentication/Authorization decisions

<cwebber2> I raised it

tantek: we'll proceed and then get back to AS2 when rhiaro reconnects

<sandro> we're not hearing Chris

<sandro> tantek, agenda+ Horizontal Reviews

cwebber2: I raised this issue bcuz I was implementing ActivityPub .. realized this was a hole .. we originally said this was out-of-scope, but then I worried re: what this will really mean for implementers
... various options IndieAuth as one possible way of doing OAuth2 with bearer tokens or ...
... do we need more specificity?

<KevinMarks> micropub uses indieauth; webmention doesn't need auth

cwebber2: I don't understand details of some of the proposed solutions; need more info; seems like a hole and not sure what to do

tantek: for context: last time this question was asked ..

<ben_thatmustbeme> scribenick: ben_thatmustbeme

tantek: back at f2f at MIT we came to an agreement that we would refer to oauth 2 with bearer tokens and we would leave it at that
... a reasonable summary from cwebber is that that is insufficient to achieve interoperability

cwebber2: thats issues 1
... issue 2 is, for micropub we list indieauth as a SHOULD (i think)
... is that okay for the group?

<bengo> IMO it's good for these specs to say "The Server should explain it's authorization requirements via WWW-Authenticate response header"

aaronpk: the reason that we decided oauth2 with bearer tokens is acceptable is because it lets us avoid complicating these issues and these calls
... in stark contrast to oauth 1 with ties requests to authentication
... if you forget everything you know about oauth1, 2.0 becomes much easier
... the important part is that it describes how to get a token. if both of these specs accept tokens, we don't really care how you get that token
... as cwebber2 found, there are not really great solutions for that in desktop apps and hardward devices, they can still use the spec, but they just need a token in some way

<cwebber2> that's helpful, thanks aaronpk

<cwebber2> yep

aaronpk: there isn't a good industry standard on that, so the best way for that is to just say 'use bearer tokens' and it can be anything, oath2, indieauth, etc.

<KevinMarks> a lot of oauth2 is documenting possible ways to get tokens

tantek: it sounds like, you are saying that one way to get a token is indieauth, that sounds like an informative note rather than normative

<cwebber2> I think right now micropub says "SHOULD" on indieauth

<rhiaro> Me too re: hardcoding/copypasting tokens

aaronpk: i will say that some of my implementations do not use indieauth, i just copy and paste, and thats a perfectly acceptable method

<cwebber2> but I suspect it can be easily changed

tantek: i think this avoids any issue of the stability of indieauth


sandro: basically i agree, at some ponit somebody will come along with a better way to do authentication (i hope)
... will the specs need to be rewritten or not? i think the answer is not.
... its a little bit frustrating when implementing, but thats reality

tantek: it sounds like the state of the industry is messy no matter what we say


bengo: as far as the state of the industry is messy, in the last year or two there has been a lot of acceptance of oauth2. they have had a lot of implementations from <lists a bunch>

<cwebber2> bengo, I've been looking at openid connect, I guess I got a bit overwhelmed because it looked like "layer on top of oauth 2". If you have a resource that's like "here's how to implement a bunch and *ignore* a lot of the huge set of options" would help me feel less overwhelmed :)

bengo: oauth2 bearer tokens is compatable with that. saying "use bearer tokens" is pretty generic, and it lets you use any string at all really

<cwebber2> interesting

<cwebber2> I'm ok with requireing a response that's informative

bengo: it could be a little more useful to have an error header to give hints on what is needed for getting that token

aaronpk: oauth2 does have a header response for when a request requires a token. I agree the server needs a way to say they need a token. The token is opaque, and it is good that way. its up to the server and client to negotiate that. you don't need that in the spec because thats an implementation detail
... its just saying, the client willg et a string, the client should not try to interpret that string

tantek: cwebber2 you originally raised this, is this enough for you to follow up?

cwebber2: i think so, i certainly feel like anything useful that could be said on this call has already been said and i can get more info and work on an issue for that

tantek: its probably good to record an issue to them to clarify
... anything else for that item?

cwebber2: no

aaronpk: the person wants to only have a media endpoint
... is this something we should do now or something we can do in CR

sandro: we should do it now, as its not editorial right?

aaronpk: it changes the conformance section

tantek: the request is to make it optional?

aaronpk: yes, make the direct uploads optional if there is a media endpoint

sandro: only if there is a media server

tantek: your options are to make it optional, or mark it at risk and dropping it in CR
... have you thought about this enough to put forth a specific proposal
... you can mark it optional AND at risk as well

aaronpk: the text that would need to change is in the conformance classes section which is .... actually now i'm not seeing that there.
... shoot ... (talks to self a little)

sandro: technically we could wait until next week to solve this, even if we get it staged and approval, we could change it
... send an email to the list as soon as you have some clarity to what you want to do here

tantek: even better, if you are able to follow up with a PR that the person is ok with, that makes it clear we processed the issue before CR
... are there any at risk features in the current draft?

aaronpk: i don't think so, the update and delete we implemented

tantek: we had only one more explicity item

aaronpk: i just wanted to drop links in

sandro: you probably all saw a bunch of emails about getting replies from other groups
... two groups replied saying they don't have much time, but there was a response with the security and privacy self review

aaronpk: there was another for internationalization

<ben_thatmustbeme> i remember looking over the internationalization one before, i think we discussed some time ago

tantek: sandro, can you make sure the issues get filed for these
... the response from the other groups was to get these questionaires filled out
... they may cause changes later
... thanks everyone, next week, usual time, chair will be evan

<aaronpk> fyi I did a talk at open source bridge last week summarizing the work this group is doing


<aaronpk> my slides:

<aaronpk> and video:

<annbass> that'll be interesting, aaronpk, thanks

<aaronpk> feel free to use the slides for your own presentations later!

<aaronpk> and hopefully i accurately represented things here!

trackbot, end meeting

Summary of Action Items

Summary of Resolutions

  1. Accept editorial change from bengo to AS2 in pull request pending spec editor approval with the intent of making this fix for CR.