2015-12-02 UTC
# 00:00 azaroth ... if you don't know anything about micropub and you get a request you could use PTD to decide what to do with the request, per Amy
# 00:00 eprodrom ack kevinmarks
# 00:00 Zakim sees eprodrom, tantek on the speaker queue
# 00:00 azaroth eprodrom: Good principle to follow
# 00:00 azaroth kevinmarks: Sense of separation here. We are using micropub to route things between systems
# 00:00 azaroth ... one example is ??? that uses instagram and micropub
# 00:00 Zakim sees tantek, cwebber on the speaker queue
# 00:01 azaroth another example is silo.pub that maps from MF to various things
# 00:01 azaroth ... it wraps blog in an envelope to post to blogger, or finds the image to send to flickr
# 00:01 azaroth ... mostly individual things we've built
# 00:01 azaroth ... lots of targeted protocols that are moving together, whereas you have a bigger suite
# 00:01 azaroth ... partly where the mappings get odd
# 00:01 Zakim sees tantek, cwebber on the speaker queue
# 00:02 azaroth Tantek: different kind of answer. What drove the different protocols. WebMention happened first.
# 00:02 Zakim tantek, you wanted to note why webmention (federation) and micropub (API) are distinct and separate (different trust pre-requisites, user models, canonical data).
# 00:02 kevinmarks azaroth: ownyourgram.com you sign into instagram and it posts your photos to your own site
# 00:02 azaroth ... different user model between federation and users.
# 00:02 azaroth ... Conceptually defend the distinction. Federation standpoint it's FYI. THe receiver is not required to do anything on any timescale
# 00:03 azaroth ... other than how you validate it. After that there's suggested things you can do. If it has X content, then it's a comment and you should copy it to your post as a reply
# 00:03 azaroth ... but the ultimate decision of action is on the receiever. It has its own agency
# 00:03 azaroth ... all the boundaries for federation are corssed
# 00:04 azaroth ... for an API scenario, both ends are under the control of the same user
# 00:04 azaroth ... so the user issues a command to create something, then the server MUST create it
# 00:04 azaroth ... it's a hard requirement, so very different from auth and user agency perspective, permissions, trust, number of actors etc.
# 00:04 azaroth ... don't do auth for federation, you just send it
# 00:05 azaroth ... Maybe wrong with drawing the difference, but lots of differences?
# 00:05 azaroth sandro: Clear to me
# 00:05 azaroth tantek: User 1 vs user 2, rather than one user and thing 1 vs thing 2
# 00:05 azaroth cwebber2: Same technical design could do both
# 00:05 azaroth ... webmention is cool in that it's very minimal
# 00:05 azaroth tantek: a different contract
# 00:06 azaroth cwebber2: You could emulate in activity pump, nice that it doesn't require a lot of work
# 00:06 azaroth ... if I run my own pump io server, I know that I'm posting to my thing. The same design and serialization.
# 00:06 azaroth ... little distinction between what is a client and a server
# 00:06 Zakim sees cwebber, rhiaro on the speaker queue
# 00:06 azaroth ... don't always control the server. Might decide that you're a spammer even if you have an account, so might still filter
# 00:07 azaroth ... if I set up my own server, better not do that to myself
# 00:07 azaroth ... same concepts could be accomplished with same tech, more usable in the long run
# 00:07 azaroth ... even with lack of distinction, it's not as big a division as you might thing
eprodrom_ joined the channel
# 00:07 azaroth rhiaro: my micropub endpoint when it receives a post sends a webmention
# 00:08 azaroth ... webmention and mf completely separate so no requirement but that's how I hooked it up
# 00:08 azaroth ... with activity pump you must do it
# 00:08 azaroth cwebber2: The receiving server might reject it
bblfish and bblfish_ joined the channel
# 00:09 azaroth ... what happens if you do mpub post to a third party? Do you have to "own" the micropub endpoint?
# 00:09 azaroth tantek: You have to be oauthed up
# 00:09 azaroth ... but not in webmention
# 00:09 azaroth ... which is essential for lightweight federation
# 00:09 azaroth cwebber2: Right not saying it's not useful, but that it would also be useful if mpub also did federation
# 00:09 azaroth aaronpk: another difference
# 00:09 azaroth ... mpub as a way to create content, the content is part of the request
# 00:09 azaroth ... the bearer token is prearranged
# 00:09 azaroth ... webmention is only by reference, content is not in the request
# 00:10 azaroth ... don't say here's my photo etc
# 00:10 Zakim sees cwebber, rhiaro, kevinmarks on the speaker queue
# 00:10 Zakim sees cwebber, kevinmarks on the speaker queue
# 00:10 azaroth ... that would be trackback, and garbage because it's unauthenticated
# 00:10 azaroth ... only way to send content is if it's authenticated
# 00:10 azaroth cwebber2: or go back and verify it, but then you might as well not send it
# 00:10 azaroth eprodrom: activity pump does two legged oauth
# 00:10 azaroth ... so server to server
# 00:11 azaroth aaronpk: for mpub there's no URL until the request is handled
# 00:11 azaroth ... if you used the same protocol for webmentions, you're delivering the contents of the post
# 00:11 azaroth ... but unless you authenticate there's no way to trust it
# 00:11 azaroth ... and they probably want to verify it anyway
# 00:11 azaroth ... so just send the url
# 00:11 azaroth ... so it's just what we have now :)
# 00:11 azaroth sandro: You might auth once every long period of time?
# 00:12 azaroth eprodrom: So because of pingback style of webmention, there's something here you might be interested in, it doesn't make sense to use the same interaction
# 00:12 azaroth ... if it was PuSH service, ala activity pump, it would make sense?
# 00:12 azaroth aaronpk: Interesting. Pretty sure most PUSH systems dont' send the contents in the broadcast
# 00:12 azaroth ... that would look more like micropub
# 00:13 azaroth ... if PuSH has too many limitations, then may it's just micropub and that's where it fits in
# 00:13 Zakim sees cwebber, kevinmarks on the speaker queue
# 00:13 azaroth ... not the same use case as micropub
# 00:13 azaroth cwebber2: suggesting that it's easy to drop into an existing blog which is hard with activity pump
# 00:13 Zakim sees cwebber, kevinmarks on the speaker queue
# 00:14 tantek q+ to note some brainstorming attempts to do site-to-site micropub
# 00:14 Zakim sees cwebber, kevinmarks, tantek on the speaker queue
# 00:14 azaroth aaronpk: extending to also handle distribution of content for subscribers is different from webmention
# 00:14 Zakim sees kevinmarks, tantek on the speaker queue
# 00:14 azaroth cwebber2: spec is well written. Main concern is that it doesn't talk about specific silos
# 00:14 azaroth aaronpk: Also anchors it in time
# 00:15 Zakim sees kevinmarks, tantek on the speaker queue
# 00:15 eprodrom ack kevinmarks
# 00:15 azaroth s/it doesn't/it shouldn't/
# 00:15 azaroth kevinmarks: presumption for sending stuff out is that it's replication
# 00:15 azaroth ... might be a way to couple the two together
# 00:15 Zakim tantek, you wanted to note some brainstorming attempts to do site-to-site micropub
# 00:16 azaroth tantek: to argue against myself ... we have had some experiments and one production use of webmention like an api and webm for federation
# 00:16 azaroth ... sending a copy somewhere is like federation, for federation-hostile people
# 00:16 azaroth ... with webmention we have bridgy, that built a protocol for publishing on top of it
# 00:16 azaroth ... it acts like micropub in a way
# 00:17 azaroth ... if you send a particular mention to one place it'll publish content to another server
# 00:17 azaroth ... take this specific action that is triggered by a webmention
# 00:17 azaroth ... brainstorming on server to server, with distinct users
# 00:17 azaroth ... didnt' scale well. If you're one someone's website and they have a comment box, you want it to post to YOUR site not just their site
# 00:18 azaroth ... so it should act like a micropub client and then use webmention to get it back
# 00:18 cwebber2 eprodrom: I'm staying shut up but you should mention what pump.io does here ;)
# 00:18 azaroth ... if you auth in ... no you might not want to give out arbitrary permissions
# 00:18 azaroth ... so walked down the path a bit and it didn't seem like a good trust design
# 00:18 azaroth kevinmarks: have web actions via client side voodoo
# 00:18 azaroth tantek: without auth
# 00:18 azaroth kevinmarks: looks like it's going to one site, actually to others
# 00:19 azaroth tantek: federation of all the little buttons on posts like like, reply, bookmark, etc. a way to have sites take actions to a different site
# 00:19 azaroth ... users configure their client to handle them
# 00:19 azaroth ... built a shim with web components
# 00:19 azaroth ... a protocol handler that makes it work
# 00:19 azaroth ... your site will take over the functionality of those buttons on the remote site
# 00:20 azaroth ... UI federation? not sure how we conceptually captured it
# 00:20 azaroth kevinmarks: The example of it working is woodwind
# 00:20 azaroth tantek: with micropub?
# 00:20 azaroth kevinmarks: with all of them
# 00:20 azaroth tantek: woodwind is a reader that you sign into with your own domain and it tracks what you're reading
# 00:21 azaroth ... if your own site supports micropub you can sign in there and it posts to your site
# 00:21 azaroth ... if you don't, it can fall back to other options
# 00:21 bengo q+ to ask about separation of request semantics and resource representation
# 00:21 Zakim bengo, you wanted to ask about separation of request semantics and resource representation
# 00:22 azaroth bengo: Maybe controversial, but keeping the object representation separate from what to do with the object. Curious why edit this or post this or delete this is in the body, rather than the method?
# 00:22 azaroth aaronpk: Reason is to allow delegation of functionality, rpc-style.
# 00:22 azaroth ... where you might have a static website other than GET, but you can delegate to some other endpoint
# 00:23 azaroth ... but you can't delete that endpoint
# 00:23 azaroth ... the objects don't live under the micropub endpoint
# 00:23 azaroth ... thus the RPC style
# 00:24 azaroth ... Could say that the endpoint could delete based on a query string, but seems contrived for no particular reason
# 00:24 azaroth eprodrom: to answer that for other things... for activity pump... pump.io does do that. One way to follow someone is to post your id to their following list
# 00:24 azaroth ... you add yourself to their followers
# 00:24 azaroth ... or deleting an object directly
# 00:24 azaroth ... managing some of the life cycle of the social graph works that way.
# 00:25 azaroth ... Some things are harder to do like that. If I like something, posting to a list of likers might make sense
# 00:25 azaroth bengo: Unliking a thing seems either deleting a like resource, or posting an unlike, could try different ways until something works
# 00:25 azaroth ... but could be just one way
# 00:25 azaroth eprodrom: we would concentrate on the one way of using AS as written
# 00:26 azaroth ... always been a logging style format we repurpose as a command langage
# 00:26 azaroth ... how that happened. Interesting to reconsider purely from a REST mechanism without a command language
# 00:26 azaroth bengo: having it all in the message is useful for websockets based things too not inherently bad, might just hear that's not restful over and over again
# 00:27 azaroth eprodrom: expectation has been there'd be a stream of activities, natural to think in atompub style of posting an activity to the feed
# 00:27 azaroth cwebber2: couple of CRUD activities, but also others like join ... no HTTP verb
# 00:27 azaroth eprodrom: COuld have a members resource and posting an ID to it
# 00:28 azaroth cwebber2: I think this group resolved ... should we use all these verbs...everyone was using the AS verbs not HTTP methods
# 00:28 azaroth ... so do AS first
# 00:28 azaroth tantek: I recall that as well. Don't want to have the argument again :)
# 00:29 azaroth eprodrom: wrap up with micropub? anthing to discuss in next 10 minutes?
# 00:29 azaroth cwebber2: ready to go to ED?
# 00:29 azaroth ... I think we should propose it?
# 00:31 azaroth jasnell, et al: Make it explicit regarding moving to WD in the status section
# 00:31 eprodrom RESOLVED: Move MicroPub to Editor's Draft status
# 00:31 azaroth eprodrom: Resolved :)
# 00:31 azaroth ... have 90 minutes left, one more item on agenda
# 00:32 azaroth ... everyone in late afternoon doldrums. Dinner at 7.
# 00:32 azaroth ... hopefully group photo will not take half an hour
# 00:32 azaroth tantek: 7th floor with bay bridge
# 00:32 azaroth [temporarily adjourn]
jasnell, azaroth, kevinmarks2, bengo and tantek joined the channel
# 00:55 aaronpk cwebber2: talking about bringing activitypump to editor's draft
# 00:56 aaronpk ... i'm assuming everyone's familiar with it by now. sandro said before basically AP is ActivityStreams in API form
# 00:56 aaronpk ... so, in that sense, if there's things peopel want to talk about specifically i'm happy to talk about them
# 00:56 aaronpk ... i have a few things i'd love to go over while we have people her
# 00:56 aaronpk ... but it might be more useful to have people who are not me say things
# 00:56 azaroth q+ to say it looked very good :D
# 00:57 Zakim azaroth, you wanted to say it looked very good :D
eprodrom joined the channel
# 00:57 aaronpk tantek: one request is to link to the issues from the document header
# 00:57 aaronpk cwebber2: sure i'll make an issue for that right now
# 00:58 aaronpk ... so there are issues on it right now but i don't know if any of these are blockers to take this to editor's draft and if there ar ei'm happy to talk about them
# 00:58 aaronpk ... i think activitypump is probably unsurprising right now
# 00:58 Zakim sees bengo, eprodrom on the speaker queue
# 00:58 aaronpk ... the first question is is there anything specific someone wants to raise in person or should i start
# 00:59 aaronpk bengo: i think it's generally pleasant to read. i filed a bunch of issues. i think that the general part that's hard to wrap my head around is how to initiate crud operations around activities
# 00:59 aaronpk ... would be good to have more specific error responses defined
# 00:59 aaronpk ... if i say update facebook.com what should happen? 401? or maybe I did actually change whatever that was and am trying to record it
# 01:00 aaronpk ... i'm having a hard time rationalizing triggering activities and recording activities in the same outbox
# 01:00 aaronpk ... one way of resolving it is to have different endpoints for triggering activities vs recording them
# 01:00 aaronpk eprodrom: we were talking about this during the break. maybe having CRUD processes happen through posting and updating the object itself and how that would work
# 01:01 Zakim sees eprodrom, cwebber on the speaker queue
# 01:01 aaronpk ... you'd keep a collection of everything you publish, once you hav ea permalink for hte thing you can read/update/delete really easily
# 01:01 aaronpk .. would you maintain one single feed/collection of everything you publish? would you keep different collections by type?
# 01:01 aaronpk ... one collection of videos, of images, of text, or does it not matter?
# 01:01 tantek q+ to ask if the intent is to keep ActivityPump use of terms like "displayName" in sync with AS2 changes e.g. displayName->name ?
# 01:01 Zakim sees eprodrom, tantek on the speaker queue
# 01:01 aaronpk ... the meechanism we use is also how opensocial does activities
# 01:01 Zakim sees eprodrom, tantek, cwebber on the speaker queue
# 01:02 aaronpk ... most of the crud mechanism was handled by the rest of the opensocial api
# 01:02 aaronpk ... it would be an interesting exercise, chris, if we were to think about that as our mechanism for crudding stuff that lives on the server
# 01:03 aaronpk eprodrom: having a collection/feed of "stuff evan published", evan's outbox of stuff he made, not activities, but text, videos, etc
# 01:03 aaronpk ... and so the primary way you'd create things is to post to that feed and manage it that way instead of using activitystreams as a command language for crud
# 01:03 aaronpk cwebber2: i think that sounds mostly fine, but only create should be replaced by that
# 01:03 aaronpk ... kind of what james was saying, when you are distributing it to everyone else you still wrap it in a create, but for creating it initially yes
# 01:04 aaronpk ... but for updating and deleting using the existing verbs
# 01:04 aaronpk eprodrom: right now we have get put and delete on objects which should do ...
# 01:04 aaronpk cwebber2: we talked about removing those http verbs an hour ago
# 01:04 aaronpk ... i'm still referencing owen's thing from a long time ago
# 01:04 aaronpk ... if the initial thing you're creating isn't wrapped in a create it simplifies things
# 01:05 aaronpk cwebber2: you use post for everything, but if you're creating something you just put the object somewhere
bblfish joined the channel
# 01:05 aaronpk cwebber2: update and delete are pure side effect and then become a log
# 01:05 aaronpk ... you're creating the object in your database that is the log, but you're only putting it there as the side effect
# 01:05 aaronpk eprodrom: i don't like making it an exclusive thing
# 01:05 aaronpk ... i don't like posting something to a feed that then changes in the feed
# 01:06 aaronpk ... i expect if i post something i don't want it to change
# 01:06 aaronpk ... even though i had posted the object it would then come back wrapped in a create
# 01:06 aaronpk ... i'm saying i post an object to the feed and i see a bunch of activities, what happened to the object? oh its actually a property of one of the activities
# 01:07 aaronpk ... i think if you post an object to a feed then it should come back in the feed
# 01:07 aaronpk ... it's also not the biggest detail in the world if we don't do this
# 01:07 Zakim sees eprodrom, tantek, cwebber on the speaker queue
# 01:07 aaronpk ... it doesn't change things fundamentally. i can live with whatever
# 01:07 Zakim sees tantek, cwebber on the speaker queue
# 01:08 aaronpk sorry didn't catch the gist of what bengo was saying
# 01:08 aaronpk cwebber2: amy you were saying if we moved activitystreams to a more content distribution then that would bring it closer to micropub
# 01:09 aaronpk sandro: this seems like a place where activitypump is a complete coin flip between using http verbs or not
# 01:09 bengo List the things I triggered to create their side effect?
# 01:09 bengo Or List the things I've done (feed)
# 01:09 bengo I don't think it can be both
# 01:09 bengo s/thing/understand how
# 01:09 aaronpk cwebber2: micropub is closer to what we're doing, where if create is not wrapped in a thing it just makes it
# 01:09 aaronpk sandro: let me rephrase. it often seems like the entire industry is in love with restful apis. i don't know why personally.
# 01:10 aaronpk sandro: specifically with HTTP PATCH to update and that is a thing that's really popular
# 01:10 aaronpk ... evan you did that survey across a bunch of apis
# 01:10 aaronpk ... i don't know why that's so popular, and i hesitate to go in a different direction
# 01:10 aaronpk ... activitystreams - everything is wrapped in an activity
# 01:11 aaronpk ... the current indieweb style - closer to what owen suggested, don't wrap create in an activity
# 01:11 bengo I can weigh in as to why command semantics outside of request body is useful (caching intermediaries like varnish can't easily understand semantics)
# 01:11 aaronpk evanpro: i don't understand what the advantage is
# 01:12 aaronpk ... two reasons. one is the ACL thing, when you post the initial thing you attach the ACL to the initial object
# 01:12 Zakim sees tantek, cwebber, kevinmarks on the speaker queue
# 01:13 aaronpk cwebber2: the second is trying to move towards a more content-centric version of things
# 01:14 aaronpk eprodrom: which is what i was saying, have a feed of content things
# 01:14 aaronpk cwebber2: ironically, if we end up doing what i suggested, the activity stream of what other people are reading is activity centric but the client-server thing is content centric
# 01:14 aaronpk ... but now we have to move to a model where anything that doesn't have a side effect we wrap in a create
# 01:15 aaronpk ... it's a shift in the complexity, but we have these separate things and wehave to make a decision
# 01:15 aaronpk eprodrom: we don't have to make a decision right now, we can mark it as an issue
# 01:15 Zakim sees tantek, cwebber, kevinmarks on the speaker queue
# 01:15 bengo q+ to request answer to my orig question "What happens if I POST /outbox update facebook.com"?
# 01:15 Zakim sees tantek, cwebber, kevinmarks, bengo on the speaker queue
# 01:16 aaronpk cwebber2: i'm adding a note to my previous todo that evan hates it and we should discuss
# 01:16 Zakim tantek, you wanted to ask if the intent is to keep ActivityPump use of terms like "displayName" in sync with AS2 changes e.g. displayName->name ?
# 01:16 Zakim sees cwebber, kevinmarks, bengo on the speaker queue
# 01:16 Zakim sees kevinmarks, bengo on the speaker queue
# 01:16 aaronpk tantek: is your intent in AP to keep terminology in sync with activitystreams? so do the displayName -> name change?
# 01:16 aaronpk cwebber2: yes because it's just the API version of activitystreams
# 01:16 Zakim sees kevinmarks, bengo on the speaker queue
# 01:16 eprodrom ack kevinmarks
# 01:16 Zakim kevinmarks, you wanted to state issues with over-literal REST CRUD
# 01:16 aaronpk ... 'whatever man just go with the flow of activity streams'
# 01:17 aaronpk kevinmarks: following sandro's point about rest and crud. the issue is that the crud assumption is you are the owner of the resource completely
# 01:17 aaronpk ... when people go to the contacts app in their phone and see a bunch of emails they delete them and then wonder why gmail autocomplete doesn't work
# 01:18 aaronpk tantek: there's an additional semantic that the http verbs didn't capture
# 01:18 aaronpk cwebber2: we aren't planning on using http verbs anyway
# 01:19 Zakim bengo, you wanted to request answer to my orig question "What happens if I POST /outbox update facebook.com"?
# 01:19 Zakim sees cwebber, sandro on the speaker queue
# 01:19 aaronpk tantek: a key design feature of using POST for everything was that you can exercise the whole protocol via a simple HTML form
# 01:19 aaronpk ... which is easier than figuring out procedural stuff
# 01:19 Zakim sees cwebber, sandro on the speaker queue
# 01:20 aaronpk bengo: i still think it's unclear, if we're triggering crud operations, what happens if i put an update activity where the object is facebook.com in my outbox? what should I expect?
# 01:20 aaronpk cwebber2: so you're saying we should document responses when you do something screwy?
# 01:21 aaronpk eprodrom: i think pump.io silently accepts as long as it's not an object in its own domain
# 01:21 aaronpk bengo: does outbox mean always do this thing if you can?
# 01:22 Zakim sees cwebber, sandro on the speaker queue
# 01:22 aaronpk eprodrom: that's a tricky part of it, once things are outside the server's control to what extent does it accept things or say "you can't update facebook.com" or does it just accept it
# 01:23 aaronpk sandro: your feed can say "you became president, you deleted facebook, etc"
# 01:23 aaronpk bengo: i would recommend not accepting it if it's a command that didn't work
# 01:24 aaronpk eprodrom: i think that makes the most sense, if this is a thing you're going to execute then try to execute and give back an answer. if it's something you don't understand because you can't do it, then assume the user is talking about something that happened somewhere else.
# 01:24 aaronpk sandro: what about adding a flag that says who is expected to perform the action
azaroth_ joined the channel
# 01:24 aaronpk bengo: now that i'm talking about it out loud that may not even be necessary.
# 01:25 aaronpk cwebber2: i think we just need to document how side effects work more
# 01:25 bengo To record your own activities, post to your /inbox
# 01:25 aaronpk .. activitypump has strong opinions about what to do about side effects
# 01:26 Zakim sees cwebber, sandro on the speaker queue
# 01:26 aaronpk cwebber2: i have things i want to talk about with people in the room
# 01:26 aaronpk ... i'm going to start with things least likely to explode
# 01:26 aaronpk sandro: section 9 includes things about binary data but then talks about reply objects
# 01:27 aaronpk cwebber2: okay i don't think that any of these things are blockers on hitting editor's draft
# 01:28 aaronpk .. but there are some things that are underspecified in activitystreams or other things
# 01:28 aaronpk ... the first is activitypump, discovery and profile stuff
# 01:28 aaronpk ... suggests something that i don't think anyone suggests implementers to do
# 01:28 aaronpk ... in the paris meeting i threw in something stupid.
# 01:29 aaronpk ... previously pump.io did webfinger-type things. it seems like with the agreement with follow-your-nose, then at the very least webfinger-like things will be handled in a follow-your-nose way
# 01:29 bengo define inbox, outbox, feed as linkRelations
# 01:29 bengo get html, link response header, webfinger support for free
# 01:30 aaronpk eprodrom: that's a good question. one thing we could do is define ... how many endpoints do we have for a user? 4-5?
# 01:30 aaronpk cwebber2: you can get the ednpoints for a user once you have their profile
# 01:30 rhiaro rel=inbox ~ rel=webmention, rel=outbox ~ rel=micropub ... maybe??
# 01:30 aaronpk eprodrom: there are 4-5? followers, following, inbox, outbox? we could define link relations for all of those
# 01:30 bengo profile == link rel me?
# 01:30 tantek rhiaro, I'd suggest clustering them with a prefix, like ap-outbox ap-inbox etc.
# 01:30 aaronpk ... you could use whatever discovery mechanism you wanted, links, rels on a elements, or webfinger, or http headers, or...
# 01:30 azaroth_ q+ to express concern :)
# 01:31 tantek whereas rel values normally express links to *user* semantics
# 01:31 aaronpk azaroth_: that seems like a lot of link rels to register
# 01:31 tantek like a URL a browser could load and display, not an API endpoint
# 01:31 aaronpk cwebber2: another suggestion, do a follow your nose thing that takes you to a json document that describes your profile
# 01:32 azaroth_ +1 to linking to a profile, not linking to potentially many endpoints
# 01:32 aaronpk cwebber2: i shouldn't say JSONLD, i should say activitystreams with implied context
# 01:32 aaronpk tantek: it sounds like you have an issue defined.
# 01:33 aaronpk cwebber2: okay i'll file an issue on this and cc evan
# 01:33 Zakim sees azaroth_, bengo on the speaker queue
# 01:33 Zakim sees azaroth_, bengo on the speaker queue
# 01:33 Zakim sees azaroth_, bengo on the speaker queue
# 01:33 Zakim sees azaroth_, bengo, cwebber on the speaker queue
# 01:33 Zakim azaroth_, you wanted to express concern :)
# 01:34 aaronpk tantek: if you're going to define a suite of link rels, then prefix them with ap- or something so that you don't conflict
# 01:35 aaronpk eprodrom: i'll also open an issue, i'm not sure discovery is part of the API document
# 01:35 aaronpk ... for example if i was twitter and implementing activitypump, you wouldn't have to discover it
# 01:36 aaronpk cwebber2: along with amy's idea of implementation levels could this be a thing that is an optional implementation level
# 01:36 aaronpk bengo: in the times where it says go to a uri and it returns a json document. but if you send it an accept header with HTML only then it shouldn't be required to return JSON. leave room in the spec for content negotiation.
# 01:37 aaronpk ... this group has said it's not in scope, but by necessity is part of the specs. so far micropub and activitypump put OAuth 2 in the spec.
# 01:38 aaronpk tantek: strictly speaking, the charter does not include specs for authorization and identity
# 01:38 aaronpk tantek: that's the restriction, but that doesn't mean we can't reference other specs
# 01:39 aaronpk eprodrom: yeah i think that doesn't make sense to include a full dependency on any particular
# 01:39 azaroth Section X: Security Concerns. You should do authentication.
# 01:39 aaronpk cwebber2: both actiivtypump and micropub, but not solid, say OAuth 2.0 bearer tokens and the specifics are not beyond that
# 01:40 aaronpk ... or do we want to say it's definitely OAuth 2 bearer tokens or should we say we recommend that and leave it open to replace it
# 01:40 aaronpk tantek: maybe if it's an aspect in common between actiivtypump and micropub it's worth highlighting in the social web protocol document, and if there's enough critical mass that's a point forward
# 01:40 aaronpk cwebber2: we adopted it mostly becasue the indieweb documented it
# 01:40 aaronpk ... buti'm not sure this is the best way forward but it seems to be a solution
# 01:40 azaroth q+ to +1 not mandating a particular version of a particular auth system
# 01:41 aaronpk sandro: the important thing is to say we need fthis sort of functionality and then one possible solution is OAuth 2
# 01:41 aaronpk q+ to differentiate between authentication and authorization
# 01:41 Zakim sees bengo, azaroth, aaronpk on the speaker queue
# 01:42 aaronpk bengo: oauth is a framework. it has things like client credentials for client authentication. i'm implementing openid connect, and yeah it's complicated.
# 01:42 aaronpk eprodrom: and if you're not using SSL with bearer tokens that's bad
melvster joined the channel
# 01:43 aaronpk eprodrom: are we talking about client-server or server-server interop? server-server interop doesn't belong here
# 01:43 aaronpk ... so client-server interop happens with documentation
# 01:43 aaronpk cwebber2: so is this so complicated that it doesn't belong in these specs?
# 01:43 aaronpk bengo: if you don't specify it, then there are other good things that will fill the gap
# 01:44 Zakim sees bengo, azaroth, aaronpk on the speaker queue
# 01:44 Zakim sees bengo, azaroth, aaronpk on the speaker queue
# 01:44 Zakim sees bengo, azaroth, aaronpk, tantek on the speaker queue
# 01:44 aaronpk ... if you say 'it must use bearer tokens' then it doesn't really say much
# 01:44 aaronpk eprodrom: another possibility is putting it in security considerations at the end and say authentication must be present
# 01:45 aaronpk sandro: we can say we're intentionally not specifying that because it's a continually evolving space
# 01:45 aaronpk tantek: we can say we're actively looking for implementer feedback
# 01:45 aaronpk Arnaud: generally working groups stay away from this issue
# 01:45 aaronpk ... unfortunately it hurts interop because you can't have interop without specifying this
# 01:46 aaronpk eprodrom: at the risk of asking for crazy proliferation of specs, could it be a separate specification?
# 01:46 aaronpk tantek: unlikely in this group because it would be outside the charter
# 01:46 melvster just implemented inboxes + authentication ... ping me if any devs would like a demo
# 01:46 aaronpk cwebber2: i don't know what to write, anyone want to help?
# 01:47 aaronpk cwebber2: i have a feeling this will come up again when we look at interop between the specs
# 01:47 bengo let it come up as an issue
# 01:47 Zakim sees bengo, azaroth, aaronpk, tantek on the speaker queue
# 01:47 Zakim sees azaroth, aaronpk, tantek on the speaker queue
# 01:47 Zakim sees aaronpk, tantek on the speaker queue
# 01:47 Zakim sees aaronpk, tantek, cwebber on the speaker queue
# 01:47 aaronpk ... we're going to hit this again, and we can't pretend we won't have to talk about it again
# 01:48 Zakim sees tantek, cwebber on the speaker queue
# 01:48 Zakim sees tantek, cwebber on the speaker queue
# 01:49 aaronpk tantek: i did just pull up our charter to double check, the word identity is not in our charter. the reference to "auth" is one of the inputs from the indieweb community is IndieAuth.
# 01:49 aaronpk ... so it's an input but not part of the scope and goals
# 01:49 aaronpk sandro: i remember it being specifically out of scope but can't find an explicit reference in the charter
# 01:50 aaronpk sandro: i'm more confused about identity since it ties to profile
# 01:50 aaronpk tantek: i woudl argue that that aspect of identity is in scope
# 01:51 aaronpk ... if it's not in the charter, you have to argue why it's relevant
# 01:51 azaroth W3C Trail. You have died of Identity. Would you like to play again?
# 01:51 bengo Activity Pump inboxes apply equal well to my house or plant or Thing as to my personal profile
# 01:51 aaronpk sandro: activitystreams has the notion of identity, actors have a URL
# 01:52 bengo activitysteams does not have identity anymore
# 01:52 aaronpk tantek: profile URL or ID string is different from the notion of a profile with attributes
# 01:52 aaronpk we should stop talking about identity, it's tiring my scribe fingers
# 01:53 melvster aaronpk: sadly, you cant have a social web without identity
# 01:53 aaronpk jasnell: the activitystreams spec has the notion of actor which has an ID, it has the "person" object type, and it says that if you are going to describe specific properties of a person then you should use vcard.
# 01:53 aaronpk ... additionally there is profile object type which is a nebulously defined thing that describes something else
# 01:54 sandro sandro: bottom line: we're going to leave identity/profiles fuzzy
# 01:54 aaronpk cwebber2: what i was going to bring up was transient and private activities?
# 01:55 aaronpk sandro: would it be okay to leave it out of the first version?
# 01:55 aaronpk cwebber2: yeah the current version says you have to keep a link and for deleted things you have to keep a tombstone
# 01:55 aaronpk ... i'm curious about people's thoughts, but not required for bringing to editor's draft
# 01:56 aaronpk q+ to propose accepting ActivityPump as an editor's draft
# 01:56 Zakim sees cwebber, aaronpk on the speaker queue
# 01:56 Zakim sees cwebber, aaronpk on the speaker queue
# 01:56 Zakim sees cwebber, aaronpk on the speaker queue
# 01:56 Zakim sees aaronpk, cwebber on the speaker queue
# 01:56 Zakim aaronpk, you wanted to propose accepting ActivityPump as an editor's draft
# 01:57 aaronpk sandro: with the intent of putting it on the rec track
# 01:57 eprodrom RESOLVED: accept ActivityPump as editor's draft
# 01:58 aaronpk tantek: i'd like to thank aaron and chris for their hard work, it shows in these drafts
# 02:00 Zakim As of this point the attendees have been Arnaud, csarven, rhiaro, aaronpk, shanehudson, sandro, elf-pavlik, kevinmarks, wilkie, eprodrom, jasnell, ben_thatmustbeme, cwebber,
# 02:00 Zakim ... tantek, hhalpin, james, tsyesika, wseltzer, akuckartz, shepazu, Rob_Sanderson, Shane_, rene, cwebber2, Benjamin_Young, bengo
# 02:05 tantek I believe we could thus develop a W3C Note about identity.
bblfish, shepazu_, tantek, Arnaud, jasnell, kevinmarks, Arnaud1, kevinmarks2, jaywink, shevski, peacekeeper, elf-pavlik and azaroth joined the channel
# 15:54 azaroth will be there about 10:20 or so today, shifted one on campus meeting and the big one was cancelled by someone else :)
# 15:55 azaroth but need to step out from 12:00 till 1:00
kevinmarks, kevinmarks2, tilgovi, tantek and jasnell joined the channel
jasnell, kevinmarks and jasnell_ joined the channel
# 16:56 tantek first thing we have listed this morning is to go over any issues / questions you have
bengo and eprodrom joined the channel
# 17:03 eprodrom I'm running a few minutes late.
# 17:04 kevinmarks my train gets in ~10:10 so there a bit before 10.30 but I can talky in if I'm needed
# 17:11 tantek ben_thatmustbeme, tsyesika, elf-pavlik, rene - ^^^ our talky is up
RRSAgent joined the channel
# 17:16 Zakim I do not see a conference matching that name scheduled within the next hour, trackbot
# 17:16 cwebber2 tantek: the first thing is that cwebber2 had an item to propose
evanp joined the channel
# 17:17 cwebber2 tantek: the other first thing is to discuss the as2 features from rene but he's not online
e_s_p joined the channel
# 17:17 cwebber2 tantek: integration user stories. Is that you bengo ?
Arnaud joined the channel
# 17:18 cwebber2 tantek: and cwebber2 how much time do you need for the activipy demo
# 17:18 cwebber2 tantek: I propose we do those first to give time for rene to show up
# 17:19 cwebber2 bengo: this one is close to what we're doing at our company, we give people javascript snippets that people put on their site, templatized
# 17:20 cwebber2 bengo: want to ask how this would work. lots of discovery stuff is about delegating servies
# 17:20 cwebber2 bengo: frequent problem at big companies is the person who installed a cms no longer works there
# 17:20 cwebber2 bengo: so webfinger (?) type things are useful in that you don't need to muck with the headers, etc
# 17:21 cwebber2 bengo: so service discovery is something I've talked about a lot, rather than just point to an activitypump endpoint, they want a traditional comment setup type thing
eprodrom_ joined the channel
# 17:22 cwebber2 bengo: in our case it's mostly because customers like to use css to arbitrarily change things even though that makes our lives hard
# 17:22 cwebber2 sandro: so do users have accounts on your or their system
# 17:22 cwebber2 bengo: when a user does something that needs to plug in, it gets a token, and ..?
# 17:23 cwebber2 ... a lot of our things our these things but have been done internally as a proprietary way
# 17:23 cwebber2 eprodrom: it's an interesting use case because many things do stuff like reviews, likes on a page., etc
# 17:23 cwebber2 eprodrom_: on pumpio if you want to do something on a remote site, you log into their server via your server, via outh
# 17:23 cwebber2 eprodrom_: so their server acts like a client to your server
# 17:24 cwebber2 eprodrom_: it's a complicated mechanism, there are other ways it could work. There are some other patterns you may want to implement.
# 17:24 cwebber2 eprodrom_: I don't know if you collect posts around the web but you could do that too
# 17:24 cwebber2 eprodrom_: I think that's actually an interesting case for the api
# 17:24 cwebber2 eprodrom_: my gut feeling is that it requires things like a global firehose that everybody aims their public posts towards
# 17:25 cwebber2 ... and whoever wants to can drink from that firehose
# 17:25 cwebber2 ... might be worth sketching out as a little api type protocol situation
# 17:25 Zakim aaronpk, you wanted to bring up comment services via webmention
# 17:25 cwebber2 bengo: I think there's enough of existing specs where we could boot something up and see if indiewebbers and (?) want to do it
# 17:25 cwebber2 aaronpk: there are som eexisting examples with webmention, like ^
bengo joined the channel
# 17:26 cwebber2 ... if you set your webmention endpoint to that, it pulls in the comments to put them on the page
# 17:26 cwebber2 ... we have the mechanism to show the comment form and stuff
# 17:26 cwebber2 ... the nice thing it lets the author choose where their comments are bieng collected
azaroth joined the channel
# 17:27 cwebber2 ... as opposed to "use twitter and tweet on the hashtag and we'll pull it out"
# 17:27 cwebber2 tantek: are you able to show examples of people using this bengo?
# 17:27 cwebber2 bengo: in that case if you sign in on the page it does an arbitrary auth thing
# 17:28 cwebber2 tantek: ok any other input you want to the working group?
# 17:29 rhiaro *postponed until magical arrival of vga cable*
# 17:31 cwebber2 tantek: ok, then let's jump right into federation protocol, which is our next agenda item
# 17:31 cwebber2 eprodrom: I'd like to talk for a couple minutes for what our plan is for tackling federation protocol
# 17:31 cwebber2 eprodrom: esp when we have a lot to do as in terms of syntax and api
# 17:32 cwebber2 eprodrom: sorry to be blunt, but it's the optional item on our charter, but I think it's likely the last rather than the immediately last piece
# 17:33 rhiaro Federation and social api things are not too different. I tmight end up not being in terms of micropub depending on what comes out of aaron's brainstorming. If it turns out we can do those things in one fell swoop, it would be kind of nice and nice to not force ourselces to not work on them if is actually most efficient for us to address them together
# 17:34 cwebber2 aaronpk: my take on it is why a social api is useful it's not too useful without federation
# 17:34 rhiaro s/Federation and social api things are not too different. I tmight end up not being in terms of micropub depending on what comes out of aaron's brainstorming. If it turns out we can do those things in one fell swoop, it would be kind of nice and nice to not force ourselces to not work on them if is actually most efficient for us to address them together/cwebber2: Federation and social api things are not too different. I tmight end up not being in terms of
# 17:34 rhiaro micropub depending on what comes out of aaron's brainstorming. If it turns out we can do those things in one fell swoop, it would be kind of nice and nice to not force ourselces to not work on them if is actually most efficient for us to address them together
# 17:34 cwebber2 aaronpk: I agree there's value in it, but I think it's not a very good goal to stop there
# 17:34 cwebber2 aaronpk: for me a lot of the goal of this group is to do federation
# 17:34 cwebber2 aaronpk: and I don't want a repeat of oauth where nothing interops because there was no attempt to do it
# 17:35 ben_thatmustbeme finally catching up on all the logs, i had an app that did server to server micropub for syndication to twitter, the negotiation of access keys was the most annoying part really, but once that was done, it worked fine
# 17:35 cwebber2 eprodrom: so I think that by far the great majority of social programming is done as client/server apis, there are very few very small client/server apis comparativley
# 17:36 cwebber2 eprodrom: while most of us come from that federated social web world, while that might feel like the most important goal, I feel like the federation thing is the treat for us is all cool and fun, but I think giving the dessert first is a bad idea
# 17:36 cwebber2 eprodrom: we do things like we tangle up the social api and federation
# 17:36 cwebber2 eprodrom: but I think attacking federation at this point is not the best use of our resources
# 17:36 cwebber2 eprodrom: I'm happy to go at it but it feels like a big stretch
# 17:36 cwebber2 eprodrom: and I'd like to talk about what process we have to do it
# 17:36 cwebber2 sandro: who's the market for the API without federation?
# 17:37 cwebber2 eprodrom: so who would use it? take for example a new social network, which those launch all the time
# 17:37 cwebber2 eprodrom: having a standard api that's close to hand might be what's used
# 17:37 cwebber2 eprodrom: that might be a market is what they're doing
# 17:37 cwebber2 sandro: and the benefit is it's less work to adopt their own
# 17:37 Zakim sees aaronpk, cwebber on the speaker queue
bengo joined the channel
# 17:38 cwebber2 sandro: I guess you're suggesting it's not cost effective to switch to the standard
# 17:38 Zakim sees aaronpk, cwebber on the speaker queue
# 17:38 cwebber2 eprodrom: yes, and I think it's easier to do incremental adoption
# 17:38 wseltzer waves to kevinmarks, tsyesika , though I'm seated beside the video camera
# 17:38 Zakim sees aaronpk, cwebber, bengo on the speaker queue
# 17:38 cwebber2 sandro: in the needs document, federation is 1, 2, and 5
# 17:38 Zakim sees aaronpk, cwebber, bengo on the speaker queue
# 17:39 cwebber2 aaronpk: follow-up question evan, the value is to design the api
# 17:39 cwebber2 aaronpk: my follow up question is you also see as part of that the value is someone's building an amazing iphone app that does video editing in a new way
# 17:39 cwebber2 aaronpk: is the value that they can already do a web api they can point to?
# 17:40 cwebber2 aaronpk: and someone wants to build something but not use the mobile app... ?
# 17:40 cwebber2 aaronpk: there does seem some value in having federation standardized
# 17:40 cwebber2 aaronpk: you're able to swap out what servers you're using
# 17:40 cwebber2 eprodrom: that's exactly it, you can use off the shelf libraries and etc
# 17:41 cwebber2 eprodrom: I think there's a number of ways you could do something that doesn't have federation at its core
# 17:41 cwebber2 eprodrom: I think ultimately form a procedure standpoint, we have 3 deliverables, are not at CR for any of them, we have one that's optional, and we have worries about what to do about all of them is useful
bengo joined the channel
# 17:42 cwebber2 eprodrom: I'd like to hear we start federation protocol because XYZ not be cause we think it's cool
# 17:42 kevinmarks if we want to do a micropub+webmention+webaction demo later, I have all the bits for that set up
# 17:42 rhiaro cwebber2: I think a couple of things. 1) most of the companies that ar eputting out things like this probably don't want to use an off the shelf mobile app anyway, because they want to control their brand in some way. Although it is true that when media goblin implemented the pump api we were able to use existing clients and it just worked
# 17:43 rhiaro ... that is pretty cool, but one concern is that it would take a lot of work to try to decouple the client to server stuff in AP
# 17:43 rhiaro ... I also worry that in terms of motivation to stay active in this group, it's going to be hard to stay motivated if federation is not on the horizon
# 17:43 rhiaro ... My interest drops dramatically. That's the whole reason I'm int he group.
# 17:43 rhiaro ... If federation looks like it's not a likely target it's going to reduce the amount I'm enthused to stay involved. I want to keep it on the horizon. It's a high priority / life goal for m to advance that
# 17:44 cwebber2 bengo: aside from social api benefits of the next api benefits etc, I think it's useful for reusable readers/writers etc, but also because web components that real enterprise buyers will have motivation to use
# 17:44 Zakim sees sandro, eprodrom on the speaker queue
# 17:44 cwebber2 bengo: those same benefits could come from a standardized api, might not benefit from federation
# 17:45 cwebber2 bengo: my other question is evan, are you just not eager to talk about it for 4 hours right now?
# 17:45 cwebber2 eprodrom: I'm more concerned over months and years than the next several hours
# 17:45 kevinmarks is not sure the talky is worth it in this noise; will fall back to reading scribed
# 17:45 cwebber2 eprodrom: we are at 5 drafts that we're working on, and we're going to start a new process for federation protocol
# 17:46 cwebber2 sandro: I think we concluded that the user stories covered both
# 17:46 cwebber2 sandro: right, so that means we can just say applies across servers
# 17:46 cwebber2 tantek: so that's basically a requirement for a user story
# 17:47 cwebber2 eprodrom: so federation is server to server level, so I assume it has more to do with server protocol than about user interaction
# 17:47 cwebber2 tantek: as part of our charter, webmention was part of our protocol, same as we accepted as2 as a draft, so proceeding a similar track as as2
# 17:48 cwebber2 tantek: but I understand there's a concern about the amount of time on it
# 17:48 cwebber2 eprodrom: so I'd just like to hear what our plan is from the next few months
# 17:48 cwebber2 eprodrom: so we're going to look at alternative systems?
# 17:48 cwebber2 eprodrom: I propose we talk about how we're going to do this
# 17:49 cwebber2 tantek: that sounds more process oriented than tech oriented
# 17:49 bengo It would be interesting to resolve finalizing reader/writer Social API stories above federation, which could just be standardizing processing rules for that API
# 17:49 cwebber2 tantek: based on concern over how much time, let me ask aaron how much time we need
# 17:49 bengo e.g. decouple delivery/notification rules of ActivityPump from describing POST /outbox and expected semantics/errors
# 17:50 cwebber2 aaronpk: I also want to clarify process stuff about webmention spec
# 17:51 cwebber2 tantek: let's timebox yours to an hour. is that okay eprodrom ?
# 17:51 jasnell btw, given that I have a 3.5 hour drive home, I'd like to try to get on the road home a bit early today, if at all possible, I'd like to see if we could handle the remaining AS2 issues a bit earlier in the agenda
# 17:51 cwebber2 sandro: let's do demo after break (vga cable had arrived)
# 17:51 tantek TOPIC: discuss Webmention to take it to First Public Working Draft
# 17:52 cwebber2 aaronpk: a lot of people read over webmention doc, lots of issues filed, lots of good discussion
# 17:52 cwebber2 aaronpk: before we do that, I wanted to clarify the place the spec lives etc
# 17:52 Loqi I added a countdown for 12/2 10:50am (#5772)
# 17:53 cwebber2 aaronpk: my proposal is to move from w3c issues to my personal account on github, so it follows same protocol as activitystreams (under jame's account) so there's no confusion over who's the admin of ther epo
# 17:53 cwebber2 aaronpk: I'll have to do the work of moving the actual spec contents to respec format, I'm planning on doing that on github because that's an easy way to manage source code, so that's then the source of the document using the normal workflow, and if I have trouble I can ask james
# 17:53 kevinmarks if you want to schedule a few minutes for a webmention micropub demo
# 17:54 cwebber2 aaronpk: that also means the indiewebcamp wiki, which is where the spec is canonical right now, will have to figure out how to deal with that
# 17:54 cwebber2 aaronpk: if we write that in the github html source, have to figure out how to move to the indieweb (?)
# 17:55 cwebber2 aaronpk: I think that's outside the scope of this group though, I mostly wanted to make sure the described worklow makes sense
# 17:55 cwebber2 tantek: I'm not hearing objections to use same workflow as AS2
# 17:56 cwebber2 jasnell: no concerns, I think having it with full chair access helps
# 17:56 cwebber2 jasnell: that's something you might want to consider, with full rights
# 17:56 cwebber2 jasnell: having someone else there with same permission level helps balance that it's not just you
# 17:58 cwebber2 aaronpk: this has always been a vague par to fthe spec, verifying that source links back to the target
# 17:58 cwebber2 aaronpk: but if we're talking about other types of source docukments, need to see if it needs to be spelled out more explicitly
# 17:58 cwebber2 aaronpk: if that's clear by content type, then it doesn't need to be
# 17:59 cwebber2 sandro: my instinct is there's motivation to spell it out but as I commented
# 17:59 cwebber2 sandro: if there's a way to do webmentions, a blog system that does webmentions, to know if it's conformatnt to the spec, have to define what is a link that does webmention?
# 17:59 cwebber2 sandro: if I have a piece of software with a webmention endpoint, then we should agree on what counts as passing verification
# 18:00 cwebber2 aaronpk: right, first step of processing webmention is to see what's in it
# 18:00 cwebber2 sandro: eg, "is this string in there, the url doesn't appear there, but it's absolutely specified"
# 18:00 cwebber2 aaronpk: ok so we don't need to discuss the actual contents right now, but worht specifying...?
# 18:01 cwebber2 tantek: is it reasonable to say you raise issues as helpful...?
# 18:01 cwebber2 sandro: you get my point it's not just about verificaiton, but aloso when do you send the webmention
# 18:01 cwebber2 bengo: webmention does seem useful as a way of doing an "FYI" standard
# 18:01 cwebber2 bengo: I kind of agree that it's possible to recommend specifying algorithms
# 18:02 cwebber2 bengo: webmention as FYI in a timely manner, that's separate from specifics
# 18:02 cwebber2 bengo: there seems like a way to separate FYI from each content type
tilgovi joined the channel
# 18:02 cwebber2 sandro: for instance in json-ld to find out if there's links or not you have to do full expansion
# 18:02 cwebber2 tantek: similar for html parsing algorithm you have to do media type parsing
# 18:03 cwebber2 sandro: I don't know the right answer but conceptually here's webmention on this matrix, and here's webmention for each other possible mediat ype
# 18:03 wseltzer s/mediat ype/media type/
# 18:03 cwebber2 tantek: perhaps the general approach that sandro / bengo 's mentioning is apply webmention FYI, but if per media type processing to do, write an example for each media type
# 18:03 cwebber2 tantek: then add after that and say, for other media types, handle their processing model for each term
# 18:04 cwebber2 tantek: as bengo said for each media type it's worth processsing
# 18:04 cwebber2 sandro: so it's a sender/receiver for different types
# 18:04 kevinmarks what do we mean by 'each media type' - would we process a QR code?
# 18:04 cwebber2 bengo: if it's already should, it's specific about each type
# 18:05 cwebber2 aaronpk: that brings me to something related, which is 18 from wilkie
# 18:05 cwebber2 aaronpk: I think gist of this is that is there a way the spec can limit the amount of work receiver has to do
# 18:05 cwebber2 aaronpk: because anyone having to verify document, can link a document, which could even be a 1gb document...
# 18:06 cwebber2 wilkie: I'm looking for some bullet points saying "this could happen, here's how to avoid some obvious/easy ways to get hut"
# 18:06 cwebber2 sandro: for example, never bother to fetch more than a megabyte
# 18:06 cwebber2 aaronpk: so this seems not part of the algorithm, but
# 18:07 cwebber2 sandro: alternatively you could say it's only defined for the first megabyte
# 18:07 cwebber2 sandro: another technical solution is you could say include range
# 18:07 cwebber2 aaronpk: I'll try to find some way to avoid falling into a pit of processing
# 18:08 cwebber2 tantek: maybe send two megabytes and see what happens
# 18:08 cwebber2 wilkie: if anyone wants to give permission to have their webmention endpoint to be possibly broken
# 18:08 cwebber2 sandro: so another way to put it, do I have the legal authority to post whatever I want to an endpoint?
# 18:09 cwebber2 tantek: for a lot of these things you can see if there's prior art in pingback or etc
# 18:10 cwebber2 sandro: who should review webmention? particularly, what ietf groups might get upset, so we can approach in the appropriate way
# 18:10 cwebber2 sandro: the kind of people who will say "this is crazy, you can't do this"
# 18:10 cwebber2 sandro: they look at pingback and say nobody should do this, we'd like them to have them say "oh this is (good?)"
# 18:11 cwebber2 sandro: jasnell you have some experience with the http working group right?
# 18:11 cwebber2 sandro: if we could have them not hate it that'd be nice
# 18:11 aaronpk s/??/what to display after you receive a pingback/
# 18:11 cwebber2 jasnell: we could float it, experience has been mixed
# 18:11 cwebber2 wseltzer: if it's something you want brought to ietf discussion that's the right place to raise an issue for people to review
# 18:12 wseltzer s/ietf discussion/ietf apps-area discussion/
# 18:12 cwebber2 jasnell: the apps working group might... hm.... might be a more appropriate venue. But I think it could rabbithole very quickly...
# 18:12 cwebber2 jasnell: nneither is ideal, but of the two, apps might be it
# 18:13 cwebber2 jasnell: I'm very familiar with both groups so I can do that....
# 18:13 cwebber2 tantek: is there an appropriate maturity schedule needed to do that review?
# 18:13 cwebber2 tantek: need is before CR? I'm sensing there's an opinoin that having review soner could be helpful?
# 18:13 cwebber2 sandro: related thing is, how this is framed/scoped as... is it for everything on the web?
# 18:14 cwebber2 sandro: it's grown out of the social use cases, but you could mention things that grew out of social or not social
# 18:14 cwebber2 sandro: do we want to say we don't care about some of those others? i don't know the righ answer
# 18:14 cwebber2 sandro: it's simple/elegant enough it might be able to, but we might see it hits other issues....
# 18:14 cwebber2 jasnell: that's a common problem for apps group, scope bloat
# 18:15 cwebber2 tantek: sounds like you're asking for a scope section
# 18:15 cwebber2 sandro: quesiton back here is does anyone have interest in selling it more broadly? or are we too concerned about feedback?
# 18:15 wseltzer q+ to comment on security review
# 18:16 cwebber2 aaronpk: within the realm of social web stuff, I don't know if it's appropriate for other uses stuff
# 18:16 cwebber2 sandro: one relatively harmless way to do it might be to have a w3c staff technical ...?
# 18:16 cwebber2 sandro: any group can say we'd love w3c staff to look at it but
# 18:17 Zakim wseltzer, you wanted to comment on security review
# 18:17 cwebber2 wseltzer: another productive avenue of review could be in security, and how will this actually worked when deployed at scale across a variety of malicious mentioners and mentioneees
# 18:17 cwebber2 wseltzer: what could one feed to someone else's verifier to have it blow up etc?
# 18:18 cwebber2 wseltzer: we have ?? that w3c can invite at any time to review
# 18:18 cwebber2 bengo: just thought, should it respec the robots.txt for ...?
# 18:18 wseltzer s/??/Privacy IG and Security IG/
kevinmarks joined the channel
# 18:19 wseltzer imagines the "feed a prohibited URL to get the mention-collector blocked by authorities"
# 18:19 cwebber2 aaronpk: issue #9 is about talking about parmeter name, source, target, and fact that they aren't actually URIs
# 18:19 cwebber2 aaronpk: I don't... things seem to be working just fine as strings
# 18:20 cwebber2 aaronpk: is there some way to get around this the way the json-ld workaround to wokr
# 18:20 cwebber2 bengo: I got the author to agree later to language they would do
# 18:20 cwebber2 melvin would resolve "we can convert this to semantics"
# 18:20 cwebber2 bengo: not actually the protocol that needs to change
kevinmarks_ joined the channel
# 18:22 cwebber2 aaronpk: so string source is not a fully qualified uri
# 18:22 cwebber2 sandro: I don't think it really matters, but it doesn't hurt to give a default namespace
# 18:23 rhiaro just for receivers if they want to add it upon receipt
# 18:23 elf-pavlik webmention seems to represent a link, how about using terms from as:Link ?
# 18:23 jasnell fwiw, I've actually been playing around with an experimental draft for processing form data into json-ld
# 18:23 cwebber2 aaronpk: right now every implementation afaik assumes only one webmention endpoint
# 18:24 cwebber2 aaronpk: maybe correct anser is use first one you bump into
# 18:24 cwebber2 aaronpk: but when you discover a webmention endpoint do you discover one
# 18:25 cwebber2 kevinmarks: an experiment, but useful use case is when transitioning from one endpoint to another
azaroth joined the channel
# 18:25 cwebber2 tantek: do you feel strongly about that enuf to make that a should
# 18:26 cwebber2 aaronpk: my inclination is if you see value in multiple webmention pings, you can't acutlaly guarantee sending it to all of them, so you're better off sending to one
# 18:26 cwebber2 aaronpk: the most reliable way is to have single webmention endpoint
# 18:26 cwebber2 aaronpk: that's the only way to guarantee they all get the webmention
# 18:27 cwebber2 kevinmarks: the other thing is to potentially handle webmentions for ones who haven't installed it yet
# 18:27 cwebber2 kevinmarks: it's slightly off, but you could imagine a webmention sender automatically pings webmention services in case they have it there
# 18:28 cwebber2 kevinmarks: potential utility in queueing, but not sure it's core enough to try to get everyone else to do it too
# 18:28 cwebber2 aaronpk: another risk that having senders send multiples, you might potentially send thousands
# 18:28 cwebber2 kevinmarks: if we do adopt the well-known approach to finding it, we do have the posssibility of doing ...(?)
# 18:29 cwebber2 kevinmarks: we may want to discuss about related things
# 18:29 cwebber2 tantek: sounds like you're close to proposed resolution
# 18:30 cwebber2 aaronpk: so, you MUST ping first on you find, then document reasons for not require multiple
# 18:30 cwebber2 sandro: I hadn't thought of well-known, I'd like to have it at end, but it woudl be nice to never have to do discovery again
snarfed joined the channel