#social 2016-03-29

2016-03-29 UTC
#
aaronpk i will probably actually never use a complete object replacement verb for micropub
#
aaronpk certainly for my site, I store properties that some clients don't even know about, so complete replacement isn't an option for me
#
cwebber2 aaronpk: sure, but it's actively used in pump.io right now
#
aaronpk with the "Replace" verb, you can specify multiple properties, so the client can replace only the properties it knows about
#
cwebber2 it's slightly easier for consistency to give a complete replacement of an object
#
cwebber2 this might again be a difference between a design for "easy" client to server and a system for server to server fededration
#
cwebber2 because for consistency reasons, it's easier to push across entire updates
#
cwebber2 but I can see how for clients, that vocabulary is easier to use
#
aaronpk hm yeah. this is also part of the reason I like having client/server vs server/server be totally separate, but that's a different issue
#
cwebber2 :)
#
cwebber2 aaronpk: anyway, maybe something worth talking about on the call tomorrow?
#
aaronpk maybe, not really sure what sort of resolution we would get though
#
cwebber2 I do think otherwise it looks about right, and the delete looks correct
#
cwebber2 aaronpk: ok, well my main thing is I feel like it would be easiest to get feedback with rhiaro and tsyesika present
#
aaronpk oh I wasn't sure about the "object" being the URL, and "properties" being the data
#
cwebber2 but we could also do that OOB via email or etc
#
cwebber2 aaronpk: we don't have a "properties" definition like that
#
cwebber2 because we aren't updating individual properties
#
cwebber2 but with Add or Replace I guess we'd have to
#
cwebber2 it might actually be a lot messier to model for the RDF enthusiasts :)
#
aaronpk in your case "object" contains the full data right?
#
cwebber2 aaronpk: right
#
cwebber2 you might loose track of what a key corresponds to in that kind of scenario
#
cwebber2 now you could say "whatever to the RDF enthusiasts" but *shrug*
#
aaronpk is there an identifier for the object outside of the "object" object?
#
aaronpk like an "id" or "url" property?
#
cwebber2 aaronpk: not for client to server
#
cwebber2 but on server to server the thing wrapping the object will get its own id generally
#
aaronpk how do you identify the thing being updated then?
#
cwebber2 the object uri is the id right?
#
aaronpk yeah
#
cwebber2 so here's how an AP update might look (apologies, messy mockup, probably wrong)
#
cwebber2 {"id": "http://dustycloud.org/api/3a85ce1c-4ae4-47f4-aee4-23a2b4349b8f",
#
cwebber2 "type": "Update",
#
cwebber2 "object": {
#
cwebber2 "id": "http://dustycloud.org/blog/cool-stuff/",
#
cwebber2 "type": "Note",
#
cwebber2 "author": "http://dustyclou.org/chris/",
#
cwebber2 "content": "This stuff is cool! (Update: in a previous post I said it was warm!)"}}
bblfish joined the channel
#
cwebber2 so that might be sent server to server
#
cwebber2 note the outer wrapping id would not be sent in client to server
#
cwebber2 only server to server
#
cwebber2 so in AP it would pass along the whole updated object in this scenario with the id embedded inside it
#
cwebber2 in theory you could minimize it like this too:
#
cwebber2 {"id": "http://dustycloud.org/api/3a85ce1c-4ae4-47f4-aee4-23a2b4349b8f",
#
cwebber2 "type": "Update",
#
cwebber2 "object": "http://dustycloud.org/blog/cool-stuff/"}
#
cwebber2 for server to server that is
#
cwebber2 because in that case
#
cwebber2 the receiving server could just dial back and fetch the object
#
cwebber2 (sorry to abuse "dial back")
#
cwebber2 aaronpk: does that help clarify?
#
aaronpk so what would that look like for a client-to-server update tho
#
cwebber2 for client to server:
#
cwebber2 {"type": "Update",
#
cwebber2 "object": {
#
cwebber2 "id": "http://dustycloud.org/blog/cool-stuff/",
#
cwebber2 "type": "Note",
#
cwebber2 "author": "http://dustycloud.org/chris/",
#
cwebber2 "content": "This stuff is cool! (Update: in a previous post I said it was warm!)"}}
#
cwebber2 so yeah, currently it doesn't have an easy "just update this field" thing
#
cwebber2 maybe that would be useful? but we don't have vocabulary to model it currently
#
aaronpk so in both cases, the identifier for the thing being updated is inside the "object" ?
#
cwebber2 aaronpk: that's right
#
cwebber2 consider that a create looks like this:
#
aaronpk a server receiving both activities would use the "object.id" to identify the thing being updated?
#
cwebber2 aaronpk: well, unless it uses my second example
#
cwebber2 the minimalist version
#
cwebber2 in which case it might see, oh, it got a string uri and not an activitystreams object at all as the content
#
cwebber2 and it would check what the server has for that object
#
cwebber2 but yes, in the first and third
#
cwebber2 that's what it would do.
#
aaronpk gotcha
#
aaronpk so i can update my micropub examples then
#
cwebber2 cool :)
#
aaronpk {
#
aaronpk "type": "Replace",
#
aaronpk "object": {
#
aaronpk "id": "http://example.com/post/1",
#
aaronpk "content": "hello moon"
#
aaronpk }
#
aaronpk }
#
cwebber2 right so in this instance we could assume that "content" was being replaced
#
cwebber2 pretty easy
#
aaronpk and
#
aaronpk {
#
aaronpk "type": "Add",
#
aaronpk "object": {
#
aaronpk "id": "http://aaronpk.example/notes/2014/06/01/2/indieweb",
#
aaronpk "category": ["webmention","indieweb"]
#
aaronpk }
#
aaronpk }
#
cwebber2 aaronpk: yes, I think that should work
#
cwebber2 it could make writing client to server stuff nicer
#
cwebber2 and we could say that for server to server, just use update
#
cwebber2 and pass over the whole object
#
cwebber2 if we want to keep the consistency stuff easy
#
cwebber2 since once the server updates it knows the whole object's contents anyway
#
cwebber2 so Add and Replace for server to server "transform" into a complete Create if the consistency concern remains
#
cwebber2 what do you think about that aaronpk ?
#
aaronpk that works for me
#
cwebber2 ok cool
#
aaronpk i'll update my draft
#
cwebber2 whoo
#
aaronpk see this is why i wanted to chat with you :D
#
cwebber2 :)
#
aaronpk okay it's slightly trickier than this actually, because with a microformats vocabulary, objects look like `{"type":"h-entry","properties":{...}}`
#
aaronpk which means I think an "Add" activity is actually going to look like this:
#
aaronpk {"type":"Add", "object":{ "properties":{"category":["indieweb"]} }}
#
aaronpk assuming "object" contains the full mf2 representation
#
aaronpk now the question is where does the identifier for the object go? because in mf2 it would be in `object.properties.url`
#
aaronpk question: is "id" part of the ActivityStreams vocabulary? or something ActivityPub made up?
#
cwebber2 aaronpk: "id" is part of ActivityStreams proper
Arnaud1 joined the channel
#
cwebber2 it was originally "@id" but you may remember it got aliased to "id"
#
cwebber2 aaronpk: as for "properties": {}, it could maybe be done, but it kind of breaks the ActivityStreams / json-ld view of knowing just what a property is based on the context
#
cwebber2 and maybe could really be tricky if a user had extensions to the vocabulary
#
cwebber2 because by being embedded in some type and etc we know exactly based on the context what that term means, and the term even maps to a URI
#
cwebber2 by dumping into "properties": {}, you lose that information
#
cwebber2 thus I have some preference for {"type": "Add", "object": {"category": ["indieweb"]}}
#
aaronpk i'm wondering if i have to add extra explanation text to drop the extra "properties" key inside of object
#
cwebber2 aaronpk: why do you think you might?
#
cwebber2 it's kind of just dropping it out one level of nesting right?
KevinMarks, jasnell and jasnell_ joined the channel
#
Loqi Aaronpk made 1 edit to [[Socialwg/2016-03-29]] https://www.w3.org/wiki/index.php?diff=97967&oldid=97966
bblfish, KevinMarks and jaywink joined the channel
#
Loqi Rhiaro made 1 edit to [[Socialwg/2016-03-16-minutes]] https://www.w3.org/wiki/index.php?diff=97968&oldid=97786
tsyesika joined the channel
#
Loqi Rhiaro made 3 edits to [[Socialwg/2016-03-17-minutes]] https://www.w3.org/wiki/index.php?diff=97972&oldid=0
#
Loqi Rhiaro made 2 edits to [[Socialwg/2016-03-16-minutes]] https://www.w3.org/wiki/index.php?diff=97973&oldid=97968
#
Loqi Rhiaro made 1 edit to [[Socialwg/2016-03-16-minutes]] https://www.w3.org/wiki/index.php?diff=97975&oldid=97973
#
Loqi Rhiaro made 1 edit to [[Socialwg/2016-03-17-minutes]] https://www.w3.org/wiki/index.php?diff=97974&oldid=97972
KevinMarks joined the channel
#
Loqi Rhiaro made 1 edit to [[Socialwg/2016-03-29]] https://www.w3.org/wiki/index.php?diff=97976&oldid=97967
bblfish, prtksxna and jaywink joined the channel
#
Loqi Aaronpk made 1 edit to [[Socialwg/2016-03-29]] https://www.w3.org/wiki/index.php?diff=97977&oldid=97976
tantek joined the channel
#
tantek good morning #social!
#
tantek what happened to the /topic ?
bblfish joined the channel
#
cwebber2 hey everyone
#
aaronpk good morning
annbass joined the channel
#
cwebber2 I'm adding my regrets for today. tsyesika can represent us
#
cwebber2 reason being: I'm trying to push out MediaGoblin 0.9.0 *this morning*
#
cwebber2 AND
#
cwebber2 I'm giving a talk about MediaGoblin's participation in the Stripe Open Source Retreat tonight
#
cwebber2 if you're in the area, you're welcome to come: https://stripe.com/events/oss-meetup-march-2016
#
tantek ok looks like someone cleared the /topic instead of just updating it after the f2f to point to the logs. assuming it was an accident :)
#
cwebber2 I assume it was malicious!
#
cwebber2 never chalk up to a mistake what you can assume to be true and vile malice, right?
#
cwebber2 jk jk :)
#
ben_thatmustbeme not at all, i'm pretty sure the topic got cleared when the irc server went down a few days back
#
cwebber2 ben_thatmustbeme: that seems likely and reasonable :)
#
tantek when did the IRC server go down and for how long? anyone have evidence of this?
#
tantek I noticed logs were *empty* for two days recently
#
tantek (not even any joins)
#
ben_thatmustbeme i was getting constant attempts to reconnect
#
aaronpk oh yeah I remember that
#
ben_thatmustbeme the afternoon of the 25th is when i'm seeing it started
bblfish and eprodrom joined the channel
#
eprodrom Hello all
#
ben_thatmustbeme hey eprodrom
#
Loqi Benthatmustbeme made 1 edit to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=97978&oldid=97965
#
tantek present+
#
tantek oh hey we should start rrsagent first
#
tantek trackbot, start meeting
#
trackbot is preparing a teleconference.
RRSAgent joined the channel
#
RRSAgent logging to http://www.w3.org/2016/03/29-social-irc
#
trackbot RRSAgent, make logs public
#
RRSAgent I have made the request, trackbot
Zakim joined the channel
#
trackbot Zakim, this will be SOCL
#
Zakim ok, trackbot
#
trackbot Meeting: Social Web Working Group Teleconference
#
trackbot Date: 29 March 2016
#
tantek present+
#
annbass present+
#
ben_thatmustbeme present+
#
tantek Zakim, who is here?
#
Zakim Present: tantek, annbass, ben_thatmustbeme
#
Zakim On IRC I see RRSAgent, eprodrom, bblfish, annbass, tantek, jaywink, prtksxna, KevinMarks, tsyesika, Arnaud, cwebber2, Loqi, ben_thatmustbeme, shepazu, raucao, rrika, aaronpk,
#
Zakim ... wilkie, bigbluehat, jet, oshepherd, rhiaro, ElijahLynn, dwhly, tessierashpool_, bitbear, bret, wseltzer, trackbot, sandro
#
aaronpk present+
#
ben_thatmustbeme we only have 5 people on the phone right now
#
tantek mutes himself
#
eprodrom sorry, just joining
#
tantek figured :)
#
Arnaud present+
#
eprodrom present+
#
eprodrom scribe?
#
ben_thatmustbeme i'll scribe
#
annbass whoops .. I said I would, but guess I'm muted
#
ben_thatmustbeme scribenick: ben_thatmustbeme
#
ben_thatmustbeme Scribe: Ben Roberts
#
tsyesika present+
#
ben_thatmustbeme Chair Evan Prodrom
eprodrom joined the channel
#
ben_thatmustbeme eprodrom: lets get started, we have a few minutes to review
#
annbass I really appreciate Amy's summary notes: http://rhiaro.co.uk/2016/03/socialwg5-summary
#
eprodrom https://www.w3.org/wiki/Socialwg/2016-03-08-minutes
#
ben_thatmustbeme TOPIC: approval of minutes
#
annbass +1
#
tsyesika +1
#
eprodrom +1
#
aaronpk +1
#
ben_thatmustbeme eprodrom: this is a little bit of catch up, but from 3 weeks ago. +1's
#
ben_thatmustbeme +1
#
ben_thatmustbeme eprodrom: without any objections
#
eprodrom https://www.w3.org/wiki/Socialwg/2016-03-16-minutes
#
eprodrom https://www.w3.org/wiki/Socialwg/2016-03-17-minutes
#
ben_thatmustbeme RESOLVED: approve https://mit.webex.com/mit/j.php?MTID=m50f0bafc1786c39b29ccd41ad22a98a9
#
tantek (btw it's ok to ask for more time to review)
Arnaud1 joined the channel
#
tantek ben_thatmustbeme, wat?
#
eprodrom +1
#
ben_thatmustbeme eprodrom: as annbass mentioned in IRC, rhiaro did a very nice summary of minutes from f2f
#
annbass +1
#
ben_thatmustbeme grr
#
tantek (I admit I was at the f2f and have not reviewed the minutes, but if everyone else is ok, I'm not objecting)
#
aaronpk +1
#
ben_thatmustbeme RESOLVED: approve https://www.w3.org/wiki/Socialwg/2016-03-08-minutes
#
ben_thatmustbeme eprodrom: i have only given a slight look but they look ok to me. Would anyone like to defer to next week?
#
ben_thatmustbeme .... if not we'll just call this resolved
#
ben_thatmustbeme RESOLVED: approve the minutes for 3/16 and 3/17
#
Loqi Cwebber2 made 1 edit to [[Socialwg/2016-03-29]] https://www.w3.org/wiki/index.php?diff=97979&oldid=97977
#
ben_thatmustbeme eprodrom: i think this covers all our administrative issues, but its worth noting that we set up a schedule for face to faces for the next 9 months
#
ben_thatmustbeme ... our plan is to have them in June, Sept, and i think November
#
tantek see https://www.w3.org/wiki/Socialwg#Future_Meetings for next f2fs
#
ben_thatmustbeme ... if you were not at the F2F you should check that to see that they fit your schedule
#
ben_thatmustbeme ... see link in IRC, thank you tantek
#
tantek in particular please RSVP ASAP to https://www.w3.org/wiki/Socialwg/2016-06-07
#
ben_thatmustbeme ... we have Portland in June, Lisbon in September
#
ben_thatmustbeme TOPIC: AS2 status
#
tantek (only 7 RSVPs so far https://www.w3.org/wiki/Socialwg/2016-06-07#Participation everyone should say if they can go or not)
#
ben_thatmustbeme eprodrom: maybe i can, as unfortunately both chair and editor today, you'll hear me a lot
#
tantek ack eprodrom :)
#
ben_thatmustbeme ... where we got at the F2F is that a couple of the big items for AS2 we got worked out
#
ben_thatmustbeme ... conformance clause and ?
#
ben_thatmustbeme ... test suite
#
ben_thatmustbeme ... unfortunately by the time we got to Boston, we had a number of issues that arose
#
ben_thatmustbeme ... our current list is 13 issues, we addressed a number of these at f2f
#
ben_thatmustbeme ... a majority of the ones tha required input from the group we resolved
#
ben_thatmustbeme ... unfortunately some of them, the main editor who was not participating in boston, -1'd them and so we may have to resolve some of those again
#
eprodrom jasnell?
#
tantek q+ for procedural clarification
#
Zakim sees tantek on the speaker queue
#
ben_thatmustbeme ... it comes down to an issue of an editor is opposed to a group resolution so i suggest we re-open some of these issues and try to resolve them again
#
ben_thatmustbeme ... i think james is not on the call
#
eprodrom ack tantek
#
Zakim tantek, you wanted to discuss procedural clarification
#
Zakim sees no one on the speaker queue
#
ben_thatmustbeme ... I think that we pushed these forward while james wasn't there, he pushed back on them, and I'd like to come to a resolution with him on these, if we can't we'll have to figure out the proceedure
#
KevinMarks present+
#
ben_thatmustbeme tantek: for w3c, we do try to get consensus, we try to get the dissenter to explain their position. Its possible that person has found a flaw that no one else sees
#
ben_thatmustbeme ... when they present that, often others see the issue and change their vote
#
ben_thatmustbeme ... if after the explanation, no one else is still opposed, after that it becomes an issue for the chairs and a chair can declare consensus and just note the official objection
#
ben_thatmustbeme ... but to do that we need james to call in
#
ben_thatmustbeme ... the next step would be to get james to commit to a specific telcon where he can call in and give his explanation, we really need him to explain it himself, since there is usually back and forth
#
ben_thatmustbeme ... if he is not on the call, that falls to the chair, to decide how long to wait and if it runs too long we have to make a judgement call on that
Arnaud1 joined the channel
#
ben_thatmustbeme ... maybe we could action you evan to contact james
#
Loqi Tantekelik made 1 edit to [[Socialwg/2016-03-29]] https://www.w3.org/wiki/index.php?diff=97980&oldid=97979
#
ben_thatmustbeme eprodrom: that sounds good, i'll take it as an action on myself to get in contact with james and try to resolve these
#
ben_thatmustbeme ... if we can get these resolutions done the rest is just editorial issues
#
ben_thatmustbeme tantek: and remind james that these are blocking CR for us, so the sooner he can get them done, the better
#
ben_thatmustbeme eprodrom: hopefully we can get james in for next weeks telcon
#
ben_thatmustbeme ... hopefully we can get some resolutions online
#
ben_thatmustbeme tantek: great
#
ben_thatmustbeme TOPIC: status of as2 test suite
#
eprodrom https://github.com/w3c-social/activitystreams-validator
#
ben_thatmustbeme i think this is a left-over from before, as we haven't had much movement in the past two weeks
#
eprodrom https://as2.rocks/
#
annbass great name
#
ben_thatmustbeme eprodrom: i gave a demo at f2f, there is still quite a bit of work to be done as far as making it look better and such, but it is at a usable point for people to test their as2 documents
#
eprodrom https://github.com/w3c-social/activitystreams-validator/issues
#
ben_thatmustbeme ... at the f2f we felt this met our needs for our test suite. I think there is some additional work that is going to go on there. There are a few open issues that i will link in IRC, but thats going to be an ongoing developement effort
#
ben_thatmustbeme ... any questions about validator or test suite?
#
ben_thatmustbeme ... hearing none, lets move on
#
ben_thatmustbeme TOPIC: document status for our various documents
#
ben_thatmustbeme eprodrom: we've already discussed as2 lets start discussing other documents
#
ben_thatmustbeme ... i'm not sure it makes sense to just highlight changes in the last week
#
ben_thatmustbeme ... i note that aaronpk has added a seperate discussion item around webmention
#
tantek just updated https://www.w3.org/wiki/Socialwg/2016-03-29#Discussion_Items to note new Webmention WD today
#
aaronpk q+
#
Zakim sees aaronpk on the speaker queue
#
eprodrom ack aaronpk
#
Zakim sees no one on the speaker queue
#
ben_thatmustbeme ... for any of the OTHER documents, have we had any significant developements since 2 weeks ago
#
ben_thatmustbeme aaronpk: with micropub i don't have a new draft published, but i do have an editors draft with the combined micropub and activitypub syntax. I'd say it is very much in progress right now
#
ben_thatmustbeme eprodrom: excellent and you are coordinating with amy chris and jessica about that?
#
ben_thatmustbeme ... do you need anything else from us?
#
ben_thatmustbeme aaronpk: no
#
ben_thatmustbeme eprodrom: anything for activitypub?
#
annbass aaronpk -- I'll be happy to edit your new draft (for 'English'), when it's ready
#
ben_thatmustbeme tsyesika: we have done some work, but we have been busy and have not had a chance to close all the issues YET
#
aaronpk thanks ann!
#
ben_thatmustbeme eprodrom: lets move on to webmentions
#
aaronpk https://www.w3.org/TR/2016/WD-webmention-20160329/
#
ben_thatmustbeme aaronpk: i published a new draft of webmention with things we disucssed (links new version)
#
ben_thatmustbeme ... its not a huge change but there is a bunch of language and phrasing clarification, some of that thanks to annbass.
#
ben_thatmustbeme ... there is a new section about sending webmentions when you edit posts
#
ben_thatmustbeme ... there is a new section on conformance criteria
#
ben_thatmustbeme ... and the note about not sending to localhost
#
ben_thatmustbeme ... and the note about turning field names in to URIs
#
ben_thatmustbeme ... those are the summary of changes in this draft
#
ben_thatmustbeme eprodrom: and this is a live WD, FANTASTIC
#
ben_thatmustbeme ... thats a good step forward for us
#
ben_thatmustbeme ... are there other issue around WM we need to discuss
#
ben_thatmustbeme aaronpk: yes, i used our new labels and went through all old issues and added appropriate labels to them
#
aaronpk https://github.com/aaronpk/webmention/issues?q=is%3Aissue+is%3Aopen+label%3A%22Needs+Group+Input%2FDecision%22
#
ben_thatmustbeme ... in doing that there were a couple that were marked for review by the group
#
ben_thatmustbeme ... i wanted to get some group feedback on this
#
Loqi Tantekelik made 1 edit to [[Socialwg/2016-03-29]] https://www.w3.org/wiki/index.php?diff=97981&oldid=97980
#
aaronpk https://github.com/aaronpk/webmention/issues/20
#
ben_thatmustbeme ... issue 20 is a challenging one, we talked about this at F2F, said its similar to how HTML loads external resources, and its actually slightly different in that is does POST not just perform GET
#
ben_thatmustbeme ... i am not sure how to word the security warning
#
ben_thatmustbeme ... its really an issue about systems outside of webmention
#
tantek q+
#
Zakim sees tantek on the speaker queue
#
ben_thatmustbeme ... anyone have any suggestions?
#
ben_thatmustbeme tantek: i just read the updates on the issue, and in terms of the post vs get. There is one more place in HTML you can get similar data. That is Forms. its possible to POST cross site that way
#
ben_thatmustbeme ... and presumably HTML has to say something about that
#
ben_thatmustbeme ... we could just reference HTML and say that it follows HTMLs security concerns
#
ben_thatmustbeme aaronpk: okay, i can take a look at that and hope i find something there
#
KevinMarks is xmlhttprequest relevant too?
#
ben_thatmustbeme eprodrom: yeah, i'm just wondering if we can make this more general as tantek suggests. I don't think describing each and every possibility is worth it. but noting that a sender can get anyone to post to
#
ben_thatmustbeme ... something like "this is an URL that someone is giving to you, and you can't fully trust that"
#
ben_thatmustbeme tantek: its acting just like a browser would when doing a cross-site form POST
#
ben_thatmustbeme ... and maybe we just say we should follow the same method browsers use
#
ben_thatmustbeme ... at least implementers can look at that as a starting point
#
ben_thatmustbeme eprodrom: it would be nice to find some common language and point to that rather than having to rewrite it all in webmention
#
ben_thatmustbeme tantek: exactly, thats why i say point to HTML unless someone can come up with some way that its actually different
#
ben_thatmustbeme eprodrom: aaronpk, with webmention, are there other issues?
#
ben_thatmustbeme aaronpk: one more
#
aaronpk https://github.com/aaronpk/webmention/issues/14
#
ben_thatmustbeme ... #14, the thread is long but the end of it describes it, basically webmention only requires that source and target exist and doesn't use anything else. Right now there is no access token or cookies or anything
#
ben_thatmustbeme ... there is a concern that if a webmention request accidently does have credentials in it, someone might be committed to something they might not be aware of
#
ben_thatmustbeme ... however i don't want to disallow tokens, as it will be important for private webmentions
#
ben_thatmustbeme tantek: this happens in CSS a lot, there is some potentially advanced feature that we are not ready for, but we want to allow for, but its to put in a note saying this spec does not define any handling for webmentions that may have additional headers such as authentication headers such as ... etc
deiu joined the channel
#
ben_thatmustbeme ... by specifically saying that the spec doesn't specify any special handling, you are basically saying If you implement with them, thats fine
#
ben_thatmustbeme ... that leave the possibility open
#
ben_thatmustbeme ... just say "this specification does not define ....."
#
ben_thatmustbeme aaronpk: will that handle the origianl issue? is sandro on the call since he commented on it before.
#
ben_thatmustbeme eprodrom: i'm not sure i understand, leaving authentication open, or unspecified, i'm not sure i understand henry's point here, can you break that down?
#
ben_thatmustbeme aaronpk: i can try. He is saying that there is a risk of (as source and target are not uris) the target page could use query parameters in the webmention url you could send any specific values you want
#
ben_thatmustbeme eprodrom: so he wants to disallow authentication why?
#
ben_thatmustbeme aaronpk: no its that it could generate a generic post to some endpoint that could do some action
#
ben_thatmustbeme eprodrom: ahh, i see, if you are logged in, you browser could send your cookies etc
#
ben_thatmustbeme ... so if i provide the webmention URL that could be set to "friend someone on facebook" etc
#
ben_thatmustbeme ... i've always thought of webmention for server to server only
#
tantek q+ to also note webmention forms people are using on their blogs
#
Zakim sees tantek on the speaker queue
#
eprodrom ack tantek
#
Zakim tantek, you wanted to also note webmention forms people are using on their blogs
#
Zakim sees no one on the speaker queue
#
ben_thatmustbeme aaronpk: me too, but its possible that the server could include cookies
#
ben_thatmustbeme tantek: there is also a growing practice by many to include a form on their site that says "paste your URL here to send me a webmention"
#
ben_thatmustbeme ... to allow people who don't support webmention yet to still send a webmention. thats the one existing scenario i know of where there is a browser sending a webmention
#
ben_thatmustbeme ... so maybe thats worth mentioning that its only to the site its on
#
ben_thatmustbeme ... thats again something that seems HTML level, and not specific for webmention
#
ben_thatmustbeme aaronpk: thats exactly html, this is a standard XSS issue. so maybe the solution is the same as issue 20 which is about preventing these cross site posts
#
ben_thatmustbeme eprodrom: i think thats probably best, saying there is a possibility of XSS here and take necerssary precautions to avoid that
#
ben_thatmustbeme ... i realize the issues tend to be pretty esoteric, but thats probably a good sign that we covered the low hanging fruit
#
ben_thatmustbeme ... thats the end of the agenda for today, any other discussion items for today?
#
ben_thatmustbeme *crickets*
#
ben_thatmustbeme ... i can get into tracker but i don't think there is anything new there
#
tantek q+
#
Zakim sees tantek on the speaker queue
#
eprodrom ack tantek
#
Zakim sees no one on the speaker queue
#
ben_thatmustbeme hearing nothing, we can... oh, tantek?
#
eprodrom Arnaud: ?
#
Arnaud I am
#
ben_thatmustbeme tantek: i thought i saw arnaud on the call maybe we can get it resolved now who is chairing next week?
#
Arnaud yes
#
ben_thatmustbeme Arnaud: yes, i can do it next week
#
annbass thanks Evan and Ben!
#
eprodrom Thanks for scribing, ben_thatmustbeme
#
ben_thatmustbeme trackbot, end meeting
#
eprodrom ben_thatmustbeme++
#
trackbot is ending a teleconference.
#
trackbot Zakim, list attendees
#
Zakim As of this point the attendees have been tantek, annbass, ben_thatmustbeme, aaronpk, Arnaud, eprodrom, tsyesika, KevinMarks
#
Loqi ben_thatmustbeme has 137 karma
#
trackbot RRSAgent, please draft minutes
#
RRSAgent I have made the request to generate http://www.w3.org/2016/03/29-social-minutes.html trackbot
#
trackbot RRSAgent, bye
#
RRSAgent I see no action items
#
ben_thatmustbeme Zakim, bye
#
Zakim leaving. As of this point the attendees have been tantek, annbass, ben_thatmustbeme, aaronpk, Arnaud, eprodrom, tsyesika, KevinMarks
#
Arnaud hoping Comcast stopped screwing around with my connection by then
#
ben_thatmustbeme Comcast--
#
Loqi Comcast has -43 karma
#
ben_thatmustbeme LOL
#
Arnaud :)
#
Arnaud that seems well deserved!
#
cwebber2 lol
bblfish joined the channel
#
Loqi Benthatmustbeme made 2 edits to [[Socialwg/2016-03-29-minutes]] https://www.w3.org/wiki/index.php?diff=97990&oldid=0
jaywink_ and KevinMarks joined the channel
#
Loqi Benthatmustbeme made 3 edits to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=97995&oldid=97978
#
Loqi Benthatmustbeme made 1 edit to [[Socialwg/2016-03-29-minutes]] https://www.w3.org/wiki/index.php?diff=97993&oldid=97990
bblfish_ joined the channel
#
cwebber2 New MediaGoblin release is out!
#
cwebber2 http://mediagoblin.org/news/mediagoblin-0.9.0-three-goblineers.html
#
aaronpk congrats!
#
tantek congrats cwebber2!
#
cwebber2 this one does a lot of things, but helps pave the way for tsyesika's federation work under the hood :)
#
cwebber2 thanks aaronpk, tantek !
#
cwebber2 also I didn't have access to a graphics tablet. Usually I do some release art digitally: http://mediagoblin.org/news/mediagoblin-0.5.0-goblin-force.html
#
cwebber2 so this one came out a bit raw. But on the other hand, I sketched it up while on vacation with Morgan, and she did the coloring, and that was kind of nice :)
#
cwebber2 not that any of that part matters to #social I guess :)
#
tantek I think any progress with implementing & shipping anything federated/social-web like matters to #social :)
#
cwebber2 :)
jasnell and bblfish joined the channel
#
tantek rhiaro++ great summary of the f2f Amy! http://rhiaro.co.uk/2016/03/socialwg5-summary
#
Loqi rhiaro has 201 karma
bblfish_ and jasnell joined the channel