Re: W3C/IETF coordination call 13 March, HTML 5 get-together ~25 March

Dan, Mark - where is the agenda for this call? -Thanks, Art Barstow

On Feb 24, 2009, at 1:20 PM, ext Dan Connolly wrote:

> FYI... The next W3C/IETF liaison teleconference is scheduled
> for 13 March. Mark Nottingham is chairing this time.
>   http://esw.w3.org/topic/IetfW3cLiaison
>
> I chaired the previous one:
> http://lists.w3.org/Archives/Public/public-ietf-w3c/2009Jan/0003.html
>
> And supplementary to IETF 75 near SFO an HTML 5 related get-together
> is brewing.
> http://esw.w3.org/topic/IETF_HTML5_Meeting_March_2009
>

"RHTTP and overview of other approaches" at IETF apparea meeting (HTTPSubstrate ISSUE-16)

I'm in the IETF apparea meeting, enjoying these presentations
on BOSH, Bayeaux, WebSock, rHTTP,

10:00   Bidirectional HTTP: BOSH, Bayeux, COMET, WebSockets, rHTTP
                 Peter Saint-André, Salvatore Loreto, Greg Wilkins, 
and/or Mark Lentczner?
                 http://xmpp.org/extensions/xep-0124.html
                 http://svn.cometd.org/trunk/bayeux/bayeux.html
                 draft-hixie-thewebsocketprotocol-02.txt
                 draft-lentczner-rhttp-00
http://tools.ietf.org/agenda/74/apparea.html

I can't seem to find a pointer to this nice summary by Mark L.

mnot brought up BCP56...

peter <at> jabber.org: "On the use of HTTP as a Substrate"
peter <at> jabber.org: http://tools.ietf.org/html/bcp56
  -- http://jabber.ietf.org/logs/apparea/2009-03-23.txt

which reminds me of TAG ISSUE-16 HTTPSubstrate-16, which
we recently estimated is all over but the crying, i.e. PENDINGREVIEW

   Should HTTP be used as a substrate protocol? Does W3C agree with RFC 
3205?
   http://www.w3.org/2001/tag/group/track/issues/16

people are talking about a new mailing list... BOF deadlines... etc.

--

-- 

Re: "RHTTP and overview of other approaches" at IETF apparea meeting (HTTPSubstrate ISSUE-16)

I looked briefly into bosh and I wasn't sure why their reason for
tunnelling GET/POST etc. over HTTP POST was so much more palatable to
web arch than WS-*s usage.  My guess is they have similar reasons to
the WS-* community, that they wanted a uniform layer of GET/POST to be
able to work bi-directionally without limitations of HTTP on each
message, such as non-addressable receivers.

Cheers,
Dave

On Mon, Mar 23, 2009 at 11:57 AM, Dan Connolly <connolly <at> w3.org> wrote:
> I'm in the IETF apparea meeting, enjoying these presentations
> on BOSH, Bayeaux, WebSock, rHTTP,
>
> 10:00   Bidirectional HTTP: BOSH, Bayeux, COMET, WebSockets, rHTTP
>                Peter Saint-André, Salvatore Loreto, Greg Wilkins, and/or
> Mark Lentczner?
>                http://xmpp.org/extensions/xep-0124.html
>                http://svn.cometd.org/trunk/bayeux/bayeux.html
>                draft-hixie-thewebsocketprotocol-02.txt
>                draft-lentczner-rhttp-00
> http://tools.ietf.org/agenda/74/apparea.html
>
>
> I can't seem to find a pointer to this nice summary by Mark L.
>
> mnot brought up BCP56...
>
> peter <at> jabber.org: "On the use of HTTP as a Substrate"
> peter <at> jabber.org: http://tools.ietf.org/html/bcp56

IDNAbis session 1 at IETF 74: mechanism/policy, looking for test materials

Vint Cerf chaired the session and revewed status/goals.
The current work ("bis") is called the 2008 design, as opposed
to the 2003 design. The 2008 design aims
to be Unicode version independent, for example.
There was also an interesting presentation on CJK details.
The presentation materials are (to appear?) in the IDNAbis
section of the IETF 74 meeting materials
https://datatracker.ietf.org/meeting/74/materials.html#wg-idnabis

I'll excerpt a bit from the jabber chat logs that
illustrate some points I picked up...
   http://jabber.ietf.org/logs/idnabis/2009-03-24.txt

I (re-)learned about the mechanism/policy divide:

[01:29:42] <dan.hoopyfrood> (I'm struggling to appreciate the aversion 
to policy issues in this design space. the security/policy issues seem, 
to me, to dominate. If policy is Somebody Else's Problem, is it clear 
who Somebody Else is?)
[01:29:55] <Andrew Sullivan> Dan: yes
[01:30:00] <Andrew Sullivan> the zone operator(s)
[01:30:03] <Andrew Sullivan> and maybe ICANN
[01:30:54] <dan.hoopyfrood> remind me who the .com and .cn zone 
operators are? (if you have bandwidth)
[01:31:19] <Andrew Sullivan> .com's zone operator is Verisign, and .cn's 
is CNNIC
[01:31:35] <dan.hoopyfrood> thanks
[01:31:41] <Andrew Sullivan> and the zone operator of crankycanuck.ca is me
[01:32:12] <Andrew Sullivan> (Note that lower-level zones are also 
important in this dicsussion -- important not to ignore that)

Re: IDNAbis session 1 at IETF 74: mechanism/policy, looking for test materials

Re: W3C/IETF coordination call 13 March, HTML 5 get-together ~25 March

Oops... sorry for the delay...

On Mon, 2009-03-02 at 11:31 -0500, Arthur Barstow wrote:
> Dan, Mark - where is the agenda for this call? -Thanks, Art Barstow

It's sent to the participants.

> On Feb 24, 2009, at 1:20 PM, ext Dan Connolly wrote:
> 
> > FYI... The next W3C/IETF liaison teleconference is scheduled
> > for 13 March. Mark Nottingham is chairing this time.
> >   http://esw.w3.org/topic/IetfW3cLiaison
> >
> > I chaired the previous one:
> > http://lists.w3.org/Archives/Public/public-ietf-w3c/2009Jan/0003.html

--

-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
gpg D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E

Re: W3C/IETF HTML 5 get-together ~25 March

On Tue, 2009-02-24 at 12:20 -0600, Dan Connolly wrote:
[...]
> And supplementary to IETF 75 near SFO an HTML 5 related get-together
> is brewing.
> http://esw.w3.org/topic/IETF_HTML5_Meeting_March_2009

That wiki topic now has notes from the meeting, mostly
thanks to Sam Ruby.

--

-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
gpg D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E

Re: W3C/IETF HTML 5 get-together ~25 March

Thanks Sam and Dan!

 From the notes, I can't quite tell whether Origin and CORS got  
discussed together or separately.  That doesn't really match reality,  
as there's (at least in the view of some) value to using the same  
header for CORS and more general cross site request forgery  
prevention.  That aspect is, in my view, an important element in the  
cost/benefit analysis for Origin.

Concerning "JavaScript sandboxing", I wonder what precisely people at  
the meeting had in mind.  Is this another instance of the topic area  
of last December's workshop

   http://www.w3.org/2008/security-ws/

... or is something different meant?

Regards,
--
Thomas Roessler, W3C  <tlr <at> w3.org>

On 27 Mar 2009, at 13:34, Dan Connolly wrote:

> On Tue, 2009-02-24 at 12:20 -0600, Dan Connolly wrote:
> [...]
>> And supplementary to IETF 75 near SFO an HTML 5 related get-together
>> is brewing.
>> http://esw.w3.org/topic/IETF_HTML5_Meeting_March_2009
>
> That wiki topic now has notes from the meeting, mostly
> thanks to Sam Ruby.
>
> -- 
> Dan Connolly, W3C http://www.w3.org/People/Connolly/
> gpg D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
>
>

Re: W3C/IETF HTML 5 get-together ~25 March

On 27 Mar 2009, at 14:42, Thomas Roessler wrote:

> Thanks Sam and Dan!
>
> From the notes, I can't quite tell whether Origin and CORS got  
> discussed together or separately.  That doesn't really match  
> reality, as there's (at least in the view of some)

"Discussing them separately ignores an important motivation for  
Origin" is what I mean -- sorry for the unclear words.

> value to using the same header for CORS and more general cross site  
> request forgery prevention.  That aspect is, in my view, an  
> important element in the cost/benefit analysis for Origin.
>
> Concerning "JavaScript sandboxing", I wonder what precisely people  
> at the meeting had in mind.  Is this another instance of the topic  
> area of last December's workshop
>
>  http://www.w3.org/2008/security-ws/
>
> ... or is something different meant?
>
> Regards,
> --
> Thomas Roessler, W3C  <tlr <at> w3.org>
>
>
>
>
>
>
>
> On 27 Mar 2009, at 13:34, Dan Connolly wrote:
>
>> On Tue, 2009-02-24 at 12:20 -0600, Dan Connolly wrote:
>> [...]
>>> And supplementary to IETF 75 near SFO an HTML 5 related get-together
>>> is brewing.
>>> http://esw.w3.org/topic/IETF_HTML5_Meeting_March_2009
>>
>> That wiki topic now has notes from the meeting, mostly
>> thanks to Sam Ruby.
>>
>> -- 
>> Dan Connolly, W3C http://www.w3.org/People/Connolly/
>> gpg D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
>>
>>
>

Re: W3C/IETF HTML 5 get-together ~25 March

Thomas Roessler wrote:
> On 27 Mar 2009, at 14:42, Thomas Roessler wrote:
> 
>> Thanks Sam and Dan!
>>
>> From the notes, I can't quite tell whether Origin and CORS got 
>> discussed together or separately.  That doesn't really match reality, 
>> as there's (at least in the view of some)
> 
> "Discussing them separately ignores an important motivation for Origin" 
> is what I mean -- sorry for the unclear words.

They were discussed separately.  As you point out, that may have been 
unfortunate.  I was unaware of the connection between the two.

>> value to using the same header for CORS and more general cross site 
>> request forgery prevention.  That aspect is, in my view, an important 
>> element in the cost/benefit analysis for Origin.
>>
>> Concerning "JavaScript sandboxing", I wonder what precisely people at 
>> the meeting had in mind.  Is this another instance of the topic area 
>> of last December's workshop
>>
>>  http://www.w3.org/2008/security-ws/
>>
>> ... or is something different meant?

That was mentioned in passing, simply as an area where additional 
security review may be warranted.  It wasn't elaborated further.

>> Regards,
>> -- 
>> Thomas Roessler, W3C  <tlr <at> w3.org>

- Sam Ruby