- 1 Social Web Working Group Teleconference
Social Web Working Group Teleconference
28 Jun 2016
See also: IRC log
- sandro, annbass, tantek, akuckartz, rhiaro, aaronpk, cwebber, bengo, tsyesika, !
- annbass, ben_thatmustbeme
- Summary of Action Items
- Summary of Resolutions
<aaronpk> is the audio dropping periodically for anyone else? or is that my wifi?
<annbass> scribenick: annbass
<cwebber2> aaronpk, seems fine for the minute I've been in
<aaronpk> calling back in..
approval of minutes from F2F and last week's meeting
F2F was 6-6 and 6-7, but first day minutes were already approved
this vote is for 6-7
tantek clarifying when resolved to take micropub to CR
aaronpk: we did that last week
<rhiaro> We checked the mintues but we basically just screwed up the wording of the proposal
<aaronpk> that wasn't me
<discussion and clarification>
<aaronpk> ugh having more audio issues. trying again.
tantek: any other questions or issues?
vote to approve ..
<KevinMarks> +1 even
next: minutes from 6/21 meeting...
<tantek> next: https://www.w3.org/wiki/Socialwg/2016-06-28#Discussion_Items
Topics: AS2 and Micropub transitions
sandro: people are slow...
... I need to send transition request emails out tomorrow morning at latest
tantek: wou ld it help if we tracked the outstanding items?
sandro: not sure that'd help
... no actions for group;
... aaronpk, hold off on formatting if you can and please respond promptly if I ping you in next few hours
tantek: for the record, seeking publication date of 7/7 or 7/12
... ok, the date is pending;
... waiting for some info from Evan (who sent regrets for today)
JS2 and Post Type Discovery
UNKNOWN_SPEAKER: short names approved and publication request approved
... editors need to process HTML output into proper location
... (manual process)
sandro: helpful if it could be done today
tantek: I can do that for Post Type Discovery
... is Ben Roberts (benthatmustbeme) here?
... for jf2
... let's aim for 6/30 publication date
<ben_thatmustbeme> can hear only, conference room is ocupied,
<ben_thatmustbeme> just got on
tantek: date should be 6/30
... asking ben what needs to be done
<ben_thatmustbeme> okay, i have them passing tests, its just i need to finish up one minor piece
<ben_thatmustbeme> and yes, today I should be able to do that
tantek: ; OK, thanks
Follow up on AS2 closed issues labelled 'waiting for commenter'
rhiaro gets massive kudos for contacting all commenters!
<Loqi> rhiaro has 208 karma
<Loqi> rhiaro has 209 karma
rhiaro: contacted everyone via email; gave them a deadline of today
... bunch of no replies; those are presumed to be time-outs
... dret (Erik Wilde) had one hesitation
... wonders if we should give a little more time
sandro: technically one week left
rhiaro: could use help finding email address for 3 people she couldn't find
<KevinMarks> if only you could webmention them
sandro: issue 284 ... <that person> didn't actually raise the issue, KevinMarks did
<KevinMarks> I'll have a look
<KevinMarks> I copied it in
tantek: (clarifying) .. external comment, that KevinMarks brought into github?
<discussion about who gets contacted when there's discussion on github... opinions that is definitely not a reliable way for people to be informed>
<ben_thatmustbeme> rhiaro, annando is pretty active on github, but we can try in #friendica on freenode to see if anyone has contact info there
KevinMarks: I'll try to get in contact with <that person>
<KevinMarks> Cathal Garvey
<rhiaro> @ cathalgarvey
<KevinMarks> hm, quitter.no is down
sandro: just found email for one of them .. will send to rhiaro
<rhiaro> https://github.com/w3c/activitystreams/issues/288 bengo
rhiaro: next issue .. <something> .. jasnell and Evan aren't here today .. need their inputs
(would be helpful if bengo could put a small summary in IRC)
tantek: sounds like an editorial fix ... true?
tantek: functionality was already there, but not adequately described .. this improves understanding
<bengo> It explicitly lists the 'id' property as being allowed on Link object in core.
tantek: asks sandro if we can make editorial fixes after CR
sandro: yes, we can
tantek: <clarifying timing on when the fix is made, and when it will show up>
... if it's not a normative change, group can choose to make the change before CR
... asks rhiaro if she has opinion / ditto Ben
rhiaro: don't care
bengo: see if we can make change before CR
<tantek> PROPOSED: Accept editorial change from bengo to AS2 in pull request https://github.com/w3c/activitystreams/pull/329 pending spec editor approval with the intent of making this fix for CR.
<rhiaro> bengo++ for PR
<Loqi> bengo has 16 karma
RESOLUTION: Accept editorial change from bengo to AS2 in pull request https://github.com/w3c/activitystreams/pull/329 pending spec editor approval with the intent of making this fix for CR.
rhiaro: 2 issues raised by dret (Erik Wilde)
... one closed
rhiaro: the other is an editorial change, but it's significant
... he notes he has not seen a good explanation of why this change shouldn't be made
... but he'll approve if the group has decided not to do it
tantek: requires addition of non-trivial text?
rhiaro: yes, I might be over-thinking it, but it's about how media type is explained
... would be really helpful if dret could join the call and explain more
sandro: given that the tight timing, and IF it is only editorial, then we could do that after CR
<akuckartz> I do not think it is only editorial
rhiaro: I understand it's only editorial, but there are a lot of threads, so need to clarify
annbass: could dret propose some new language?
sandro: problem is, we don't have time
tantek: asking akuckartz for clarification
<sorry, I can't hear him>
akuckartz: I think this is important, but I don't want to hold up CR process
<ben_thatmustbeme> i think it COULD be resolved as editorial
<ben_thatmustbeme> or as non-editorial
tantek: we can still proceed .. but, if you end up thinking this is a serious implementation issue, you can block it .. then we would resolve the issue and can work toward a new CR
akuckartz: that's OK with me
tantek: resolve per this conversation, this is OK with akuckartz and dret .. and if they decide later this is significant, we will work to resolve and issue a new CR
... notes that any objectors can file a new issue, which we can link back to this discussion
<sandro> fwiw, reading over the issue, it looks editorial to me. Dret doesnt want to use profile.
tantek: clarifying this is true for anyone and all issues ..
<waiting for rhiaro to get reconnected>
<sandro> ( in https://github.com/w3c/activitystreams/issues/53#issuecomment-62921081 he says, ""that would be against the intention of the profile parameter)
<cwebber2> I raised it
tantek: we'll proceed and then get back to AS2 when rhiaro reconnects
<sandro> we're not hearing Chris
<sandro> tantek, agenda+ Horizontal Reviews
cwebber2: I raised this issue bcuz I was implementing ActivityPub .. realized this was a hole .. we originally said this was out-of-scope, but then I worried re: what this will really mean for implementers
... various options IndieAuth as one possible way of doing OAuth2 with bearer tokens or ...
... do we need more specificity?
<KevinMarks> micropub uses indieauth; webmention doesn't need auth
cwebber2: I don't understand details of some of the proposed solutions; need more info; seems like a hole and not sure what to do
tantek: for context: last time this question was asked ..
<ben_thatmustbeme> scribenick: ben_thatmustbeme
tantek: back at f2f at MIT we came to an agreement that we would refer to oauth 2 with bearer tokens and we would leave it at that
... a reasonable summary from cwebber is that that is insufficient to achieve interoperability
cwebber2: thats issues 1
... issue 2 is, for micropub we list indieauth as a SHOULD (i think)
... is that okay for the group?
<bengo> IMO it's good for these specs to say "The Server should explain it's authorization requirements via WWW-Authenticate response header" https://tools.ietf.org/html/rfc6750#section-3
aaronpk: the reason that we decided oauth2 with bearer tokens is acceptable is because it lets us avoid complicating these issues and these calls
... in stark contrast to oauth 1 with ties requests to authentication
... if you forget everything you know about oauth1, 2.0 becomes much easier
... the important part is that it describes how to get a token. if both of these specs accept tokens, we don't really care how you get that token
... as cwebber2 found, there are not really great solutions for that in desktop apps and hardward devices, they can still use the spec, but they just need a token in some way
<cwebber2> that's helpful, thanks aaronpk
aaronpk: there isn't a good industry standard on that, so the best way for that is to just say 'use bearer tokens' and it can be anything, oath2, indieauth, etc.
<KevinMarks> a lot of oauth2 is documenting possible ways to get tokens
tantek: it sounds like, you are saying that one way to get a token is indieauth, that sounds like an informative note rather than normative
<cwebber2> I think right now micropub says "SHOULD" on indieauth
<rhiaro> Me too re: hardcoding/copypasting tokens
aaronpk: i will say that some of my implementations do not use indieauth, i just copy and paste, and thats a perfectly acceptable method
<cwebber2> but I suspect it can be easily changed
tantek: i think this avoids any issue of the stability of indieauth
sandro: basically i agree, at some ponit somebody will come along with a better way to do authentication (i hope)
... will the specs need to be rewritten or not? i think the answer is not.
... its a little bit frustrating when implementing, but thats reality
tantek: it sounds like the state of the industry is messy no matter what we say
bengo: as far as the state of the industry is messy, in the last year or two there has been a lot of acceptance of oauth2. they have had a lot of implementations from <lists a bunch>
<cwebber2> bengo, I've been looking at openid connect, I guess I got a bit overwhelmed because it looked like "layer on top of oauth 2". If you have a resource that's like "here's how to implement a bunch and *ignore* a lot of the huge set of options" would help me feel less overwhelmed :)
bengo: oauth2 bearer tokens is compatable with that. saying "use bearer tokens" is pretty generic, and it lets you use any string at all really
<cwebber2> I'm ok with requireing a response that's informative
bengo: it could be a little more useful to have an error header to give hints on what is needed for getting that token
aaronpk: oauth2 does have a header response for when a request requires a token. I agree the server needs a way to say they need a token. The token is opaque, and it is good that way. its up to the server and client to negotiate that. you don't need that in the spec because thats an implementation detail
... its just saying, the client willg et a string, the client should not try to interpret that string
tantek: cwebber2 you originally raised this, is this enough for you to follow up?
cwebber2: i think so, i certainly feel like anything useful that could be said on this call has already been said and i can get more info and work on an issue for that
tantek: its probably good to record an issue to them to clarify
... anything else for that item?
aaronpk: the person wants to only have a media endpoint
... is this something we should do now or something we can do in CR
sandro: we should do it now, as its not editorial right?
aaronpk: it changes the conformance section
tantek: the request is to make it optional?
aaronpk: yes, make the direct uploads optional if there is a media endpoint
sandro: only if there is a media server
tantek: your options are to make it optional, or mark it at risk and dropping it in CR
... have you thought about this enough to put forth a specific proposal
... you can mark it optional AND at risk as well
aaronpk: the text that would need to change is in the conformance classes section which is .... actually now i'm not seeing that there.
... shoot ... (talks to self a little)
sandro: technically we could wait until next week to solve this, even if we get it staged and approval, we could change it
... send an email to the list as soon as you have some clarity to what you want to do here
tantek: even better, if you are able to follow up with a PR that the person is ok with, that makes it clear we processed the issue before CR
... are there any at risk features in the current draft?
aaronpk: i don't think so, the update and delete we implemented
tantek: we had only one more explicity item
aaronpk: i just wanted to drop links in
sandro: you probably all saw a bunch of emails about getting replies from other groups
... two groups replied saying they don't have much time, but there was a response with the security and privacy self review
aaronpk: there was another for internationalization
<ben_thatmustbeme> i remember looking over the internationalization one before, i think we discussed some time ago
tantek: sandro, can you make sure the issues get filed for these
... the response from the other groups was to get these questionaires filled out
... they may cause changes later
... thanks everyone, next week, usual time, chair will be evan
<aaronpk> fyi I did a talk at open source bridge last week summarizing the work this group is doing
<aaronpk> my slides: http://slides.aaronparecki.com/2016/osbridge-w3c-socialwg
<aaronpk> and video: https://www.youtube.com/watch?v=0u2Knp8P9eY
<annbass> that'll be interesting, aaronpk, thanks
<aaronpk> feel free to use the slides for your own presentations later!
<aaronpk> and hopefully i accurately represented things here!
trackbot, end meeting