See also: IRC log
<tantek> trackbot, this meeting spans midnight
<trackbot> Sorry, tantek, I don't understand 'trackbot, this meeting spans midnight'. Please refer to <http://www.w3.org/2005/06/tracker/irc> for help.
<tantek> scribe: ben_thatmustbeme
<aaronpk> good morning!
<scribe> scribenick: ben_thatmustbeme
<scribe> scribe: Ben Roberts
<tsyesika> tsyesika+
tantek: lets do introductions
ben_thatmustbeme (I won't scribe intros)
tantek: the first thing we're going to be doing is editing the agenda
<Karli> ok
tantek: we have demos and soem admin items to schedule
<aaronpk> scribenick: aaronpk
<shevski> hello
<shevski> i can't find you guyes
<wilkie> the room?
<shevski> yep, the room for the f2f
<wilkie> stata center, 4th floor common
<shevski> i did a fair amount of wandering around the 4th floor..
<rhiaro> G449
<rhiaro> shevski
<shevski> okay, on the 5th floor now. will come and have another look
sandro: i took an action item to
propose a list of labels for organizing issues, i have that to
present now
... probably before we go through issues lists
<ben_thatmust> scribenick: ben_thatmust
tantek: the next goals after that
will be to looking at what is needed next for taking drafts to
CR
... lets move work on publish updated working drafts to
tomorrow
eprodrom: lets move demo of validator to before taking AS2 to CR discussion
tantek: this fully schedules what
we had for goals and items to schedule thus far.
... do we have any other items we'd like to add?
shevski: what about reviewing implementations?
tantek: (schedules it) NOW i
think we are done
... anything else?
AnnBass: do we have anyone on talky?
tantek: no, not yet
<eprodrom> Arnaud: are you joining by Talky?
tantek: the next telcon is the 29th, no telcon next week
<eprodrom> ben_thatmust++
tantek: mostly because most of us are busy here next week
<Loqi> ben_thatmust has 8 karma
tantek: the next F2F is already
scheduled for portland
... the weekend before the meeting is the IndieWebCamp summit
too
... right now we have 5 RSVPs to the next F2F
<tantek> https://www.w3.org/wiki/Socialwg/2016-06-07#Participation
tantek: please add yourself one
way or another if you can go or not
... that will help aaronpk with venue planning etc
... the next F2F after that is in september in Lisbon Portugal
as part of TPAC
... by a quick show of hands how many can make it to
that?
... that was about 50% so it should be enough of a critical
mass
... we need to submit for space
... i proposed thursday - friday that week
... if anyone else has any WG they are a part of, you might
want to check with other groups to see that there is no
conflict
... hearing no objections lets go with Thursday/Friday
sandro: what about annotations?
tantek: do we want to conflict or specificially not conflict
<Loqi> I added a countdown for 3/16 11:45am (#5814)
<Loqi> Loqi has 394 karma
RESOLUTION: reserve Thursday/Friday for meeting at TPAC in Lisbon
eprodrom: if we are to have another meeting after that it would be close to the end of the year, do we want to schedule that?
tantek: last time we discussed we suggested SF, i'd be happy to host
eprodrom: would there be any benefit to being here?
sandro: not really other than travel rotation
AnnBass: it would be more fair since the summer one is on the west coast
tsyesika: its easier for us to get here
<Loqi> Abasset made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97732&oldid=97731
<Loqi> Abasset made 1 edit to [[Socialwg/2016-06-07]] https://www.w3.org/wiki/index.php?diff=97733&oldid=97480
<Loqi> Wilkie made 1 edit to [[Socialwg/2016-06-07]] https://www.w3.org/wiki/index.php?diff=97734&oldid=97733
eprodrom: i'm not sure there is any benefit to meeting that close to the end of our charter
tantek: hopefully its to celebrate our completions
sandro: probably no decisions to make at that point
aaronpk: if we have to decide that before december, is it better to have it earlier?
tantek: now is the time to start
planning date ranges certainly
... normally the TPAC is in early november, so its a little
strange this year
eprodrom: could we sketch in a proposed F2F @MIT for early november 2016?
wilkie: we can always revisit this in june
tantek: this would give people plenty of time react
sandro: the week of Nov 14th doesn't conflict with anything (elections, holidays, etc)
tantek: lets just say early Nov so people have time to react to that
AnnBass: are we officially saying it here at MIT?
tantek: there is a proposal for that, I'm still happy to host in san fransisco too
sandro: november is far enough out we can ACTUALLY get our choice of rooms
tantek: we'll follow up on future
F2F discussions with that schedule
... any other input on F2F or all other admin items?
<tantek> https://www.w3.org/wiki/Activity_Streams/Conformance
eprodrom: just for context, one of the decisions we made was to add a conformance section to AS2 before getting to CR
<eprodrom> https://www.w3.org/TR/html5/infrastructure.html#conformance-requirements
eprodrom: specificially chose to
mimic the html conformacne section
... this task has been on my todo list for some time, so i'm
glad this is done
... can we step through this? its not as long as HTML5
conformance section as it had a lot of previous versions and
its not as significant here for some of those sections
... non-interactive presentation for example is too detailed
for AS2
... followed structure of html prolog
... the RFC 2119 is duplicated here, we can probably remove it
here or at the beginning
... in terms of the conformance classes, its a description of
the various roles
<Loqi> Abasset made 2 edits to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97736&oldid=97732
eprodrom: at times we say
implementers must vs documents must, so we call that out
here
... some specific MUST and SHOULDS are called out here
... if anyone wants to queue up, please do so
... prefer this vocab over other vocabularies
... there are JSON-LD features that should not be used
... those are detailed throughout the doc
sandro: why are these all SHOULDs not MUSTs?
tantek: maybe we should make these MUSTs
eprodrom: the specific sections are SHOULDs
tantek: we should update the SHOULDS to MUSTS as this conformance section seems to say it optional
sandro: it seems rather odd to just repeat all of these from the document
eprodrom: i was trying to bring up key points for conformance
<tantek> specifically, we could updated this: "Conforming publishers should make conforming documents available according to the serialization requirements of section 2." to "Conforming publishers must make conforming documents available according to the serialization requirements of section 2."
eprodrom: there are ways within
JSON-LD to specify multiple languages for example and an AS2
version of that and we are saying to not use those things
specifically disallowed by the spec
... let me ask a higher level question, i think the intention
was to say "what is a good AS2 document?" and i wanted to
collect that all in to one section
... is that a worthwhile goal for this section?
... is that the wrong kind of effort to put in to this
conformance section
tantek: i think from a spec writing side, its better to prefer a MUST instead of a SHOULD
eprodrom: using 1.0 syntax for some of the properties is a MAY (from memory)
sandro: if you are as2 with some compatibility for as1 processors, are you "conformant"
tantek: is there a transition section in the spec?
eprodrom: yes
... the idea is there are 2 media types
sandro: sounds like as2 media MUST NOT have as1 content
tantek: if you can't come up with a specific reason for a SHOULD, it must be a MUST
rhiaro: if alternatives exist AS2 terms must be present, but you can have non as2 if there is no equivalent or as long as the equivalent is there
(some discussion about exact phrasing)
(i cannot scribe live editing sanely)
<eprodrom> http://jasnell.github.io/w3c-socialwg-activitystreams/activitystreams-core/#naturalLanguageValues
(edits to make last section more clearly)
sandro: have other editors been thinking about conformance clauses
aaronpk: webmention and micropub have short conformance clauses but nothing this complex
tantek: can acitivypub use that
<aaronpk> micropub conformance section: http://micropub.net/draft/#conformance
sandro: its much more complex for document formats
<tantek> consider s/Conforming publishers should make conforming documents/Conforming publishers must make conforming documents
eprodrom: done editing, it now says use the equivalents but also uses parallels
tantek: i had one more suggestion, in the publishers section
sandro: we haven't gotten there
eprodrom: there may be some other examples of documents we can add
<Loqi> Aaronpk made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97738&oldid=97736
eprodrom: i give a description of implementations as that word is used a lot
tantek: we can remove "human processes"
<tantek> * human processes
sandro: maybe specify they two
types of implementations are publishers and consumers
... i think we can say MUST consider, its not really any way to
test or enforce that
... at least make it stronger
tantek: human impact of the word MUST at least
eprodrom: since most of the
publishing requirements are in the spec there is not much need
for a large section here other than to say they have to create
a document that conforms
... the final section is on consumers
... there are things that are MUSTs for them such as continuing
to process if they hit things they don't understand
sandro: have you had feedback from jasnell_ on this?
eprodrom: no
tantek: has anyone heard from james?
<jasnell_> I'm here. somewhat ;-)
eprodrom: lets make sure we get his sign off.
<jasnell_> haven't been able to follow along with the conversation for a bit
<eprodrom> Oh hey!
<eprodrom> jasnell_, we've just discussed waiting for your review on https://www.w3.org/wiki/Activity_Streams/Conformance
tantek: do you think there is enough experience with how feed-readers treat other formats, to provide a base of how readers MUST treat AS2?
eprodrom: thats true we do have some experience from nearby domains we could borrow from
tantek: we could at least say "if
you are building a feed reader here is your list of
MUSTs"
... it would be a specific subsection for feed readers
Karli: do we mean an RSS reader here or more like a social client
<jasnell_> the conformance page looks ok, pretty light in terms of actual conformance rules but that's to be expected
tantek: its better to start more
like an RSS reader, and we can expand later
... i'm not sure we have the experience to do that for social
networks yet
<jasnell_> for producers, something should be said about conforming to the rules of each property. For instance, "updated" and "published" must be iso8601 date-time
eprodrom: it would take me a while to do examples for all of these classes
tantek: i'm talking about only for 1 specifically, not for any others
<jasnell_> "name" and "nameMap" must not contain markup, and consumers must not treat it as markup
<jasnell_> "summary"/"content"/"summaryMap"/"contentMap", however, are HTML and consumers should treat them as such, etc
eprodrom: its a very good example
to use too
... i'm happy to do that, maybe even for tomorrow
Action eprodrom to add a section on feed readers to AS2 conformance section
<trackbot> Created ACTION-86 - Add a section on feed readers to as2 conformance section [on Evan Prodromou - due 2016-03-23].
tantek: i agree with jasnell_'s comments
<eprodrom> http://jasnell.github.io/w3c-socialwg-activitystreams/activitystreams-core/
<jasnell_> there are other examples, I'll see if I can come up with a more exhaustive list
<tantek> and adding that consumers MUST treat them as such
eprodrom: if you should through
this document for capital MUST and Capital SHOULD, we have 30
must 31 should, 18 for may
... would recaping those be good for this section?
tantek: no, those requirements should be hardened
<jasnell_> but they include things like: on as:Link objects, the "id" property must not be considered to be the actual URL to the object, the "href" property must be used for that. The "id" and "href" can have the same value, but they serve different purposes
<eprodrom> jasnell_: I count about 30-40 each of MUST, SHOULD, MAY in the text
<eprodrom> Is the conformance section a good place to recapitulate them?
<jasnell_> not everything is captured as MUST/MAY
<eprodrom> Or should be refer to them by reference ("serialization as in section 2")
<eprodrom> jasnell_, such as for example, range of properties on different classes
<jasnell_> I'll take some time later on today and tomorrow to write up as many of these types of rules as I can
<eprodrom> jasnell_: feel free to edit the wiki page
tantek: if those are specific
properties, edit the spec
... those requirements should go with the properties
<jasnell_> btw, my apologies for being awol the past couple of months, the Node community stuff has been keeping me quite occupied
tantek: later in the spec you can say "consumers MUST" and we know what a consumer is
<eprodrom> jasnell_: no problem, just glad to get it here
<eprodrom> jasnell_: let's powwow one-on-one for further editorial points
<jasnell_> +1
<jasnell_> if you would, send me a calendar invite for a time that works best for you
eprodrom: are there other things you would expect here or that are confusing?
sandro: i think this is good, the sort of lawyer perspective is what is someone going to get away with because of something we missed here? I think this is the right track but we can't guess what all those loopholes are in the future.
tantek: this is also going to feed into the test suite, any must can be captured in a test
eprodrom: is there a decision point we can make like "include a conformance section" i think we've already approved that, can we add this now as a first draft
sandro: i think we can do that and hope anyone spots any fixes before we publish again
tantek: i think this is good to
go in now and i'd like to see it published sooner than later
but we can talk about that in publishing schedule later
... shall we take a break?
rhiaro: lunch is here, half an hour early
tantek: lets do issue labels section then break for lunch
sandro: issues labels on github
is an over-contraint problem, you'd like it to be overly clear
but issues have to serve several different reasons
... sometimes they are used for w3c process, sometimes for
editors, sometimes for chairs
<sandro> https://github.com/sandhawke/spot/labels?sort=name-asc
sandro: i tried to put that all
togeter in to a repo of mine
... commentor stuff is probably w3c process
... mostly these are on closed issues
... the Waiting ones are the ones the chairs would look
at
... these are things that would show up on the agenda
the greyed out ones are ones can sort of ignore
eprodrom: i have two questions on this, we have a large number of repos on this
sandro: i have a script that can put all of these on a repo
eprodrom: this is for a spec repo, what about software / test suite
sandro: i assumed a spec
eprodrom: is there any reason not to start doing this immediately?
tantek: i'd like to see fewer
dmitriz: "editorial" vs "editorial: spec is ambiguous" is there a difference there?
sandro: editorial is not important change, spec is ambiguous is a little more dangerous
tantek: that sounds not editorial
Karli: with owncloud we start with fewer and add them as we need them, its also not clear here who sets these labels
sandro: agreed though i'm not
sure we have a good answer to that
... someone with github permissions
eprodrom: my understanding is that some of these are anticipating questions of CR
sandro: for example we have 176 closed comments on AS2, we would want to have them all organized
tantek: i'm pretty sure thats for last calls etc, so we don't have to go through all old comments
sandro: i don't think thats true
tantek: in other groups after we
went to CR we added them to "disposition of comments" but not
before we went to CR
... it was "have you actually responded to all comments after
the last call for comments"
sandro: okay, maybe we don't have to do that, We SHOULD do that..
tantek: i don't think we should, its a waste of our time
dmitriz: in the interest of reducing number of tags, 'waiting for' could be grouped
aaronpk: as an editor i like to mark things specifically for the group
tantek: i think we should limit it to those that help the W3C Process, and add it as needed
sandro: for example james at last
f2f, he had to organize them for us
... this would give us that organization
cwebber2: it would help us get some idea of priority setting
<cwebber2> https://shed.bike/ :)
eprodrom: i don't think we are going to come up with an agreed upon list before lunch and i want to eat
sandro: other idea is to add these to the repos and remove any unused ones after a month
shevski: we could vote like on
the voice
... i think that list is too long, i'd be interested to know
which are the most important
... I wouldn't know what are the most important ones
eprodrom: can i suggest moving this to a wiki page and edit it down there?
aaronpk: i would need a
description of what each of these are and what they are all
needed for
... maybe we just start with a list of these as the official
list and if i need to add it, i look up the list and add it as
needed to github
sandro: i can give you the CURL to add those with those colors
aaronpk: that does not sound like
a lot of work for me
... without these labels the editor has a lot more work
... these labels would help other people to work on the
spec
eprodrom: when do we move our repos under the w3c space on github?
tantek: its not a requirement
sandro: i'll add something of a description of them all to the wiki with their colors
tantek: i'm happy to add what i think is important of these
AnnBass: i printed out and ran through editorial changes for the 3 specs on the reading list
i'll give those to editors
Action sandro to add labels to the wiki with short description of each
<trackbot> Created ACTION-87 - Add labels to the wiki with short description of each [on Sandro Hawke - due 2016-03-23].
<annbass_> Jasnell: I have a paper print of AS, with a few "English" edits ... Would it work for me to give it to Arnaud next week, to give to you?
<annbass_> (Paper is easier for me to edit in this manner, than online ... For making suggestions to you)
<wilkie> reconvene at 1pm
tantek: we are on lunch until 1pm to do as2 validator and taking as2 to CR both of which are led by evan so i'll chair and then we can swap off for the rest of the day
<Loqi> I added a countdown for 3/16 1:00pm (#5815)
<jasnell_> hey, sorry, got pulled away for a bit
<jasnell_> annbass_ : I'm not likely to see arnaud soon, but if you'd like to scan and email me a copy I'll make the edits
<annbass_> Seems like a lottaa
<annbass_> Whoops ... A lotta pages to scan ... Maybe give me your snail mail address in private, and I'll do that?
<annbass_> (23 pages)
<Loqi> Tantekelik made 2 edits to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97752&oldid=97738
<Loqi> Sandro made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97755&oldid=97752
<aaronpk> Arnaud: can you hear now?
<Arnaud> nope
<Arnaud> in the meantime I tried another computer and had the same results so I'm pretty sure the problem isn't on my side
<aaronpk> just refreshed. now?
<Arnaud> yes, it works!
<Arnaud> thanks
<Arnaud> hi :)
<tantek> eprodrom is getting setup to demo the AS2 validator
<tantek> we need a scribe for the afternoon
<tantek> thanks cwebber2 for scribing
<tantek> scribe: cwebber2
<ben_thatmustbeme> scribenick: cwebber2
<Arnaud> thanks aaronpk!
<Arnaud> the sound is actually pretty good
<aaronpk> great
<aaronpk> you can hear evan okay? he's on the opposite side of the room as the mic
<Arnaud> very well
eprodrom: well I'll get started
then. The point of this demonstration from a pull-back, one of
the things we have to do as we bring AS2 to recommendation is
have a test suite. But one question is what that means for a
document format specification. We've taken it to mean two
parts
... 1 a set of document formats that we expect consumers to
consumes, that's in the activitystreams-test-documents,
composed of examples from AS Core and Vocabulary
specifications, as well as jasnell's javascript stuff for
AS2
... it's about 100 documents, maybe 200
... a number of different documents
... our expectation is those writing consumer implementations
should be able to consume this, and if their thing explodes
they know they have a problem
... so it's a fairly low impact test suite for consumers
sandro: it's 200
eprodrom: 200 docs, thanks. on
public side we need to validate ? so we decided to build a
validator
... so this is a way to test your documents. the as2 validator
is written in node.js, canonical version at as2.rocks, if
there's a reason to run another version we can do that too,
software is under w3c software license
<eprodrom> https://github.com/w3c-social/activitystreams-validator/issues/11
sandro: it's not linked from as2.rocks
eprodrom: I'll drop it on irc
(^^-- above)
... 2 ways to submit to validator: paste the URL into the URL
area; if you see there's things at GitHub let's get the raw
version of documents
... there are bad parts, I think it's served as plaintext, but
let's just say we've got this
... when we hit the url we see this validation report, we see
that it's from one of the example documents
... I'm not crazy about this reports, there are 3 errors which
I think is too high, but I think it's a way to do that
submission
... the problem is that we've got several objects in here
without a required name property
tantek: is name or name map a must?
eprodrom: yes it's a MUST
... it's one thing that comes up, it's a MUST with few examples
in the spec
... the other thing that we could do here is to copy paste it
in here, take this same document, copy pasta, run another
validation
... and it'll run validation again
... you can also upload a file, so you can say hey look, I'm in
the test documents, how useful, upload that, validate it
... and there we go. lastly, you can use the validate endpoint
as an api endpoint and via your fave programming language or
curl on the command line, you can do that
... let me bring up a terminal...
... so this is just a curl command line http client, will shoot
it off to the endpoint
... the endpoint returns first a list of notes, similar to what
we see in the html interface, also returns the input that it
received so you can verify you actually got what you thought
you did
... so that is a way to do some validation from the command
line... I use this to validate all the documents that are in
the test document suite
... so that's a relatively easy shell
sandro: when I try that I get html with a link to the validator
eprodrom: yeah do it with
https
... you have to do something to tell curl to do the redirects
if you use http
... I think this should follow a lot of the use cases, I think
there may be other ones, but api endpoint is kind of a failsafe
on the rest
... there are 4 ways to submit a document
... speaking of validation, one of the things that's
interesting about AS2 is that it's very permissive. an empty
javascript object is a valid AS2 document
... no properties are absolutely property, only one is that you
MUST have a name on certain kinds of documents
... despite that, there are some better and worse AS2
docs
... so we might tell users there are things we'd like to
see
... I did this by showing a heirarchy of notes
... I'm not sure where this comes from but I know it from
syslog style errors... ERROR, WARNING, NOTICE, INFO
... MUST should do error, should should do warning, style
issues should be notices or informational, maybe a style
thing
... notice is something you should probably change, and info is
just info
... this seems to be working pretty well... I've implemented
almost all the MUST, most of the SHOULDs, and a few of the MAYs
and optional properties I haven't yet followed up on
for most of the properties and thet ypes we have in AS2.0 the domain and range of propertis are if you have an actor for the activity what are the things it could be
scribe: so domain and range of properties, required properties, recommended properties, things allowed and not
sandro: so test documents are those all supposed to be OK documents? or should they be categorized with some as errors, warnings
eprodrom: good question, all of them are "these should work"
sandro: except maybe that one that wasn't ;)
eprodrom: yes maybe that doc or our spec that needs fixing
sandro: it might be nice to manually sort so we can test this
tantek: it's realtively stable at this point, could we add links for all warnings and errors?
eprodrom: good idea
tantek: that way if someone gets an error they can click it to see how to fix it
eprodrom: yeah
... there are two views, you can see submitting or validation
report, at the moment it's pretty plain janes but
tantek: can you show url based result again
eprodrom: yes, you can also tell one thing it's not doing here is complaining that it's being served as text/plain, which is one more thing it can do
tantek: that's great, here's a thing you can share
eprodrom: right right
... you can do url=${document location}
tantek: do you have any live sites on the web you can link to
eprodrom: not yet
tantek: valid challenge to working group: who can get a valid stream on their site first
sandro: are there any as1 -> as2 converters
<tsyesika> https://as2.rocks/validate?url=http%3A%2F%2Ftsyesika.se%2Ffeed AS2 document on the web :)
eprodrom: any other questoins?
tantek: mostly that it's
awesome
... one nice thing is our discussions are not subject to
rfc2019
eprodrom: I'd love help, styling would be nice, I'm not sure, maybe tabs
<Arnaud> I agree, nice progress!
<rhiaro> My photo albums: https://as2.rocks/validate?url=http://img.amy.gy/files/food/food.json
tantek: next topic is taking AS2 to CR, which is also yours eprodrom :)
eprodrom: what I'd like to do is
my understanding is that we had three things we needed to do to
get AS2 to CR state
... these three things were to first resolve (blocking) issues,
second provide a test suite, third provide a conformance
section
... I think as it stands we have first drafts or early versions
of those three things
... I may need to confirm that about the issues but at least in
terms of test suite we have what we've kind of laid out as in
terms of test suite, and we have conformance section in a draft
state
tantek: for test suite do you have at least one test per feature of the spec
eprodrom: would that be like for
each type in the vocab have on document for each one
... so for properties we have at least one of each
... a property in as2 can't be an empty array for example
... here's a document with an empty array, throw an error
tantek: do you have a test for an assertion for each part of the spec
eprodrom: since we have tests from documentation examples, we have pretty good coverage
tantek: that's ok, having a comprehensive test suite is not a requirement to enter CR (but it is to exit)
sandro: I don't remember what the granularity was
tantek: was it raised as an issue to define granularity
sandro: yes
eprodrom: we went down an interesting path with that one, and it got caught up with the conformance classes
tantek: we have conformance
section, have test suite with a lot of cases covered, so that
leaves the open issues
... so where are we in open issues
sandro: we have 12, and I won't
snark that they aren't labeled ;)
... one of them is editorial but it's not my version of
editorial!
eprodrom: we have 12, one is "why is as2 so bloated"
sandro: it has more in the issue than the title sounds like
eprodrom: right
... so we have quite a few here, some are questions, some may
be... I'm not sure if we should mark these as blocking or
not
<Arnaud> issues like "why is as2 so bloated?" should be closed with a comment stating that this is not actionable, if any particular part is questioned they should be listed in a separate issue
tantek: the question is for you, how much time do you think you need to resolve these, and which of these do you want to ask for some group discussion on to move them forward
<aaronpk> "this is not actionable" is my favorite way to close issues :P
eprodrom: not ready to do that today, I might be able to tomorrow, I'd like to run by james, would be great if we could run from 12 to 6
tantek: or 0
eprodrom: right or 0
tantek: I'd like to get as close
as we can to that by end of this meeting
... so given what you said about not willing to categorize, can
you be by tomorrow morning?
... we have agenda item scheduling and... we could do that
first thing
... or you might come back tomorrow and say you resolved
all
eprodrom: ha ha ha
sandro: james may participate remotely, maybe we can get an answer from him about ??
tantek: determine which you need group help for, then can james be present or is he happy to delegate to you about the issues
eprodrom: fine, good
tantek: otherwise will add to agenda for tomorrow morning; go through AS2 issues
eprodrom: with intent to close!
tantek: will block out an hour and a half for that
eprodrom: could I ask for rest of group to look through this? may speed discussion if people understand what topics are
tantek: consider this explicit
call for commentary
... some of these like conformance clause you reasonably
fixed
eprodrom: yeah we were almost
done by last f2f, but then we had f2f explosion with new
issues
... this one is interesting can try to take that on today
tantek: every document I've seen has CR exit criteria in spec or include it inline
shevski: why not have it be in the official w3c-social?
aaronpk: it isn't a requirement to do so, some required moving to their own group
<tantek> ack
annbass: question is is there some process where it should go ahead of CR, I could easily see one person's repo goes south or something
tantek: or that's one possible org issue
aaronpk: before github was used
more mailing list was only place to do that, but now github is
using more
... so I wonder if we should be archiving that discussion
annbass: that might be an advisory board thing
<tantek> There is the W3C-wide document on use of GitHub: https://www.w3.org/wiki/GitHub
tantek: repo issue is possibly helpful
aaronpk: that's possibly useful around patent stuff
tantek: lots of good reasons to do that
<aaronpk> it seems there is not a good answer to the particular question of archiving the github issues discussions
<tantek> break for 10 minutes
<tantek> break until 14:10 EDT
<tantek> Loqi ^^^
<rhiaro> eprodrom: does the validator send an accept header?
<wilkie> come back at 14:10 EDT
<Loqi> I added a countdown for 3/16 11:10am (#5817)
<rhiaro> I could look at the source but it's easier to ask :)
<Loqi> Tantekelik made 2 edits to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97757&oldid=97755
<Loqi> come back
<Loqi> Countdown set by wilkie on 3/16/16 at 10:59am
<aaronpk> you're the only one on the talky right now anyway :P
<rhiaro> scribe: rhiaro
<ben_thatmustbeme> scribenick: rhiaro
<tantek> chair: eprodrom
tsyesika: this is a predecessor
to activitypub, the pumpio as1 stuff
... Going to add a photo onto media goblin and send it to a
pump io user
... *does so*
<bengo> so good!
tsyesika: it has federated from
mediagoblin to pumpio
... Can post a reply in pumpio
... Back into mediagoblin, the reply should show
... *it does*
Everyone: applause
tsyesika: Coming up in the
release after next
... Any questions?
eprodrom: Bravo! Couple of
questions..
... How does it work for idfferent media types?
... Media goblin is generous with media types
tyesika: Media goblin has a todo
to support video and audio in the api for federation. Currently
only images federated
... It will support them in the same way as images. Serialise
the video or audio as how as1 defines them, and do the same
post request to the inbox
eprodrom: About likes... do they
translate to media goblin?
... If you go to the pumpio page and click like on it
tsyesika: they will work by the
time I finish mediagoblin
... Things are still a bit broken
eprodrom: What do you think next
steps are with this?
... with federation of mediagoblin?
tsyesika: Currently we don't have
comments that you make in mediagoblin federated *back*. All
activities need to federate and there will be support of like
and the others.
... And then probably the media types as you brought up
... One of the reasons media goblin is good is support of media
types
... And eventually having a up to date implementation of
activitypub
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97758&oldid=97757
cwebber2: I think it's interesting for the group to know that tsyesika has been working on this for a long time, and you might wonder why it took so long to get to this point, and I think it would be interesting for you to explain what the challenges are
tsyesika: The overwhelming
biggest thing for mediagoblin why it took so long is because of
the database structure
... Mediagoblin uses sql, postgres or sqlite, and it was
designed prior to federation and the pump api
... having things like comments that can be on other things,
comments on comments and other things being in collections,
involves creating generic keys
... something something referential integrity
... Lots of challenges implementing federation on an existing
implementation
eprodrom: That's a really
interesting point, pumpio uses document databases, so couchbase
or mongo or redis, but it's relatively easy to wedge little
bits of data into places that they weren't intended
... which is harder to do with an sql database
cwebber2: we're theoretically
advocating ... and this applies to others.. it's a general
problem when you have assumptinos about what types of things
are responses to other types of things
... Like comments ony being on media, that was an easy
assumption, but the rest of the world might not assume
that
... We don't have an answer for constraints in federation
... and this will be a challenge for owncloud as well. We
haven't talked about this in the gorup
... How to convert existing applications that were designed
before you planned to federate, and move them into the
federation wrold
... We're managing it with media goblin thanks to jessica, but
not everyone will have the resources for that
... WHat can we do to help people know and prepare fo rdoing
this?
... Do we permit organisations to set these kinds of
constraints?
Karli: database structure is part
of that, but not every social network works the same
... Facebook and g+ and twitter all have apis that work
differently
... twitter has obvious limitations with the size of the text,
if you can like, if there are comments or retweets which don't
exist in other social networks
... It's a huge question. Good to have an api that you can use
to model all kinds of social interactions, but does it mena
that every social network has to support everything that every
other social network supports?
... You could drop things that are not supported
eprodrom: that's probably a great
way to handle it
... THere might be other ways to do it too
... You oculd have a little grey image icon 'there is something
here I don't understand'
... like a puzzle piece in html documents
... some embedded stuff that doesn't make sense
... pumpio just throws stuff out
tantek: the experience with
webmention is that there are situations where having defined
fallback behaviour is useful and implementable. And also
sometimes just dropping stuff works. Very case by case.
... By starting with.. just get comments working. Suddenly
everything else can have a fallback that can be interpreted as
a comment
... So when people started doing lieks via webmention, by
including a summary in your like that says 'so and so likes
this'
... if you understand likes you ignore the summary and just
increment your counter or whatever
... but if you don't, you can display it as a comment
... so there's no new implementation needed
Karli: so it's the responsibilty of the consumer to ignore or translate something?
tantek: we didn't have to, because comments were designed in such a way to handle summary/content/etc, that later interactions could provide fallback content like a summary, so that something that only implements comments doesn't have to do anything new
aaronpk: reacji is a great
example
... Someone posts a single emoji reply
... Slack formalised the name
... You choose an emoji character as a reply
... you see on github a lot
... You end up with long comment threads full of emoji
... Slack did a thing where they showed the emoji with the
number of people who reacted with that
... So we're starting to experiment with that, so ifyou don't
do anything an dsomeone posts an emoji reply you show it as a
comment, but if you want to you can not show it as a comment
you can pull it up and create a counter
... the like example seems trivial becasue everyoen knows what
it is, but now it's happening again
cwebber2: one of the things
that's interesting about ... you must have started with a
database structure that still allows that
... but existing implementatkons like mediagoblin start with
databases where it's still difficult to even do fallbacks in
that way
... if your table only contains these fields, what do you do as
a fallback? If you have hard coded links between tables, you
need to be able to make that generic enough to do
fallbacks
... In indieweb you have this view that everything is a post
and you can adapt that. But other things don't have that
assumption in their worldview
... So how do we build on these different world views?
... You would be surprised at the different world views, even
trying to be accommodating for fallbacks
tantek: the more you can minimise those assumptions the better
cwebber2: that's not necesarily true for an organisation that already came in iwth its own assumptions
tantek: from a spec point of view. Of course organisations have their own assumptions. But with a spec, the more you can minimise the assumption sthat you're asking peopel to take on, the less work it is to make it compatible
shevski: the problem also is that
this stuff is going to continue to evolve
... reactionmojis
... it's going to be really fluid. You don't want want to get
into a race of being compatible now, because it's not going to
stay around. It needs to be generic and extensible, and quite
basic int erms of standards
tantek: we've done both,
compatible with now and generic
... the web took off because every single piece was cmpatibile
with what already existed
... you could serve html over ftp, or plain text over http
eprodrom: I'd like to bring it
back to the pumpio and mediagoblin federation
... There is a lot of pumpio federation process that's kind of
string and chewing gum
... THe oauth key discovery process is like from an older
version of oauth2 that's no longer compatible
... There's the dial back stuff
... There's the webfinger stuff in there
... And probably other bits, hacked to make them work
... Do you think that where we're going with activitypub is
going to .. what's th erelationship with all that stuff and
where we're going with activitypub?
tsyesika: good question
... ap at the moment doesn't specify too much of those
details
... We've decided oauth2
cwebber2: we were also told not to pick a stance there
tsyesika: so it's vague, so currently they would be incompatible because you can implement oauth2 in several ways
<bengo> <3 OIDC (which is a more specified flavor of oauth2)
tsyesika: the discovery stuff, we do have stuff but we think it will change
cwebber2: we already agreed on some change. We just haven't written yet
<bengo> including discovery, dynamic client registration, etc
tsyesika: so doesn't specify all of that, but as a downside will lead to incompatible implemenations without specifying
cwebber2: do you think there's anything other than auth?
<bengo> Fair. Communities of different size tho
tsyesika: i don't think anything other that's major
cwebber2: that's the big thing that's a known problem. If it's a constraint then it's a constraint
eprodrom: I see two ways of doing
that. One is to include authenticaiton and say this is how you
get an oauth 2 key in order to make these calls, and here are
the steps
... Another way to maintain compatibility is to have a suite of
specifications, AP specifically talks about getting your
activities back and forth, and then a discovery specification
and an authentication specification or something like that,
which would be short
cwebber2: I think discovery would be smooth put in there, but authentication I would be enthusiastic about saying there are auxilliary specs, but they might not make it to rec within this group's lifetime, but we have something that we can point people to. I think that's a good route.
eprodrom: this is a lot of
trouble to go to to end up with incompatible
implementations
... As one of the other people who has done this, I know how
much trouble this was
... I'm really impressed
... Any other quesitons?
tantek: how much work would it be to update these implementations to use as2/ap
tsyesika: I don't think.. it's still significant amount of work, but not too bad
cwebber2: lots of things close,
major things that are different are.. moving from as1 to as2 is
not very hard, but needs to be done.
... We need to change over the way it does discovery
... And ... those are the biggest things
... I think there are a lot more small things, but most things
are close
tsyesika: I don't think it's too bad
cwebber2: shouldnt' be as much work as it was to restructure the database
Going to be far less work to get to that point
tantek: When do you think you'll have an implementaiton of the current version of ap?
cwebber2: this depends on
resources within the project. We were lucky that we could bring
jessica on with a crowdfunding campaign
... now that money is ending and jessica got a job that is
supprotive of her work in this group luckily
... But I'm currently at Stripe retreat, but after this we
don't know what our resources are. Might be volunteers
... Really hard to say
... THe stuff that you're seeing here is for a release in the
next week
... Then we're polishing 1.0, then we'll start moving things
towards ap
... That's basically the state of the wrold
... How long that will take... I'm already bad at
estimations... so doing that for a project where I have no idea
what our resources are, I'm not going to bother
tantek: so you think you can release with this implementation?
cwebber2: yes, with notes that
should expect federation stuff to change, and in the interim it
will federate with pumpio
... Users are expecting that first stage of federation will be
at this level
tantek: maintain back compat?
cwebber2: I'm more worried about
authentication for that
... activitystreams stuff is manageable
... Not that worried
... Don't want jessica's work to not get out there
... Really want working federation otu the door
tantek: several generations of
frozen federation suites out there that are being left behind.
Like diaspora, federating amongst itslef and nobody else. And
GNU social. Thousands of users, but not federating with others,
only themselves.
... Movement has been slow.
... This is why I'm concerned that if you're going to make a
release that includes this work will it end up like one of
those, or will it move quickly and break things?
cwebber2: I'm hopi;ng move
quickly and break things
... our goal is to support the work in this group
... We've been clear about that with users
<Loqi> can confirm that lunch will be delivered
<Loqi> Countdown set by rhiaro on 3/16/16 at 7:37am
cwebber2: And some people in disapora are paying attention to what we're doing here
eprodrom: Can I challenge us to do a similar demo to this with AP in portland?
cwebber2: We can certainly
try
... But it's going to be a tumultuous time in our lives
... We will try, but no promises. Set your expecations
accordingly.
Karli: I'm still part outsider..
but at owncloud we want to implement something soon. But we
need something that is relatively stable
... That we can see a path.
tantek: what level of breaking new ground vs. interoperating with a few things vs interoperating with a lot ofthings are you comfortable with?
Karli: We already implemented
federation for sharing files 1.5 years ago, and several of the
steps here
... Version 3 of our api which is backward compatible, and 1.5
years later it's something 'stable' or 1.0
... So no problem with adapting to changes
... But as I understand this group, there are some really
different approaches, like activitypub and solid stuff and
other approaches, which are completely different
... We can't implement 2 or 3 different approaches
eprodrom: That's a good segue
<Arnaud> it works!
aaronpk: Since the last time we
talked I've worked on spec and implementation to support
editing and deleting posts
... So I can show the whole workflow
... Quill is a micropub client that I wrote that currently only
supports creating
... My website is the micropub server which uspports full
CRUD
... And there's a micropub client built into my site
... *creates post in Quill*
<KevinMarks> https://talky.io/socialweb is empty - are you doing demos somewhere else I can see?
aaronpk: *shows Quill output*
*** please hold for technical issues***
*** elevator music ***
<tantek> aaronpk fiddles with talky computer
*** and we're back! ***
<KevinMarks> I can hear, but screen is fuzzy
<KevinMarks> screenshare instead of cam?
aaronpk: So, created a post. It's on my site here
<KevinMarks> I suspect screensharing needs even more RAM than cam
aaronpk: Location sent with browser location api to micropub request
*** everything crashes ***
*** uncrash ***
aaronpk: When I'm logged into my
site, I have a menu bar which lets me edit
... Loads a javascript micropub client
... Because I'm logged in my site generates an access token the
client can pull out of the page
... I gave myself a couple of fields I commonly want to edit:
tags, syndication urls, date
... So I can add tags, hit save
... What's happening is the js app is talking to my micropub
endpoint directly, no other serverside componant at all
... *does so*
... In order to populate this interface with existing tags etc,
it uses a new part of micropub which is the R in CRUD which
lets the client request specific properties
... I don't need to load the entire content of the post to
edit
... So it reuqests just the pieces that it needs
... There's no way to edit the text of the post with this
interface, don't have a client for thsi yet
... Turns out that I don't often edit the text. Wanted to
optimise this for the most common edits
... Do plan on building a full editor for html posts in
Quill
... Also have a delete button
<KevinMarks> why is videoconferencing still so flaky? I had this working in 1999 with tiny amounts of RAM and it ran for weeks at a time
<cwebber2> KevinMarks: let's move back to webcams with pages that refresh every 30 seconds on a jpeg link
aaronpk: JS client could drop in
with one file. Only special thing is how to get the access
token, but I don't see why other people can't reuse it
... I could open source it
... There's not a lot of code
... Here's the micropub request in jquery
... The rest is just ui stuff
<KevinMarks> I'd accept multicast RTP
<KevinMarks> (audio has gone)
<annbass> sigh .. trying to get it going
<annbass> is sound back?
<eprodrom_> jasnell: so, big favour to ask you
<bengo> sound just came on for me
<bengo> talky is good
<annbass> ok .. arnaud and kevinmarks ... you can hear?
<Arnaud> yes, thanks
aaronpk: Here's a new interface
in quill for posting events. Needs cleaning up, but minimal and
works
... *posts event*
<KevinMarks> and the gpu just coughed a hirball and blacked out all my browser windows
<KevinMarks> yay, i can hear again
aaronpk: Event posted to my site,
and appears in Woodwind, a reader
... The reader recognises that this is an event post and adds
these additional rsvp buttons
<annbass> s/clenaing/cleaning/
aaronpk: I authenticated with the
reader, and during that process I granted it an access token
that lets it become a micropub client to my site
... So when I click a star on a post, it makes a micropub
request to my site
... Similarly, when I click an rsvp button it makes an rsvp
post on my site
... Also a micropub request
... So I see the rsvp in the events feed on my site
... created in quill, quill added it to my site, woodwind read
it from my site, woodwind created a new post to rsvp and posted
that to my site
shevski: in what ways can I rsvp to your event?
aaronpk: You can rsvp by writing
a post on your site htat's an rsvp post and send a webmention
to this page
... and you'll show up in that list
shevski: any other way? Only way is for me to create a post on my site using...?
aaronpk: doesn't matter how you create as long as it iends with with html + microformats
shevski: Why can't I go on your site and click a button?
aaronpk: you want me to host your rsvps?
shevski: or have that as an
option
... it's a little hardcore
aaronpk: my site is not a general purpose events site, it's just my site. I also don't have a comments form.
annbass: *trying to send rsvp from known*
dmitriz: is there any access control? Can events be private?
aaronpk: not right now, planning to
dmitriz: haven't had chance to look at the spec, how does the recipient of the webmention discover that is of type event
aaronpk: here's the parsed
microformats of the rsvp post. has in-reply-to and rsvp
properties
... that's enough that my site recognises that it's an
rsvp
... THe event itself looks like this, which has type: h-event,
and start and end date
... The post type discovery spec tells you how to get from
amicroformats object to something else
dmitriz: you don't have access control on this site, but is there provision for private and public?
aaronpk: what you're talking
about would be more on the reading and consuming parts of the
spec
... THe way that woodwind found the post, you would need to
have a way to authenticate to begin with
... We don't have anything.. woodwind found this via PuSH and
polling the feed. There isn't a mechanism in PuSH to support
private posts. But it's on the consuming side rather than the
micropub side
... Similarly in webmention we need a way to verify things that
are private
tantek: I have an rsvp post that
I"m going to be sending to aaron's event
... **php warnings, blames aaronpk**
... Is showing debugging info about finding webmention
endpoints
... posts, reloads aaron's event post
... rsvp is there
... and on my site
... and on twitter
... using twitter's proprietary api
eprodrom: 20 minute break to
recharge
... (recharge parking meter / people)
<wilkie> reconvene at 3:40pm EDT
<Loqi> I added a countdown for 3/16 12:40pm (#5818)
<aaronpk> Arnaud: haha i never considered that!
<aaronpk> is it not used as a verb in french?
<jasnell> eprodrom_: favor?
<KevinMarks> well the R part is the verb Respondez S'il Vous Plait - "respond if it pleases you"
<KevinMarks> but RSVP becomes a noun, and then a verb becasue that's how English imports external code
<Loqi> reconvene
<Loqi> Countdown set by wilkie on 3/16/16 at 12:18pm
<eprodrom_> jasnell: so, the only thing keeping us from voting to take AS2 to CR is that there are a number of open issues on the repo
<jasnell> ok, I weighed in on most of them
<jasnell> just need to know how the WG chooses to resolve those
<eprodrom_> Perfect
<eprodrom_> So, the favor was, "Please weigh in on them by tomorrow morning so we have an idea where you stand."
<eprodrom_> It's likely that unless there's some intense debate tomorrow we'll default to resolving per your recommendation
<Arnaud> re: RSVP, KevinMarks got it right :)
<aaronpk> is "RSVP" as an abbreviation used in french?
<Arnaud> it's also that it seems to be used both for the question and the response in english, that's the most confusing part to me
<Arnaud> yes, it is used as an abbreviation but only at the bottom of an invitation or something like that
<aaronpk> ah yes. in english I would send you an RSVP
<shevski> https://www.w3.org/wiki/Socialwg/DocumentStatus
<Arnaud> in French RSVP is merely used as the prompt/question
<Arnaud> then you would just talk about "responses"
ben_thatmust: *shows rsvp demo,
same as aaronpk's*
... Now a reactji - emoji response
... post with a single emoji in it is the original post
... but the response shows as a count
... *it is a poop*
... A bunch of others from testing
eprodrom: it's not a different post type, it's just ap ost that has a single emoji? So you're looking in the content?
ben_thatmust: yes, I'm parsing
out if it's a single emoji. Much harder than I expected
... An emoji is a bunch of characters, or two letters that form
a flag, which is a single emoji
... Any questions?
... *annbass attempts to send poopji*
<tantek> annbass, can you post a reply?
<Loqi> reconvene
<Loqi> Countdown set by wilkie on 3/16/16 at 9:03am
<eprodrom_> "*it is a poop*"
<wilkie> Loqi: what is that
<Loqi> Eprodrom made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97759&oldid=97758
Karli: owncloud is not
technically a social network
... First, install owncloud server - unzipping a file
... update some permissions
... and voila
... lots in to userdatamanifesto.org/owncloud
... can deploy anywhere that supports php
... desktop and mobile clients are synchronised for files and
favourites, comments, tags
... Owncloud is not social in itself, its for protecting my own
files
<tantek> For the logs, my federated RSVP permalink from my demo: http://tantek.com/2016/076/t2/going-to-w3c-social-web-working-group
Karli: you can have calendar,
contacts, gallery, all kinds of things
... So now we have two servers, we can do federation
... Can share calendar etc with other pepole, uses caldav
... calendar is one of the most popular owncloud use cases
these days
... here's a folder of documents with an example .odt file
<aaronpk> webmention implementations were: Falcon (sending), p3k's Telegraph (sending), webmention.io (receiving), ben.thatmustbe.me (sending and receiving)
Karli: here is the sharing side
bar, can share with people on the same server, or I can send
out links to everyone, or I can do federation
... For federation I type in a federation ID which is a host
name + a username
... so I can now do federation with a user on another
server
<aaronpk> micropub implementations were: p3k (server), Quill (client), Woodwind (client), ben.thatmustbe.me (server and client)
Karli: one server pings the other
server and says here is a sharing request
... on the other server, it shows a notification which lets me
accept the sharing request
... and then I have... maybe... or not...
... I have the documents folder shared between the two
servers
... The actual transfer of the files is done via webdav
... but we had to come up with our own protocol for the
invitation process
... so this was implemented 1.5 years ago. Nowadays solid does
stuff here that could have been resused but wasn't because of
timing
... The social part is then if you click on this shared folder
the sidebar opens, which lets you comment
... which is visible to everyone with access to this file
... and there's an activitystream which lets you see what's
happening with this folder. New files, comments, changes
... And there's an overall activity feed where I can see
everything that's going on on my server
sandro: does the activity feed live on the same server as the file?
Karli: yes
sandro: so if 100 people share a file, there's one feed?
Karli: everyone with access to a file or folder also sees the activity on this file or folder
sandro: if I make a comment it's sent back to the server where the file is
Karli: this is the part that's
missing. We do everything with webdav. Sharing information
including comments via webdav
... We could just read comments from remote servers via
webdav
... but if there's a different appraoch we would implement
that
dmitriz: how do yu handle permissions and access control?
Karli: if you go on a folder,
sharing, there are different ways to share
... you can password protect links, allow expiry, allow read
only
... expiration date google announced yesterday, but we had for
5 years
dmitriz: HAH
Karli: Other people can delete files, or add a new file in a shared folder
dmitriz: where do you store access control information?
Karli: filesystem for storing
files, metadata including access control in database
... can be sqlite or mysql or postgres
... So not a social network, we're approaching this from a
different direction
... Idea was for file hosting. But of course I want to share my
files with someone
... But without uploading it to a social network
... All this sharing information is also present on the desktop
clients
... communicates via rest api with the server to initate the
sharing request with the server
shevski: if something is shared do they get a copy? what if they both change at the same time?
Karli: on the desktop and mobile
side we do bi-directional syncing
... does conflict detection and you might get a conflict file
if necessary
... but the federation is not synced, it's a live
connection
... We have implemented our own api for the activity feed but
we want to do the next version with AS2
... Means we will implement desktop and mobile clients for
consuming as2
cwebber2: we should talk about
if... the challenging thing with the database that we talked
about.. the upload media stuff we should talk about. We have
some vague discussion fo that in AP but needs work
... I'd be interested to see the direction and work together on
that
Karli: Another thing from a
strategic perspective.. a lot of people see owncloud as a
dropbox replacement
... But I think this will evolve into a social network
... We have 8 million users
... so kind of a trojan horse
sandro: how many companies run servers?
Karli: the biggest installation
that we are involved with is for half a million for
universities in German
... But we just learnted that there's an installation in India
with 1.1 million users
... Scaling is actually quite easy based on web
technologies
sandro: dinner at 6, any objections?
shevski: I thought the status doc
would be upated and we could just review it
... but it hasn't. Maybe we need to go over what we're tryign
to do with it and who is going to update what
tantek: what's it for?
shevski: The idea was to partly
start thinking about what are the next steps to get to CR for
various things, and what do we need for the implementationr
eport
... and what can we do in the time we have to grow adoption for
any of these things
... Fulfilling process requirements and also the wider problem
of getting more users and implementations?
tantek: it has links to implemenations?
<hhalpin> Where's the links to existing implementations?
shevski: it doesn't at the moment
sandro: webmention has a link
<aaronpk> https://www.w3.org/wiki/Socialwg/DocumentStatus
eprodrom: we have 2 things. One is documeting implementations, and one next steps
sandro: this is the link to all
the other documents
... trying to get peopel to focus on what happens next
eprodrom: I think us as chairs need it to see what to do to push things forward
sandro: we could just talk about
this for as2 right now at least for a few minutes
... I don't think we've wrapped up next steps for as2
<tantek> we already have a list of our documents on our home page: https://www.w3.org/wiki/Socialwg#Drafts - no need for a separate page
eprodrom: Let's take til 1630 to
discuss listing implementations and maintaining the list from
hereon
... and from 1630 to 17-1730 discussing next steps for
documents
tantek: I want to kill the
document status page because I think it's useless and busy
work
... We already have drafts on our homepage
... s/drafts/links to drafts
<hhalpin> We should have a page that lists implemenations per spec
<hhalpin> Given that we have soooo many specs right now
eprodrom: the purpose of this document status was leading up to this meeting, it's value goes down now we're at the meeting. We cna just talk about it
<hhalpin> The rest of the material on the page is busywork
<hhalpin> However, the list of implementations is super-important for CR exit
sandro: I find this useful to see status of documents, I don't mind where
aaronpk: what status do you mean?
<tantek> if you're editing a draft, please update https://www.w3.org/wiki/Socialwg#Drafts with a link to your Issues page
<hhalpin> (just to repeat what I said above)
aaronpk: WD or other major ones, what are they?
eprodrom: let's take 10 minutes per draft and takl about next steps
<hhalpin> +1
eprodrom: For editors can say what they're doing, and people with experience of rec process can say what we're shooting for next
<aaronpk> just added links to issues for webmention and micropub
sandro: the output of this conversaiton si not documented anywhere besides the minutes
eprodrom: could we put this in github?
sandro: see what they are first?
eprodrom: start with AS2
eprodrom: Big next steps are test
suite, conformance section, and closing recent issues
... In december we were almost all closed but now we have
more
... But we are going to try to close those tomorrow
morning
... Hopefully we can close them quickly, most will have
editor's recommendation for next steps
... Unless there's strong debate we can probably move fast. Not
that I'm discouraging debate.
... At which point it's possible we could vote to transition to
CR in this meeting
... Then we would publish a new updated version based on the
decisions that are made tomorrow morning
... one last editorial pass, then have something ready to go to
cr
... If the group says we do x, implementors implement x, and we
probably on't need another vote
... Or we could do editorial and then a round of review
... Or we say the editorial is implementing what we decided and
we can go to CR
... That might be a decision to make tomorrow
tantek: How many implementations do we have of current activitystreams drafts?
cwebber2: one in activipy and half in the guile one
eprodrom: I was just making a
list on the activitystreams implementation page and I count
4.5
... java, javascript, activipy, validator which okay that's
cheating, and..
tantek: why is it cheating?
eprodrom: is it an implementation or an implementation tool?
tantek: implementation
eprodrom: then we're at 4.5
<eprodrom_> https://www.w3.org/wiki/Activity_Streams#Implementations
hhalpin: helpful to have a big
page with all implementations
... with implementations that are either conformant or planning
to be
<tantek> https://www.w3.org/wiki/Socialwg#Drafts
<eprodrom_> rhiaro: oh, now I feel like a jerk
<cwebber2> eprodrom, added!
<Loqi> Aaronpk made 1 edit to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=97761&oldid=97711
eprodrom: doesn't matter, will ask later :)
<Loqi> Eprodrom made 1 edit to [[Socialwg/DocumentStatus]] https://www.w3.org/wiki/index.php?diff=97762&oldid=97698
<Loqi> Sandro made 1 edit to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=97763&oldid=97761
<sandro> https://www.w3.org/2003/08/owl-systems/test-results-out
sandro: As we get to having the validator on the test suite for something like as2 it would be nice to see the implementations look more like this (matrix with tests and validations), for each document does it pass it, and results
<sandro> as example
sandro: A list is nice early, but
by the time we have a test suite we should have more detail
about conformance
... And then what's the process for getting peopel to give us
results
eprodrom: for pumpio I could
maybe take links for kinds of feeds on a pumpio site and link
to each of those and say if they validate
... these are the kinds of feeds that we generate
sandro: I guess actually what I
want is depending on the feature granularity
... is there a feed from that implementation that uses that
feature
eprodrom: we need to move our implementation pages from we implement this to implementation reports
sandro: we could borrow something
from other groups or roll our own
... An action item on someone who's willing to do it?
tantek: until we have a test suite we don't need this. First step, make a test suite
sandro: needs to be soon though
eprodrom: test reports to exit cr
tantek: which implementations are
testable?
... a library is not really testable
... no working group I know of has used a library to exit
cr
... not an implementation for any workign group I've been
involved in
sandro: don't do universal generalisations
<eprodrom_> sandro: B-)
shevski: what are the formal
requirements for w3c implementation report?
... I'm interested in demonstrating genuine adoption
<tantek> /me sandro isn't that a universal generalization? ;)
shevski: I don't think something
should become a standard if only 3 people care about it
... If we have 5 different things we need to start talking to
peopel and lining up implementations or maybe there is already
100s of peopel and companies using it
... Things in the wild
<hhalpin> I would suggest adding an estimate on the number of users per implementation.
shevski: Stuff people can be
interested in, like mooncake which thoughtworks built which
displays activitystreams from varous sources, they have demos,
good to list user friendly things so people can see what it
looks like
... so if people are looking at as2 and deciding, they can see
if they want to use it
<cwebber2> hhalpin, did mooncake use the java library of AS2 or have its own
<tantek> +1
<cwebber2> hhalpin, is that another implementation?
<hhalpin> I think they re-coded it using Clojure
eprodrom: if we look at previous implementations for as2 that's definitely an outreach process and we do have a little bit of a psychological advantage to ahving 2.0, we can ask people when they're going to upgrade
<hhalpin> So you *may* have another implementation there.
eprodrom: 'why are you using the
old version'?
... good pressure with a version number
... but that is a contact process
... and that might be a next step is to be reaching out
shevski: whose responsibility is it to do that? Editors for each draft?
<hhalpin> That being said, I'm not sure if they have any users per se. There was supposed to be 3 pilots: Iceland, Finland, Spain - I think Finland is interested.
sandro: we're not there yet
shevski: but for initial implementaton report?
tantek: that's produced *during* CR
<hhalpin> Email Jaako Korhonon re Finland and Natalie from Thoughtworks via Clojure details, I've been removed by W3C/ERCIM from D-CENT for almost a year so not tracking :)
eprodrom: definitely a snowball effect of seeing implementations listed
hhalpin: think it would be
useful.. we don't test how many users something has.. assume it
has users, not ask how many. That being said, users are good.
Even though it's not formally part of the process should be
something the wg takes into account
... So eg. per library list code bases that use it
... Keep track of how many users each implementation has
... Would help for people looking in from outside to see what
the state of play is
<sandro> https://kangax.github.io/compat-table/es6/ and http://caniuse.com/
sandro: Looking at two other
implementation reports. I don't think we shoudl worry about
w3c, but what the users want
... see ^
<hhalpin> Yes, but caniuse doesn't measure "users" :)
<hhalpin> We assume all these browsers have users.
<hhalpin> Its harder in this case
sandro: Tells users what they can use to get to use as2
<wilkie> doesn't it measure browser market share?
sandro: if it's good enough for users it's good enough for w3c
<hhalpin> Still, adding guess user numbers helps
sandro: but it's a lot of
work
... that includes covering extensions in theory, that's where
it really starts to pay off
<Zakim> tantek, you wanted to comment on we need to start talking to people and lining up implementations or maybe there is already 100s of people and companies using it
<Loqi> Aaronpk made 1 edit to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=97767&oldid=97763
sandro: how many consumers consume this extension so should I produce it
<hhalpin> So, in theory in some of the SemWeb space (GRDDL comes to mind) I've seen stuff with users numbering in less than a dozen go to Rec, but I think W3C is discouraging that kind of thing.
tantek: I agree that listing
things that are accesible to users is a good thing
... Good to list user friendly things so people can see what it
looks like, as shevski said
... Before we ask anyone outside this WG to implement
something, I would like to see implementations by people in
this wg
<hhalpin> Typically a WG converges, then we do a call for implementations. Its a bit odd to do a call for implementation without some convergence!
tantek: For each draft, at least
one. I think we're close to that
... I would hope we have an implementation from the group we
can point to
sandro: I would hope the editors would have some implementation
cwebber2: and also with actual code
shevski: so people can see 'that
is the kind of thing I want in my app, I will use this
spec'
... so get a sense of something working
eprodrom: implementation and
advocacy is going to become a very big issue before we go to
cr
... right now we're collecting lists, next step is to collect
test results as well as outreach
<ben_thatmustbeme> https://wordpress.org/plugins/activitystream-extension/
eprodrom: may be something we
should start in the next few weeks
... but post CR, does that sound fair?
tantek: what do we need to take
things to CR, then once we're in CR what do we need to do to
exit?
... A test report is not required to enter CR
... For implementations,t hat's up to the wg to decide
... how much implementation verification do we want internally
before we are comfortable taking something to cr
... we have a few implementations including a validator that
anyone can try. We can make some claim like the validator
implements 90% of AS2
... Then we can tell people that when we enter CR, to help
encourage more
... Hopefully an example for those spec to follow
... If we have implementations from editors, 90%, 50% of the
spec, that is useful to include as part of going to CR
<bengo> err
<bengo> I can hear sounds but not really Amy
<rhiaro> Needs catching up with current state of specs it talks about
eprodrom: what's our intention with publication?
<rhiaro> Note is fine
sandro: remaining flexible depending on contents
shevski: seems like a primer
<Loqi> Tantekelik made 1 edit to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=97768&oldid=97767
eprodrom: we're shooting for
another version in early april and will iterate on a regular
basis over the coming months
... .. Webmention
aaronpk: A few more issues that I
wasn't able to close myself, would like to go through those
tomorrow
... With those resolved I feel like things are stable enough
that there are no major blocking issues and plenty of
implementations..
tantek: how many?
aaronpk: there's a list on the
document. dozens? There are two roles, sending and receiving. I
believe it's dozens of each
... it is documented in the spec
... enough where I feel like things are working fine
... The next thing I want to do is work on a test suite so
there are tools for peopel to test their implementations on
both sides
... interactive validators basically
... a lot already exists as small utilities
sandro: the small utitlities
haven' treally poked the edge cases right?
... like where the endpoint is discovered?a
aaronpk: some test for xss for example, so they'll send you a webmention with a script hyou should be filtering out. kind of adjacent to the spec itself as the spec doesn't say you have to show a comment on a post
tantek: do you have a privacy and security section?
aaronpk: minimal, could be expanded
tantek: could expand to answer
the privacy and security questionnaire from the TAG
... currently optional part of specs
... AB and TAG are gathering experience with it, but if you're
not sure what to say about security and privacy this is one way
of expanding
<ben_thatmustbeme> https://w3ctag.github.io/security-questionnaire/
<ben_thatmustbeme> i'm guessing its that aaronpk
dmitriz: From what I remember
from AS2 and AP specs the security and privacy ocnsiderations
sections used language with 'must provide x level of privacy'
and so on: how is that testable?
... how can we enforce that?
tantek: how that plays into conformance requirements is a separate qusetion
eprodrom: probably
unenforceable
... very difficult to test whether someone has considered
something
hhalpin: testing privacy is
hard
... there are ways, but they're not part of w3c test suite or
well understood, basically research projects, maybe in the
future
... obvious things like breaks same origin policiy we can note
that
... Point on social web protocols.. seems like we're not going
to converge... If we don't converge and we have this document
saying there are 3 things
... And if someone has the spare time to shim between these
formats
... if such a shim existed that would make SWP more useful
<rhiaro> some parts are easy to shim, some overlap completely, some not
Karli: would be desireable to
have an overlap
... instead of trying to solve it like a failed attempt with a
library
eprodrom: there are some formulations we could use to define it. It's an interesting question but I want to bring us back to document status
aaronpk: Beyond testing, I would
like to know what is then expected of me as the editor or us as
the group to move forward
... Reading the w3c process documents is overwhelming, so what
is the human readable version of the next step?
<hhalpin> Note that Test the Web Forward stuff doesn't apply here
aaronpk: Assuming we close issues and build a test suite, what's left?
<hhalpin> But basically, the Process Doc is pretty easily explained and its legal to publish different documents.
eprodrom: then we have the decision of whether we're going to publish one, two or some convergence
<hhalpin> As long as they can all fulfill CR
<hhalpin> That being said, it would obviously be more desirable to have a convergence
eprodrom: We resolved to move them all forward with no dependencies
tantek: we should ask the same things as as2 of every other draft
eprodrom: test suite, conformance section
tantek: just want to be consistent
aaronpk: conformance is already
in there
... oh no, micropub has it, not webmention
... okay, will do that
... if it applies to every spec can we put this list
somewhere?
sandro: webmention is simple
enough we can say 2 complete senders and 2 complete
receivers
... exit criteria is 2 implementations of each feature
tantek: define what 'feature'
means
... sandro said sending and receiving are features, but you
said features break downmore
aaronpk: features like updates
and deletes
... existing implementations are various overlapping
subsets
cwebber2: I dont' know if we need to leave owen on there, should we remove him because he's not a current editor?
sandro: make him an author or former editor
cwebber2: we can do that
... In terms of things that are next, we have a list of
actionable bugs
... Might be useful to use some call time
... Some I've been stuck
... Issues are slow
... Easier to go through on a call
... I think we'll make a lot of changes
... I'd also like to work on implementations
... So we can test the federation stuff works the way that we
expect it to
... Media goblin is a good option
... Maybe somebody in the pumpio community will jump on
it
... Possibly something smaller
<eprodrom_> https://wordpress.org/plugins/activitystream-extension/changelog/ !!!!!!!!!!!
cwebber2: Bugs, then implementations, then the whole conversation about conformance
<eprodrom_> "1.1.0 initial AS2 feed (beta)"
cwebber2: I probably will need
guidence
... As for worrying about the test suite, I'd like to do that
after the implementations are at a certain stage, so we know
what we're testing
<ben_thatmustbeme> eprodrom_ cool!
eprodrom: work on bugs, do a new version, get review, then start talking about test suite?
cwebber2: I'd like to see
implementations before test suite
... I don't think test driven makes sense for standards, when
you don't know what you're pushing forward
<cwebber2> - close actionable bugs
<cwebber2> - work on implmentations (1 or ideally 2)
<cwebber2> - conformance section and security considerations
<cwebber2> - test suite
<KevinMarks> surely you will write tests as you write implementations; the question is if you can generalize them
<cwebber2> KevinMarks, quite probably, you probably heard what I just said :)
<Loqi> Tantekelik made 1 edit to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=97769&oldid=97768
<cwebber2> - and exit cr in between the last two
cwebber2: having a mniinmal implementation that includes tests would be good
eprodrom: date for next version
of ap?
... may?
cwebber2: ...sure, mid-may
aaronpk: Add privacy and security
section
... conformance is already there
... make a plan for building test suites
... That doesn't go in the spec right?
tantek: yeah
aaronpk: CR exit criteria
... And several combinations of things in micropub spec,
multiple kinds of server and client implementations
... A server or a client does not have to support all features,
so there are many different kinds of valid
implementations
... Would like to publish another update of this before asking
for it to go to cr
tantek: Also for all, identify what you consider at risk
<cwebber2> rhiaro, cool
tantek: Once you have figured out
what the features are, among that set of features decide if
there are any that you consider at risk
... If you think it's too new or you're not confident in it,
label any of them (preferably not all) at risk and let the wg
know
... people in wg, if you object to a feature file issues or ask
for it to be put at risk. Or if you think a feature is
essential you can argue against putting at risk
... Editors can say what you consider at risk and why
... Or you can say none ofthem are at risk
... The effect on the process is that if you get to the end of
the cr period you can drop at risk features without having to
publish another draft
<Arnaud> I agree with Tantek, At Risk is a powerful mechanism but I would invite anyone to make suggestions/requests
<Arnaud> this is not limited to editors
tantek: when can we expect a new draft of micropub?
aaronpk: both of them by april 8th at the latest, hopefully earlier
tantek: if you dont' meet all
requirements for cr, you can still publish another wd
immediately
... for all drafts
... if you're resolved issues
... close to 0
aaronpk: in that case I will propose to publish a new draft on the 29
on the next call
cwebber2: issue closing party
tantek: I have had issues finding
the time to convert that into the proper format to publish so I
need help
... I don't have a godo workflow for editing that draft on the
wiki then turning that into a form that I can publish on
w3c
annbass: what's involved with converting it?
tantek: if you use respec it
expects a certain syntax
... which is not mediawiki
<eprodrom_> http://blog.fuzzy.io/?feed=as2
tantek: so either I have to
manuall convert it every time, or convert it once and keep it
in sync, or give up on the wiki and just use github
... I was hoping I could pipe the wiki page into the
publication process and have it work
hhaplin: when people have edited
specs in wikis in the past... it's possible..
... you just have to put effort in to convert, but it's a lot
of work
tantek: I could iterate on issues
and close them next
... in editors draft
... would be pgoress before trying to do conversion
eprodrom: and what form would
help take?
... you want a coeditor, or general participation in wiki
editing?
tantek: looking for suggestions
in conversion process
... wiki is good for iterating, but not for publishing
... Open for suggestions
... If I have to convert to respec in github then fine, but I'm
looking for suggestions
eprodrom: any other
questions?
... If not, we are at the end of our agenda. Pretty
impressed.
tantek: worth spending a couple of minutes on bringing up other docs we had as editors drafts
<tantek> https://www.w3.org/wiki/Socialwg#Drafts
tantek: Action Handles
... Handlers
... was separated from as2
... only broken links
<KevinMarks> Action handlers is a broken link
<trackbot> Error finding 'handlers'. You can review and register nicknames at <http://www.w3.org/Social/track/users>.
tantek: Not sure what happened to
it. I think we have enough work, so we drop this as a work
item?
... Not to say we ban it, but fo rnow we admit that nobody is
actively working on it
... If someone wants to bring it back they can do that in the
future
... But for now we can move it from the list of drafts
... jasnell is not here so I want to give him a week to pipe
up
<Arnaud> It's ok
<Arnaud> jasnell won't oppose this motion
cwebber2: we should put it on the table and mail the list
ben_thatmust: we can resolve to remove it and bring up objections in the next telecon
<cwebber2> ah well then Arnaud :)
<cwebber2> easy!
<tantek> PROPOSED: Drop Action Handlers Editor's Draft from our list of working group drafts, without prejudice
<wilkie> +1
<cwebber2> +1
<bengo> +1
<aaronpk> +1
<ben_thatmustbeme> +1
<eprodrom_> +1
<sandro> +1
+1
<KevinMarks> +1
<annbass> /me I like the "without prejudice" bit
<dmitriz> +1
<tsyesika> +1
RESOLUTION: Drop Action Handlers Editor's Draft from our list of working group drafts, without prejudice
tantek: the other one is jf2
ben_thatmust: I have not had much
time due to personal small people reasons to work on this
... I certainly would like to see something of this go to a
note, because I think it's been useful and it's standardising
several implementations that are using json formats of
microformats
... but I don't have the time to push that toward a rec
sandro: is it dependant on microformats?
aaronpk: I have found it useful
for dealing with apis and services that use micropub and
webmention, it sort of sits in th emiddle of everything and is
used by both of thise, but I don't need to normatively
refernece it as a spec, but ti has been useful in building
implementations
... that's how I have some iterations of the document that I
have been taling to ben about but haven't been updated or
anything
... but it's been useful
... but I don't need to tie the specs to it
... I could if it was there, but
tantek: what do you need to do as editor to produce a working draft towards a note?
<Arnaud> sorry, I've got to go - see you
ben_thatmust: I don't know
... definitely needs editorial changes
... it's difficult because I'm definining the spec without the
vocabulary. Trying to say was written with microformats in mind
but you could apply any vocab to it
aaronpk: the more useful parts I"ve found are tied to the vocabulary
<KevinMarks> microformats2 parsing doesn't define a vocabulary either
aaronpk: Using as this is the one
way to represent a blog post or an author with the microformats
vocabulary
... Useful to me whether or not it's a spec
<KevinMarks> I did a generic mf2 to jf2 converter
tantek: if you want to take it to
note we can make this intention clear up front
... so we can plan for that as a group
... non rec track draft
... When do you think it will be in good enough shape to
publish as a non rec track draft
ben_thatmustbeme: I need some
time to work on it
... Can say... april
<eprodrom_> sandro: So, there's a WordPress plugin that implements AS2
eprodrom: time to wrap up. Any other agenda items that we need to address before the end of the day?
<sandro> dinner is 6:15 http://www.opentable.com/atasca
<aaronpk> sandro++
<Loqi> sandro has 30 karma
<sandro> (dinner isn't sponsored)
eprodrom: Agenda for
tomorrow
... tomorrow afternoon, can go through issues that editors want
to bring to the group
aaronpk: I do have issues on wm and mp that I would like to discuss
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97771&oldid=97759
aaronpk: Not many, like 2 on mp 4 on wm
eprodrom: I'll update
agenda
... FIN
<KevinMarks> St Patricks Day in Boston?
<KevinMarks> I would think so
<bengo> night yall enjoy dinner
<Loqi> Eprodrom made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97772&oldid=97771
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97773&oldid=97772
<eprodrom_> I'm running late; there by 10:15.
<tantek> good morning #social - my ETA this morning is 10:05ish. If y'all are ready to go, have eprodrom get us started!
<Loqi> Rhiaro made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97774&oldid=97773
<tantek> updated: https://www.w3.org/wiki/Socialwg/2016-03-16
<tantek> specifically: https://www.w3.org/wiki/Socialwg/2016-03-16#March_17
<tantek> trackbot, start meeting
<trackbot> Meeting: Social Web Working Group Teleconference
<trackbot> Date: 17 March 2016
<tantek> scribe: wilkie
<tantek> chair: tantek
tantek: if nobody thinks of any
other agenda items, this is all for today. which seems
reasonable
... how many issues do things have?
aaronpk: 4
sandro: and micropub?
aaronpk: no issues that need discussion. just a couple of pull requests.
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97775&oldid=97774
annbass: I have a comment. The
socialwg interest group has always been considering what it is
they are do. it is still an open question if we need such a
group.
... My suggestion is to move the IG to be a Community Group
(CG), so that anyone in the world can participate, without
being a W3C member or Invited Expert. I suggest the main goal
of the CG might be to collect additional social use cases that
we haven't thought of, especially from people who haven't
participated before, or who are from cultural environments we
personally haven't experienced.
... so I do think there are use cases we aren't aware of.
tantek: do you want some time to talk about that?
<dmitriz> @rhiaro - there is an issue open for what you mentioned, in fact, https://github.com/w3c-social/activitystreams-validator/issues/16
annbass: yes.
... Also, I am now co-chairing the W3C Positive Work
Environment Task Force (PWET) with Amy van der Hiel. Our
interest in the consortium is to make a good place to work and
so I would like some feedback, public or private, about the w3c
and what could improve.
... the challenges haven't been where I thought they would
be
tantek: such as?
annbass: you would think about diversity and such but the problems have been mainly technical
tantek: and some social interactions
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97776&oldid=97775
annbass: yeah
tantek: that's a problem that has made it up fairly far in the organization
annbass: how we can address that is something worth discussing
tantek: yeah, there is what you
could say is w3c's broad tolerance for different social
behaviors.
... which are obstacles to technical discussion and finding
solutions. so if we could find solutions to that.
annbass: yeah, and certainly there are people who have a problem with this. such as women or quieter people who have a problem with people who are strongly argumentative and vocal.
shevski: which is what tantek was
saying. those people can be disruptive and at times
bullies.
... the problem is when nothing happens to those people
visibly, then people see that and say 'I don't want to be
involved. this is not a safe space.'
annbass: me too. I see that and I try and then I say "nah, I'm done"
tantek: and you've seen that at the highest
annbass: I'm not sure about that. But we've all seen it in various situations. What can we do to improve?
shevski: a code of conduct is what you do
annbass: we have one
tantek: it's a rather new thing
annbass: no, it has been there
for 10 years I think
... but also, what we have to do is maybe training
Karli_: the problem with a code of conduct is that people may not see it or it isn't enforced and people don't respect it
annbass: another thing is that people don't realize THEY have behaved that way, even when you call it out; that they have done something wrong and correct for that
shevski: on the community group
stuff. I like having /something/ is good.
... having something from the community about what they want is
good. such as "I want quick communication among many devices"
and there isn't that.
tantek: *whispers* that's not social, those are machines
shevski: but it is! I'm talking to people. through machines.
tantek: [evan enters] photo time!
eprodrom: has everybody taken a look at the issues?
<eprodrom_> https://github.com/jasnell/w3c-socialwg-activitystreams/issues
<ben_thatmustbeme> https://github.com/jasnell/w3c-socialwg-activitystreams/issues
eprodrom_: what I would like to do is work from oldest to newest and see what we can do to clarify those.
<eprodrom_> https://github.com/jasnell/w3c-socialwg-activitystreams/issues/249
tantek: to be clear these are ones you think need discussion
eprodrom_: these are ones that are open... let's say that of the ones we have there are 3 that are significant changes...
tantek: want to go through the hardest ones first?
<eprodrom_> https://github.com/jasnell/w3c-socialwg-activitystreams/issues/249
eprodrom_: maybe the easiest ones first?
tantek: ok
eprodrom_: 249. so, some of the examples don't have the properties described in the text. james is +1, I'm +1. so there isn't a problem with this.
tantek: if you and the other editors think something is editorial then we don't need to look at it. we trust your judgment.
<tantek> https://github.com/jasnell/w3c-socialwg-activitystreams/issues/279
<tantek> https://github.com/jasnell/w3c-socialwg-activitystreams/issues/280
eprodrom_: for the CR exit issues. we need explicit exit criteria (279), a list of separate features (280)
<tantek> https://github.com/jasnell/w3c-socialwg-activitystreams/issues/281
eprodrom_: let's just say that when these are resolved and assuming the editorial issues are solved, we're good
tantek: these are not editorial.
the conformance clause is certainly normative. the separate
features may be editorial but might not so you may still want
group review.
... but the group has reviewed the conformance clause and said
it looks good. so anything that has been reviewed can just be
dropped in.
... so there is really only one thing left to review
<eprodrom_> https://github.com/jasnell/w3c-socialwg-activitystreams/issues/289
eprodrom_: the issue is we don't have a good vocabularity around relationships
<eprodrom_> http://jasnell.github.io/w3c-socialwg-activitystreams/activitystreams-vocabulary/#connections
eprodrom_: in the specification, we said there should be an external vocabulary for this
<eprodrom_> http://jasnell.github.io/w3c-socialwg-activitystreams/activitystreams-vocabulary/#dfn-relationship
eprodrom_: we don't refer to one but we talk about one
dmitriz: you show it in the examples
eprodrom_: right. if we defer
this part of the specification to a TBD section about
extensions, why don't we push the relationship stuff to a
future extension
... it makes sense to me
... james has had a chance to comment but I feel that there
isn't a reason to wait for him. my opinion as an editor is that
we should just push it to extension.
<tantek> +1 on dropping relationships from AS2 per comment in issue: https://github.com/jasnell/w3c-socialwg-activitystreams/issues/289#issuecomment-197916259
cwebber2: it seems like maybe some verbs or vocab would be lost. do you know of any use-cases that may be lost by dropping this to an extension?
eprodrom_: AS1 didn't even have relationships like this
cwebber2: I'm +1 on this then. If
people feel strongly about this as an extension then we can do
that. it doesn't seem like a blocker for activity streams
itself.
... just wanted to make sure we didn't drop something else as a
consequence
tantek: I would just propose the
issue and see if anyone objects to the editor's proposal
... I don't hear any objections
eprodrom_: ok I'll just mark that as group resolved
<eprodrom_> https://github.com/jasnell/w3c-socialwg-activitystreams/issues/290
eprodrom_: next one is 290. it is
around transitive activities.
... the idea is to add one of the classes in vocab to core.
james is fine with it. I'm fine with it. it is a reasonable
thing to do.
<cwebber2> sounds good to me
eprodrom_: basically, transitive
classes are an extended class and they are used often enough
that it seems more useful in core.
... any objections to that?
... great
... the last one [is 292] which is adding a deleted tag to
objects
<eprodrom_> https://github.com/jasnell/w3c-socialwg-activitystreams/issues/292
eprodrom_: the idea is to add a
deleted timestamp to provide a tombstone for objects
... so you can have an image and they say this image has been
deleted
cwebber2: this seems useful because you were already talking about 410 GONE and this would be useful certainly in activitypub and media goblin right away
<tantek> aaronpk, didn't #indiewebcamp recently discuss a dt-deleted? what was the conclusion?
eprodrom_: there are cases where you want to say this object is deleted but valid
<tantek> (or at list citation to prior discussion)
dmitriz: it can be as useful or
not depending on your server's retention policy
... if you are the kind of server that commits to sending 410s
whenever possible you want this, if not you may want to garbage
collect and 404
... so this is an option for those servers with permanent
retention policies
cwebber2: it seems this doesn't require people to do it
eprodrom_: we have seen this before and then we pushed it to an extension but seeing it come up again we consider adding it to the spec
<Zakim> aaronpk, you wanted to point out privacy implications of sharing the deleted timestamp
<cwebber2> +q
aaronpk: I think we should have a way to specify the deletion without the timestamp for when people want to delete but not disclose when
cwebber2: since there is already the deleted flag
aaronpk: what is the deleted flag
<dmitriz> I think chris means the deleted timestamp?
<tantek> per jasnell comment: "type": "Delete",
cwebber2: the thing we are discussing. for instance we can send a 'delete' verb to servers and they might ask 'why is this gone' and people can do that but it is optional.
eprodrom_: I think what aaronpk
is saying is that it is good to have a delete property. but it
being a timestamp there are privacy concerns.
... people want to delete things because they don't want them
to be published and thus may not want it there
dmitriz: you can place the timestamp date but not return the data and just 404
aaronpk: but the problem is when you want to propagate that
cwebber2: then you can have a timestamp or boolean
aaronpk: that would solve it
<tantek> How does Twitter notify deletes?
<jasnell> this is why for Atom we came up with the deleted-entry
<jasnell> atom tombstones rfc
<jasnell> https://tools.ietf.org/html/rfc6721
eprodrom_: and if that is good we can do that. the only problem is when implementations are only checking if it is truthy, but they will likely do that anyway.
<eprodrom_> jasnell: so, deleted becomes a timestamp or boolean
<eprodrom_> Sound OK?
<jasnell> not sure I understand the privacy concerns around deleted being a date but ok
tantek: I do think the timestamp is important especially for synchronization
<jasnell> yes, having deleted as a timestamp is fairly critical for sync
aaronpk: for the twitter api, the tweets generally come through as just the data on the tweets. there are some actions that come through for instance a scrub-geo action to remove location.
tantek: so they are using keys as verbs sometimes
aaronpk: yep
tantek: what is the proposed solution?
eprodrom_: to add a deleted property to the object and its range is either a timestamp or a boolean
cwebber2: can I request we note that it is optional to handle cases where people prefer a 404
<jasnell> eprodrom_: +1
aaronpk: when there is a delete action in the stream, it should be required to have that flag to know it is deleted
<jasnell> however, if deleted is a boolean, it should be noted that synchronization will be difficult
<jasnell> it should also be noted that just because there's a deleted property in the object, it doesn't mean implementations have to delete the content
aaronpk: I'm thinking when a system is pulling in a feed, how does it know to delete, so it needs to see that delete to know when to get rid of it
cwebber2: there is a delete verb
eprodrom_: cwebber2 is addressing the idea that there is a controversy between sending a 404 or 410
aaronpk: that's pulling the individual object
eprodrom_: yes
<jasnell> also keep in mind... {"type": "Delete", "object": {"id": "http://example.org"} work perfectly well for this too
eprodrom_: if we don't have objections, I'm going to say this is our resolution
<jasnell> without introducing a new property
tantek: this is a new introduction
eprodrom_: yeah, this is the first new property is a while
tantek: would you consider marking it as at-risk?
cwebber2: we could but we are going to use it immediately in media goblin
dmitriz: even though the field is optional
tantek: that doesn't alter the
fact that it is in the spec
... [to cwebber2] that is good to know. it is useful to
know.
ben_thatmustbeme: jasnell says we can add a type "Delete"
<jasnell> also, if you're going to go down the tombstone route, please make sure you take the additional security issues into consideration
cwebber2: we already have a type "Delete"
eprodrom: yeah, I think the idea there is that we have a "hole"
cwebber2: you can still see the
case where you have a Photo and you want that deleted
... we could do this but it doesn't seem as interesting when
the group came to some consensus around the property
... adding an object doesn't seem less tricky than adding the
flag
eprodrom: the reason I like this
is say you have a naive implementation and it is looking at a
collection of image objects.
... if it is not aware of tombstoning it may show an image that
has been deleted. or its metadata.
... however if the type has changed, the tombstone will look
foreign and it will skip it.
... basically, naive implementations will do the wrong thing
with the flag
<jasnell> please keep in mind that adding a tombstone does not compel anyone to actually delete anything
dmitriz: the argument is essentially if somebody writes something and is wrong to the spec it will break
<jasnell> if the content has been syndicated, the best you can do is distribute the *intent* for it to be deleted
aaronpk: it is worth considering since doing it wrong leaks information
tantek: it is good practice to assume partial implementations and decide if such a thing would do bad things for users
dmitriz: so how does it work? it replaces the id?
eprodrom: yes. it shares the id.
dmitriz: is the worry about retrieving the collection? then it is up to the server to not send that deleted image.
<tantek> what about undeleting?
aaronpk: it is talking about synch. a server has already seen the image and now needs to remove it.
cwebber2: tsyesika, how do we handle this?
tsyesika: it is much like a tombstone. it is in a tombstone table and it is a field in that table.
tantek: is there undeleting?
cwebber2: there is an undelete verb but we don't handle that
tantek: there seems to be an idea in social media: to delete and then undelete
cwebber2: there is interest in undelete and undo actions but doesn't have bearing on this decision
tantek: I'm just trying to see if the solution would be lossy for privacy purposes, but un-lossy for undeleting purposes
cwebber2: I don't see how the
structure of this would prevent the UI experience
... it seems more at the API or stream level
<jasnell> this conversation is mixing two different things. (a) A server hosts it's own content, publishes at content at one point, then needs to indicate that it's been deleted. (b) A consumer has received content from someone and needs to be told that it's been deleted
eprodrom: my experience is that
deletion is something that gets implemented late and involves
lots of bug squashing
... whereas every activity streams processor needs to handle
types it doesn't recognize
dmitriz: do we say every consumer must ignore every type it doesn't recognize?
<jasnell> for both, a {"type": "Delete", "object": "http://example.org"} is sufficient. For (a) the thing being deleted simply goes away and a new activity is published indicating what happened to it. For (b) the new activity is a signal that it ought to get rid of the thing that was deleted.
eprodrom: let's not call it type "Delete" but rather "Tombstone" that has a formertype
cwebber2: former type flag?
eprodrom: yeah if you really need that
cwebber2: I'm more sold on this
than I thought I would be
... in which case there is an optional field for the date. so
two fields 'when' and 'formertype'
<jasnell> for undelete, if you assign an ID to the delete activity, {"id": "http://example.org/delete/1", "type": "Delete", "object": "http://example.org/note"}, you can easily follow that up with a {"type": "Undo", "object": "http://example.org/delete/1"}
tantek: maybe we give jasnell some time to reflect on this
eprodrom: ok I'll take an action to review this with jasnell this afternoon
<cwebber2> we would probrably want to call it whenRemoved
<cwebber2> the type
tantek: maybe that will cause it to converge a little bit more
<cwebber2> mainly because properties can merge and "when" could appear unclear
<cwebber2> between multiple type objects at least
<cwebber2> and each property needs its own uri anyway
tantek: how well does this mesh well with activity streams at large?
<tantek> format vs protocol? overlap vs separation?
eprodrom: the tombstone kind of blends in the noun or verb distinction
tantek: many of these social web implementations have delete. I also like this tombstone approach.
eprodrom: we have still a couple of questions
<eprodrom> https://github.com/jasnell/w3c-socialwg-activitystreams/issues/296
eprodrom: name is a should not a must but it is not in many of our examples
tantek: you could say the examples need to be fixed, or you could say the examples show that you don't need a name and should stay a SHOULD
<eprodrom> Most of the "Activity"
<eprodrom> "While all properties are optional (including the id and type), all Object instances SHOULD at least contain a name (or equivalent nameMap)."
cwebber2: I think SHOULD should be removed since we fold the title in to name and many don't have name. why should it be there if the biggest producer of AS doesn't have them.
eprodrom: there are many objects that have a type but not a name. I think it should remain a SHOULD.
aaronpk: if you are going to say things SHOULD have a name, I worry that people will just throw a name into things.
<eprodrom> jasnell: for Activity and IntransitiveActivity types, does it makes sense to SHOULD a name?
cwebber2: there are cases where you don't know exactly what to put for it.
eprodrom: what I'd like to do is recommend we leave it as a SHOULD right now and get jasnell's feedback and follow up this afternoon
tantek: when a SHOULD is good in a spec is when it is explicit about when it is used and when it is ok to not
cwebber2: I think I would want to know the motivation for a SHOULD in the first place
eprodrom: the idea is you could take a collection of objects and show them in a list
tantek: it was required in Atom I think which is where it may be coming from
eprodrom: how about we propose to explain the reasons for this being a SHOULD
<eprodrom> PROPOSAL: explain the reasons for this being a SHOULD
tantek: I've already seen this soak up a lot of discussion time
<cwebber2> seems weird but no objections
eprodrom: with Atom, yeah
tantek: any objections to
explaining why you should put a name and why you shouldn't in
some other cases
... no objections, I think you are good to go on that
proposal
<jasnell> re: Tombstones ... https://github.com/jasnell/w3c-socialwg-activitystreams/issues/292#issuecomment-197935286
eprodrom: dmitriz, do you want to discuss 297?
<jasnell> historically, with AS1, "displayName" was strongly recommended only when extension types were used, to give implementations something to use if they did not understand the type
dmitriz: in as vocab, we have several types for representing polls and stack-overflow-like questions and answers
<jasnell> "displayName" was not required, however, if the type was well known
<jasnell> the same rule would apply here
dmitriz: how do we handle closing polls or locking a question?
<jasnell> if the object is using a core type from the vocabulary, then name is largely optional
dmitriz: I believe jasnell's answer was "no we don't"
<jasnell> if the object is using an uncommon type or an extension type, name should be provided
<eprodrom> jasnell: Good example
tantek: does anybody implement polls?
eprodrom: statusnet
tantek: should we mark polls
at-risk
... this fits jasnell's answer that this can be done as
extension
eprodrom: I think it makes sense to have it be an extension
tantek: any objections?
<tantek> no objections. move Poll to an extension
dmitriz: I have another issue. about 'scope' and 'context' properties in the vocabularity
<jasnell> fwiw, closing a question is actually an activity. one could easily imagine {"type": "Close", "object": {"type": "Question", ... }
dmitriz: it seems like the two are fairly similar
<jasnell> dmitriz: they aren't
<tantek> jasnell, any objection to moving Question / Poll to an extension?
<jasnell> tantek: I see no reason to move it to an extension but whatever the WG decides
<dmitriz> https://www.w3.org/TR/activitystreams-vocabulary/#dfn-scope
<tantek> (evan said it would give us a chance to give them a more proper thorough treatment that implementations that care about those would like)
<jasnell> dmitriz: scope deals with scoping the intended audience for the object and relates to the to/bto/cc/bcc fields
dmitriz: 'context' seems like reply-to and useful for comments. 'scope' seems like access control and is this appropriate at this level?
<tantek> (no current implementations - in the room - have intent to implement, hence it made sense to consider as an extension)
dmitriz: it seems to fit the same purpose as the 'to' field
cwebber2: do we have any known uses of 'scope'?
eprodrom: no
<jasnell> yes
cwebber2: can we drop it?
eprodrom: I would like to give time for jasnell to review and answer
tantek: do we open the issue?
eprodrom: yes
cwebber2: I think dropping scope seems ok
<jasnell> -1 to dropping scope
<jasnell> -1 to dropping context
<dmitriz> what is the use case for scope?
tantek: can jasnell get on talky?
<tantek> jasnell: can you get on the talky?
<dmitriz> it seems to be overloading access control / to: field
<jasnell> no I cannot, I'm on another call concurrently
tantek: alright. open the issue and note we have some consensus at the meeting. we will have to come back to it.
<tantek> but we have an important outstanding objection from jasnell so we will have to come back to it to better understand it
<tantek> jasnell, no problem, we are capturing the current state for future discussion
eprodrom: that means we are done
tantek: you have a bunch of editor, not editorial, editor actions. we only have two after that?
eprodrom: right
tantek: do we want to consider publishing a new working draft of activity streams? even before CR draft.
eprodrom: I think that makes sense. what does that mean for going to CR.
tantek: it doesn't harm anything.
it just puts another draft out such that the changes between
that draft and CR are fewer.
... and it helps to get stuff like the conformance section to
get more review
<jasnell> re scope and context, https://github.com/jasnell/w3c-socialwg-activitystreams/issues/300
<jasnell> to/bto/cc/bcc deal with notifications
<jasnell> scope deals with scope the audience, it's a different role than to/bto/cc/bcc
eprodrom: I should be able to have that by next telecon
<jasnell> context is something else entirely... it describes a larger context in which the object exists
tantek: you don't have to wait
til the next telecon
... proposal is to publish new AS working drafts with
outstanding edits completed
eprodrom: great
<eprodrom> +1
<tantek> PROPOSED: publish new AS2 working drafts with outstanding (agreed, reviewed) edits completed
+1
<ben_thatmustbeme> +1
<aaronpk> +1
<eprodrom> +1
<cwebber2> +1
<dmitriz> +1
<tsyesika> +1
<annbass> +1
<rhiaro> +1
RESOLUTION: publish new AS2 working drafts with outstanding (agreed, reviewed) edits completed
<sandro> +1
tantek: that is completely in
your camp. the sooner the edits are done, the sooner we get a
new draft. so close to CR.
... we have 10 minutes but lunch is here so let's break for
lunch. any objections?
<jasnell> fwiw, I'm entirely -1 to removing Relationship
<ben_thatmustbeme> scribenick: ben_thatmustbeme
<tantek> chair: tantek
(continuing from informal conversation during break)
<tantek> https://www.w3.org/wiki/Socialwg/2016-03-16#March_17
rhiaro: I want to start with a demo of my own
(the lunch conversation will be recapped soon)
<tantek> DEMO: Activitypub posting to a site (Amy)
<tantek> (setting up)
rhiaro: i started building
posting clients
...
... the first i want to show is checkins. I made a checkin
client, it authenticates with indieauth, and endpoint discovery
the micropub way but its an activitypub client
... (in terms of the data)
(technical difficulties)
scribe: creates an arrive
activity on her site
... backdated the checkin so it says she has been there for an
amount of time
... using another client I create an AS extension object of
Consume activity with what i ate (Lunch - Free)
rhiaro.co.uk/stuff?format=json
scribe: shows the AS objects that were just created
shows another client for rsvps / travel plans / etc
rhiaro: all of these are posting
activitystreams json object through activitypub by a micropub
discovery method (as i just reused the code for it for
now)
... the interesting thing was that i was able to do activitypub
create without caring about the other parts of the activitypub
spec
... when i post with quill my micropub endpoint translates it
to activity pub first
tsyesika: you said its to a micropub endpoint, do you also output the actities as microformats?
rhiaro: there are some, but in my
mind these are completely decoupled. The pages use
accept-headers
... it is different as if you visit my endpoint (in this case
the equivalent) it shows nothing
... in doing this is became really clear how close these two
were together
aaronpk: i can sort of summarize from break
<tantek> aaronpk is giving a state of Micropub
aaronpk: the state of micropub is
that when i created Micropub originally it was just create.
That simplicity has led to many many clients.
... the main goal of micropub is to allow many clients you
didn't write to post to your site
... for the majority of cases there already exists a way on
your own system to edit and delete
<tantek> (how many clients do create only?)
aaronpk: that said there is also
a lot of value to being able to create and delete
... i'm not super happy with the version i have in MP now
... it works, but i'm not tied to it.
... right now it accepts form encoded or json for create
... the form encoded is important for posting images and video
at the same time by multipart
... i was looking to see if there was a way to use non-form
encoding for update & delete but still allow files
(explains some examples from the spec)
aaronpk: It would be more
convenient if there were only one path for updates as it right
now allows both
... looking at the twitter API there are seperate endpoint for
images
... that returns an ID and then you have to just use that ID or
it gets deleted in an hour
... i like that method as it gets rid of form encoded
... that simplifies the whole update and delete process for
me
... when you do that there is very little difference between
that and activitypub
... this is where i see the overlap
... why should i bother making up this new type if activitypub
already has this?
... this is why rhiaro and I were talking about this earlier
with the naming of "SocialPub" being the join of the two
... if you look at it as just updates and deletes. micropub is
a special case of create
cwebber2: would that be for just notes or other things as well
aaronpk: it could cover things as
well, images, videos, events, etc
... i also have the same for flights and legs of flights, thats
super ugly as form encoded
... for that one i would rather use a json object. There are
plenty of cases for json format but i want that simple version
for posting, thats the micro in micropub
sandro: can i rephrase this? why not do it as micropub is the form encoded posting and "activity update" is the indirect way to modify the resource that has activity streams data on it? how does that not address your use case?
aaronpk: i'm not creating acitivites i'm creating posts, so its a different vocabulary
sandro: activity sreams gives us a patch for those
aaronpk: thats what i could
use
... the other major difference between the specs, activity pub
expects you send the entire object but i want to just modify
single properties and i think activity pub would benefit from
that
cwebber2: do you think thats something that should go in to AS2 as an object
aaronpk: i don't know
cwebber2: i don't know either
tantek: what if i gave you a week to discuss this asyncronously then maybe you can get consensus between you two and you can pitch it to the group
cwebber2: we do also have some method of an undelete
<tantek> tsyesika: we discussed some of this before lunch
tsyesika: presumably this would
be in both our specs we would refer to this social pub
document. creating is still different. in activity pub we
currently require you to always create posts in an
activity
... we could allow this to post a single object for client to
server but not server to server
aaronpk: i do support that idea,
i think creating is the most important action and that should
be as simple as possible
... we would be looking for creating a CRUD syntax both specs
could use
<Loqi> Tantekelik made 1 edit to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=97778&oldid=97769
aaronpk: maybe you make that exception, but the idea is that there would be 1 way to create things that would be in common
cwebber2: this sounds appealing of reaching concensus on something that has previously been very different on
tsyesika: i think its a good idea to make use of this time tosee if we can resolve this as we have an open issue on activytpub now
cwebber2: evan was a strong
objector to seeing a "pure system" of always having activity
wrapped objects go away
... he didn't seem happy about it. i asked about the api only,
and he didn't seem happy about it.
aaronpk: i can see that making sense in the stream as well
cwebber2: i think i'm ok with it, but i think its important that tsyesika be convinced since she is the main implementor
<tantek> (example of creating offline on a plane, and publishing later)
tsyesika: i'm certainly in support of convergence. the create activity is useful in itself as it can contain information that is different from the object, say the offline creation is different from the publish date
<tantek> (note: dt-created property has been discussed in other contexts for this reason too)
<tantek> (separate from published or updated)
tsyesika: i'm interested in seeing if on the micropub side you would be willing to have it so that the server can always accept the wrapped activity as well as the unwrapped format
rhiaro: micropub doesn't say anything about what the server does with it when i gets the item, thats not part of the spec. all you have to do is have an endpoint that advertises itself as such
aaronpk: we have a difference in authors, you could set the author in the object or the created date, so its assumed that the server will fill those in
tsyesika: its the same in activity pub
cwebber2: it sounds like thats
not so big a difference.
... this seems like a minimalist create mode
sandro: creation shortcut mode
tsyesika: with a few caveats, i'm on board with this
cwebber2: if our side supports that and your side supports the unwrapping activities
aaronpk: whats left in micropub is having the file uploading endpoint, form encoding ..
cwebber2: we might be able unify
on the image endpoint too
... thats an easy collaboration endpoint
tantek: i'd like to see that image endpoint written up
<cwebber2> https://github.com/w3c-social/activitypub/issues/23
<cwebber2> the out-of-band create mechanism
rhiaro: there are a couple places where the two specs are unsure of things so this is great
aaronpk: this would be great for me to keep micropub as simple as it should be
<Loqi> Tantekelik made 1 edit to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=97779&oldid=97778
cwebber2: if it is much smaller
and we have a way to translate vocabularies
... i can see it getting added to mediagoblin
rhiaro: i was able to do that method to determine what data is being send
tsyesika: i'm curious vocab convergence
aaronpk: i think thats a seperate
discussion that we could have
... i tried to leave it out of micropub as much as
possible
... that way i can post to it without even knowing what its
posting
... i like the aspect of it
tantek: what to most implementation support?
aaronpk: most support only
creating and most already have some other storage properties
that they are matching to
... when i built mine i specifically have the endpoint write
directly to storage, so that it is sorted out when
rendering
cwebber2: i feel like where we are at a point where we are at a point where these are practically going to be shared but we need some idea of what mapping between the vocabularies means
aaronpk: the problem that keeps
coming up in the indiewebcamp channel is how do we propogate
changes to old posts
... the readers are all based around new posts
... this is where i'm seeing activity streams being useful for
this, and while i might not have a mapping on my main site, but
i might use it as a stream of whats going on
cwebber2: rhiaro you were working on the mapping between the two at some point i think
rhiaro: there is some pages and
such, but the other important part is post type discovery
... so there are some properties that map directly but there
are a few places where it takes some work
cwebber2: so will micropub will
reference this socialpub document
... is there going to be a seperate socialpub document or will
it be both specs take on some changes?
rhiaro: i think since i've implemented this seperately as the create part, i'm in favor of breaking up activtypub into smaller docs
tsyesika: i have to admit one of
the things i want for activity pub is to break it up into
smaller steps that are implementable seperately
... so if i want to use only part of it, i can, but if some
larger system wants to do all of it, they can
cwebber2: so heres a proposal kind of based off of what amy has done previously, would this be a reasonable restructuring of the document would be just "how to write a simple document" and then 'servers handling the client to server api' and then 3rd was server to server api
rhiaro: i would see it as 'heres
how to get data to the server' then 'heres what to do with it
once it gets to the server'
... so if you wanted to do the second half you could do that
seperately. you could do client to server just sending files
for examples
cwebber2: so maybe socialpub
becomes client to server entirely and then activitypub becomes
server to server
... is that a proposal that we are willing to work towards?
tsyesika: well there are more
ways to break this up than just client to server and server to
server
... like posting an activity vs updating
rhiaro: i think the client to server seperates very easily
cwebber2: i think the simpler way is saying socialpub is client to server and activitypub becomes server to server
tantek: i feel like there is part
of it you are agreeing on some and others you are not
... it seems like you are talking the same language now and
thats a huge step
... i want to capture this as a set of action items
rhiaro: i could start with this as a section of social web protocols
tantek: i also so a number of
suggestions for next steps for activity pub that could be
done
... i'll trust you as editors to continue to converge on these
proactively
... but i'd like to see you not depend on each other.
... amy you have a bunch of stuff written up, do you feel you
can add that to social web protocols
rhiaro: yes
aaronpk: i can help with that
tantek: for now you can add it
and publish and iterate
... so we can action you and then the rest can happen
asyncronously
... so that if anyone gets stuck on their document they are not
stopping anyone else
aaronpk: it sounds like the best thing i can do is replace the whole update and replace section and assume it will be moved to the social web protocols eventually
tsyesika: i think the main this for us is to update our spec to allow this simple editing
tantek: i think the other idea you had to update to do this seperate sections of incremental implementations that would be great
action rhiaro to incorporate your work done in to the social web protocols document for the others in the group to review
<trackbot> Created ACTION-88 - Incorporate your work done in to the social web protocols document for the others in the group to review [on Amy Guy - due 2016-03-24].
<cwebber2> https://github.com/w3c-social/activitypub/issues/32 <- issue here
tantek: both of you (aaron and tsyesika) to keep track of that on your githubs
ben_thatmustbeme: i would like to see outbox read and write seperated out
cwebber2: i think there is some more discussion on that
tantek: can you create an issue
on social web protocols to capture that amy?
... we are now breaking for 15 minutes
<tantek> resume at 14:30 EDT
<Loqi> I added a countdown for 3/17 11:30am (#5819)
<Loqi> resume
<Loqi> Countdown set by tantek on 3/17/16 at 11:15am
<tantek> Thank you Loqi
<KevinMarks_> hi there
<KevinMarks_> I can see a tantek
<aaronpk> KevinMarks_: can you hear?
<KevinMarks_> yes i can
eprodrom_: i think the idea was to put some time this afternoon in to resolving open issues
cwebber2: i would like to proceed by first addressing issue 71
<cwebber2> https://github.com/w3c-social/activitypub/issues/32
<cwebber2> sorry https://github.com/w3c-social/activitypub/issues/71
<sandro> scribe: sandro
tsyesika: we have certain terms
like inbox, outbox, ... and rhiaro suggested generalizing this
as a stream array
... also a way to achieve (something) about inbox and
outbox
cwebber2: So the question is...
Amy's suggestion is instead of followers, .... use types,
....
... What could be true is we could have a term in activitypub
that here's a term for ...
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97780&oldid=97776
<Loqi> Aaronpk made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97781&oldid=97780
cwebber2: Amy's propositiyon soun
ds interesting but I dont think object types is the right way
to break it up
... c-s or s-s might have different streams, and maybe this is
a way to do that
<shevski> i'll be back
cwebber2: so there could be a
"likes" stream, maybe a subset of collection, or maybe it's own
URI,
... I'm not sure which, I'd like to open it for
discussion
... I think people do have arbitrary streams
aaronpk: I have struggled with
this problem. I think I understand why you have these
distinctions
... on my homepage I have some kinds of posts, but not others,
and down at the bottom I have links to the others
... I curate the collections based on how I want people to read
it, NOT on types
... so I have health
... and travel
... and events I'm going to that are not in Portland
... so these are very much mixed types
... and I have my primary stream
... In an old version of my site I had them by type, but that
didn't work well
eprodrom__: Certain groups, like
Chris' Friends, or Chris' main feed, or Things Chris Likes, ...
a core set of five predefined
... then have other unqualified streams
cwebber2: Because followers and likes have API specific purpose
eprodrom__: Right
... So just have a relationship Stream might do this
cwebber2: WIth the addition of
arbitrary labeling of these new streams
... Sounds like have consensus, which I'm recording on the
issue
"So we will have special API specific collections, like likes and followers and inbox, but streams should be supported as a general bucket for interesting collections."
<cwebber2> https://github.com/w3c-social/activitypub/issues/48
cwebber2: This kind of moves into
Who Do You Trust
... I think we've agreed, you trust same origin, otherwise you
link back and verify
... the desire for supporting static sites
... So I would point my endpoints off-server
... in which case how do you know who has authority
... Are there other origin scoping tools?
... or do we just not want to permit that kind of static site
thing
sandro: Doesn;t a link serve as delegation?
cwebber2: If the profile is on a
static site, maybe we can trust what it points to,
yes....
... adding comment on issue
eprodrom__: ap.io gets an UpdateOn dustyclould, and it knows how to do it. I don't see why we need to proscribe server behavior
cwebber2: If you get a message from me that there's something new, and my endpoints are on another server, should you trust them
eprodrom__: If I remember how pump.io does it, it checks to see the authentication of the actor
cwebber2: In APub you can have an
update that's an update of a blog on another site. And you'd
trust the author.
... Can you fake that you're someone else?
<melvster> IMHO there's nothing specific about the same origin that implies you can trust it, that's just a typical pattern used together with centralized services
cwebber2: Assuming you want to support static sites, you'd need something like this
sandro: same origin isn't relevant here. It's following trust-bearing links
tantek: CSP - content-security-policy can help if you want to do this offline
harry: So for example you could trust ... (something)
cwebber2: I think I understand how to handle this
<cwebber2> https://github.com/w3c-social/activitypub/issues/23
tantek: I'm happy to answer CSP questions, since I just implemented it for my site
<hhalpin> CSP is here Sandro
<hhalpin> https://www.w3.org/TR/CSP/
cwebber2: The main challenge for us is how to do discovery
<hhalpin> Typically, you want to use it when you are authorizing Javascript from outside the same origin.
<hhalpin> Would be useful if the endpoint has a feed that has some JS, and should be recommended to use.
<tantek> hhalpin: documentation of my experience with CSP: https://indiewebcamp.com/CSP
<hhalpin> CSP support works well in browsers now
<hhalpin> So any SOP exceptions, particuarly if they involve javascript, should use CSP
<KevinMarks_> if you separate the image upload from the post, and then use a URL, that implies you could use an external url for an image?
cwebber2: Is it useful to put on the user's profile page where I submit my photos
aaronpk: You see things like this on a multiuser system
tsyesika: Someone might want their media whereever they want it
cwebber2: It feels a bit silly to me
tsyesika: People might have multiple endpoints
eprodrom__: Discoverable endpoints for upload? Sounds great
<cwebber2> https://github.com/w3c-social/activitypub/issues/34
cwebber2: okay, sounds good
... This has come up a few times. It bothers me we still don't
have this
... the main challenge that was blocking this is what happens
when activities represent other activities that don't exist any
more
... transient activities, like IM or strawberry-watering.
... one approach is to have activities with no id, and they get
delivered through federation but other otherwise not
interesting
... or give them a UUID
eprodrom__: We talked about the 'scope' property earlier today. Would that be a way to address this?
<tantek> Open issues for Webmention at 15:35
<Loqi> I added a countdown for 3/17 3:35pm (#5820)
eprodrom__: maybe I put a scope of 'game update'
<hhalpin> in general, you need an id or some kind for HTTP REST retrieval of ids from X to X1 in terms of polling, right?
<tantek> !cancel #5820
<Loqi> Ok, I cancelled it
<tantek> Open issues for Webmention at 15:35 EDT
<Loqi> I added a countdown for 3/17 12:35pm (#5821)
eprodrom__: One of the problems
with client-defined-expiry is that client lie and cheat and are
bad. They say keep this forever, it's important.
... Clients might have advisory info, but the server needs to
decide.
... IRC updates from the F2F, scope might be F2F
cwebber2: mauybe that's a fed only concern
eprodrom__: Once again you're trying to dictate server behavior. Also this might not be that important. identica has a lot of updates, but it's not that big really
aaronpk: It sounds like you're kind of talking about a Notification, which is not an activity
cwebber2: Yes, but also a chat that you don't want to keep around
aaronpk: Off The Record messaging
is a different thing, with its own set of considerations
... Call these notifications, and it makes sense.
... You probably don't want to casually throw OTR into the
spec
cwebber2: Yeah, if we just put
OTR in here, we'll probably get it wrong
... In this world, there's generally an expectation that people
can retrieve things, so OTR wil be hard
... How would we show notifications?
... Some server-to-server notificaton, like your quota is
reached
eprodrom__: Is that about too much data? I dunno what this is for.
dmitriz: This is misusing scope. James said it would be renamed to 'audience'. And access-control-like thing.
cwebber2: OpenFarmGame has its
own type. So servers could garbage-collect them easily
enough.
... In an earlier version of the spec, it seemed like servers
had to keep things around forever
... that was also part of our motivation for tombstones
eprodrom__: That might be good to document. For example, twitter API only lets you go back 800 tweets, which is like a day.
<hhalpin> Re OTR end-to-end encrypted messaging, there is a new protocol called Axolotl that is used by Signal/WhatsApp/(interest from Mozilla/Wire: https://en.wikipedia.org/wiki/Axolotl_%28protocol%29
<hhalpin> That is a revision and fixes mpOTR issues
<hhalpin> However, I agree that OTR is out of scope.
dmitriz: Agreed clients lie, but the client setting an expiry on a stream is useful.
<hhalpin> However, happy to ask the nextleap folks (George and Karthik - https://nextleap.eu) to see if they can staple Axolotl on top of whatever comes out of ActivityPub, since folks are going to be working on that for the next 2.5 years
cwebber2: Could be via an extension
eprodrom__: Like 'earliest item
in colleciton is X'
... Most social systems don't go back very far now, so we
shouldn't ask that of folks.
... "This is everything in the inbox. Note some servers limit
the number of pages you cna go back."
cwebber2: okay, resolved
<hhalpin> +1 finding earliest item in collection
<hhalpin> Do we have some normative way of getting id numbers per feed in AS2.0 and ActivityPub?
<hhalpin> [looking in spec]
"we won't support id-less notificaitons. Clarify that it's up to servers if they want to keep around objects as long as they want. If they want to delete objects, like maybe delete a bunch of game notifications, that's a-ok.
Perhaps a future extension will permit clarifying how long users might expect they can continue to access data."
<tsyesika> https://github.com/w3c-social/activitypub/issues/77
tsyesika: Can we specify
indieauth for authentication?
... Or is that out-of-scope?
<hhalpin> +1 OAuth 2.0, with a nonn-normative recommendation for use of rel="me" w/i IndieWeb
hhalpin: indieauth is oauth2 so
...
... I feel like you should normatively require oath2 and
suggest indieauth
<tantek> +1 to hhalpin
hhalpin: How do you do the REST call where you get X from Y
<hhalpin> Like without re-polling everything
<hhalpin> That is something Objective8 from D-CENT hit
<hhalpin> We can normatively refer to OAuth 2.0 - its an IETF rec
<hhalpin> In fact, OAuth 2.0 does more or less give interop
<hhalpin> OAuth 2.0 is Authorization
<tantek> agreed that interop is the goal
<tantek> reference something if it helps interop
sandro: oauth2 doesn't tell you what you need to make this work
<hhalpin> +1 OAuth 2.0 and Bearer Token spec
<tantek> +1 to that as well
<dmitriz> bearer tokens in a federated context is not that easy
<hhalpin> Authentication should be left out (WebAuth + password stuff)
aaronpk: Use oatuh2 and bearer-tokens, but that still leaves stuff underspecified
<dmitriz> (this is something we've been struggling with in Solid, as well)
<wilkie> identity in a federated context is not the easy
<hhalpin> Identity, well, it's tough. There's some takeup of OpenID Connect (OAuth 2.0 profile)
aaronpk: Identity is what's really useful here
<hhalpin> But it's not as universal in takeup as OAuth 2.0
aaronpk: So "just use oauth" doesn't sove the problems
eprodrom: So Use Auth2 with Bearer-Tokens, that's clear enough, but...
cwebber2: "This is a stub to be expanded"
<hhalpin> JSON Web Signatures is just a way to sign the bearer token if bearer token is JWT
cwebber2: This was left in there as a to-be-worked-on
eprodrom: We keep saying don't do this :-)
<hhalpin> I'm happy to take an action to review/edit that piece. We could make it non-normative but no guidance is kinda crazy
cwebber2: Is the right thing to do to say that Auth and Ident are left as an open question
sandro: Leave it out of the spec, and put a best practice in a Note
dmitriz: In Solid, we've been
looking at this, and IndieAuth is one of the things we
considered.
... but because of all the redirects, it's nice in a browser,
but not so clear in an API
... Facebook and others solve that by giving an API token, but
that's non-trivial
... So lets get something working, but yeah, leave it not in
the spec for now
eprodrom: My feeling is, if you
need to, Auth2+BearerTokens, but I can see lots of other ways
to do this, unauth, basic auth, client certs, etc
... Telling me I have to use a certain kind of auth messes
things up for me.
tsyesika: So we should say "folks SHOULD use OAuth2 + BT" ?
eprodrom: Pump.io isn't going to
bother with indieauth. We'll stick with username and
password.
... we'll just generate our own tokens
... so it's okay as a SHOULD or a best-practice. Don't require
more than you can.
cwebber2: Implementations will probably do what the others do.
tantek: tsyesika said goal should
be interop
... we can't normatively refer to indieauth, in part because of
charter, but we can do an informative non-normative
reference
... one way would be to ask if there are any implementations
that have an intent
<cwebber2> aaronpk, is specification of indieauth as informative / non-normative currently the state in your standards?
<aaronpk> in micropub?
<cwebber2> aaronpk: yes
tantek: if no intends to implement both, then don't bother
<aaronpk> http://micropub.net/draft/#authentication-and-authorization
amy: my site uses indieauth, but it delegates the work to indieauth.com
aaronpk: The interesting part here is starting from your URL and ending up getting a bearer token
tantek: So you have an
implementation to compare against ( rhiaro's )
... Just style it in a spec as NOTE
hhalpin: A total stub then that's
not going to work because no-one is going to read it.
... So say O2 + BT and NOTE: try IndieAuth
<tantek> BT = bearer token
hhalpin: But obviously it's not going to be usef by everyone
<Loqi> Open issues for Webmention
<Loqi> Countdown set by tantek on 3/17/16 at 12:05pm
hhalpin: "SHOULD Oauth2 +
Brearer-Token"
... Happy to have relevant experts look over this text
eprodrom: Does IndieAuth work in non-browser applications?
dmitriz: RIght, that's a problem
eprodrom: Also, not in server-to-server
<hhalpin> I would also keep authentication out of scope, server to server is OAuth
eprodrom: We should define server-to-server method
<hhalpin> in terms of authorization
<hhalpin> happy to review that text
aaronpk: So I just say use Bearer-Token
<aaronpk> http://micropub.net/draft/#authentication-and-authorization
aaronpk: MIcroPub has text like this
tantek: How do private webmentions work?
cwebber2: Let's aim for the same text between micropub and activitypub
cwebber2 reads micropub spec parts aloud
sandro: that wouldn't allow client-certs that evan wants
eprodrom: Ah yes, I wouldn't want MUST
aaronpk: I definetely want
multiple ways to get the token, so I leave that open.
... I like the requirement of Bearer-Tokens, because it's what
everyone does anyway.
... Separate out authentication from authorization
... Separate how you get the bearer token from how you use
it.
eprodrom: Make the Bearer-Token a SHOULD
aaronpk: yep
<melvster> you have to separate THREE parts not TWO : 1. identity 2. authentication 3. authorization
aaronpk: SHOULD use bearer-token, SHOULD use oauth2 to get it
sandro: let's go for MAY use
oauth2 to get it
... since there are other perfectly legit ways
<melvster> this is why oauth is not a good fit for the social web, it doesnt do identity (or doesnt do it very well at least)
cwebber2, probably down to about 22 issues, and several more we can deal with among the editors
<rhiaro> scribe: rhiaro
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97783&oldid=97781
http://github.com/aaronpk/Webmention/issues/9
aaronpk: Source and target form
parameters are not URIs, how can we convert them to URIs
because it's important for some people
... My thoughts are it has not caused any issues with any
implementations that these are not URIs, so unless anyone has a
single sentence they can describe a solution right now we can
do it, but if not I propose we close
sandro: prefix with http://.....#
... When people want to represent their data for archival or to
pass to other systems they want to make unambiguous the notion
of source and target
... These notions are things that reasonably could have
URIs
... if they were in IANA we could use that, but they're not, so
currently everyone has to make up their own uris for
these
... It's a trivial problem to solve, and it's a problem some
people have
tantek: an alternative is a registry for form encoded parameters, like rel values, which are not uris
sandro: there's no conjecture that people should use the same form encoded parameter
aaronpk: what is the easy solution?
eprodrom: the solution is, if you want this to be a URI, prefix them with http://w3c.org/ns/webmention#
tantek: isn't this an implementation detail?
sandro: not if you want
interoperability with some protocol that isn't webmention
... people might in theory want to see where webmentions
are
aaronpk: there's no definition of get on a webmention endpoint
sandro: you should get back webmentions you're allowed to see
tantek: if you were to publish an activity stream of webmentions, what would that look like
aaronpk: implementations currently just drop webmentions on the floor after they're processed
<sandro> say that webmention source is equivalent to 'http://www.w3.org/ns/webmention#source'
aaronpk: there is an idea of status urls, which can be GET to see status, so the webmention itself has url
<KevinMarks_> an activity stream of webmentions would look like http://mention-tech.appspot.com/
aaronpk: Implementations treat
these as temporary and drop them. THere are so many that are
spam that come in so they aren't kept
... but that's the resource
... but status is the description fo the webmention source and
target and maybe what happened to it
tantek: if your implementation
wishes to treat these terms as uris then it may use the
following: http://www.w3.org/ns/webmention#
... anyone who wants to use that can
... anyone who doesn't can skip it
aaronpk: what section does that go in?
tantek: appendix?
aaronpk: it's own section?
tantek: anyone who wants a uri for this you can point them to that section, don't bury it
aaronpk: okay, I'll comment and close the issue when it's added
<sandro> "URIs for form-encoding properties"
<sandro> +1
http://github.com/aaronpk/Webmention/issues/20
aaronpk: I've summarised my
position at the bottom
... This is a description of an attack where somebody can send
a webmention to a system, and if the system can cause actions
to happen on a GET request, I can cause that system to make
another GET request somewhere which might have undesireable
requests
eprodrom: so I could use it for probing security holes in wordpress servers?
aaronpk: except the attacker doesnt' actually get a response
tantek: you could cause a side effect, not get information
aaronpk: all you can do is make
the webmention receiver make a get request
... which is unfortunately possible but also something that is
bad practice no matter what you're doing
... so it's not really something for the webmention spec: don't
make your system vulnterable to get requests
sandro: Never install webmention if you're behind a firewall? You are endangering everything esle behind the firewall
aaronpk: only if yoru system has access to both sides of the firewall
tantek: we should call this out in the security and privacy?
aaronpk: what am I calling out?
dont' put insecure systems on the internet?
... what am I supposed to say?
<KevinMarks_> refer to https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html 9.1.1
sandro: this is putting a system that is perfectly secure in a .. behind a firewall which may seem reasonable because it can't do anythign except webmention, but people might not realise that a putting a blog tha timplements webmention behind a firewall in a way that it has access to the internet
aaronpk: it has to have server
access to the internet in order to receive a webmention in the
firs tplace
... you'd have to put an http server inside your firewall that
also listens publicly
<KevinMarks_> "In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe""
sandro: behind the firewall you have a simple blog and the blog does a post that happens to mention something else behind the firewall and does the webmention processing, dereferences the url that the user put in the post, and that thing out there says go to this url as my webmention endpoint, does that, that was behind the firewall..
aaronpk: oh okay
hhalpin: why is this not a problem for any system that lets you put arbitrary urls as input? not just webmention
aaronpk: sandro described the
actual attack vector
... blog inside firewall does not listen on internet, has no
public endpoint
<KevinMarks_> how is this different from a hyperlink in the browser that you click inside the firewall?
aaronpk: a person behind firewall
writes a post with a linkt o the attacker
... blog makes request to attacker
... attacker can then cause the internal system to make a
request to another internal system, if the webmention endpoint
of the attacker is inside the firewall
... when I was addressing this it sounded like I was describing
really basic security practices and didnt' want to sound
condescending
cwebber2: would it be possible to post to localhost? cos that sounds like the biggest risk
aaronpk: it could make the software that is verifying the webmention post to itself
cwebber2: can't post to anythign else on a different port on localhost?
aaronpk: the attackers url can advertise a webmention endpoint, which can be anything including localhost, a port, 0.0.0.1...
cwebber2: there are definitely security things with servers that allow you to access..
aaronpk: it's only ever going to
post source and target
... I would be willing to add an exception that says if it
encounters localhost or 127.* then drop it
... I'd be happy to put that in security considerations
... Maybe not obvoius, definitely specific to webmention
eprodrom: and don't repeat failures?
<hhalpin> This seems to be a generic problem for any spec that has an 1) input and then 2) takes URLs from that input and GETs them.
eprodrom: could be DOS
... do exponential backoff if you need to
aaronpk: definitely will put in about not sending to localhost
<hhalpin> I mean, not sending webmention to localhost makes sense
sandro: I'm thinking of basically saying don't allow a webmention system to cross the firewall
eprodrom: firewall is a loose term
tantek: someone can publish an
html document that has img src="localhost.../dosomething" you
load that and it accesses your localhost
... or you can check the html spec and see what it says about
image loading and how they treat that problem
... because cross domain images obviously work
... so that's one analogous example
... Also, rel=stylesheet
... well defined, interoperable, well hardened
... Those are two places you could look to see how they solve
this and copy taht
<sandro> +1 tantek this is like the browser fetching an image or stylesheet
tantek: if it's good enough for a browser it's good enough for webmention
<ben_thatmustbeme> +1
aaronpk: okay
<Zakim> annbass, you wanted to ask same question that KevinMarks asked
<hhalpin> +1 (but worth further thinking about)
annbass: KM asked the same question - how is this different than a regular hyperlink going out through the firewall
aaronpk: a hyperlink a person has to click on
<hhalpin> The trick is that the link is automatically ran
<hhalpin> by the webmention spec
aaronpk: this is a side effect of writing a blog post that links to an attackers url, but the person doesn't have to click the link
<tantek> hhalpin, just like an image is automatically loaded
annbass: i see
<hhalpin> although lots of other possible apps outside webmention could do this
<tantek> image, iframes, scripts, stylesheets
<tantek> etc.
aaronpk: but similar to receiving
a phishing email and having a person click the link
... The result then is I'm going to find that language and it
should clear it up
<wilkie> even sandboxed iframes can do cross-domain GETs for stylesheets and scripts
http://github.com/aaronpk/Webmention/issues/21
scribe: bengo had suggestion of
discovery steps addition of having a 4th step checking a
.well-known to find the webmention endpoint
... which lets you delegate an entire domain to a webmention
endopint without having to add it as a link header
... Question is, is this worth it or is a http link header
enough to support whole domain delegation
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97784&oldid=97783
scribe: One path forward is say:
the http link header can be configured at the server level so
that's enough to support server-wide delegation
... You're a large orgnaisation with many different subsystems,
which is pretty common, wanting to have a single webmention
endpoint across the whole thing
... the http link header can be configured at the server, not
the software, so maybe that's enough
... Other option is to add this well-known and add it at-risk
since ther eare no implementations right now
... See if anyone implements, and if not drop it
tantek: last time this came up we
resolved to stick with follow your nose
... which this is not
aaronpk: I think bengos'
arguement that this was new information is a use case that many
different kinds of software installed that we hadn't considered
when making that resolution
... My proposal to clos ethis with no action is justified by an
http link header can be configured server wise
<rhiaro> DIdn't he also say something about not being able to configure the http header?
aaronpk: I think it's the same amount of work organisationally to add the .well-known path as it would to configure the link header
eprodrom: the link rel is
registered and defined right? So since there is host-meta, the
link is already there in http
... if someone wants to go sniffing around and wants to try
some bottom of the barrel ways to try it, there are ways for
them to do it already with the link-rel
... The worst would be to say if you still can't find it try
other ways of turning a link-rel into an endpoint
aaronpk: I'd rather not recommend
another way for senders to find endpoints, there are already 3
and they have to do ALL of them
... And if you add a 4th they'll have to do that also and it's
a very different mechanism
... Now you're dealing with parsing link headers (already non
trivial), parsing html, then you'd have to also parse xml, also
parse json
hhalpin: what are the current ones?
aaronpk: http link header, html link tag and html a tag
hhalpin: not being able to modify
the link header is common if you don't have full control
... but then the a tag should work
aaronpk: if you do have full control you're in the same position to add .well-known as to create link header
hhalpin: but if you can create
directoreis and put files in you can't add a link header
... but then the a tag should be fine
... In the normal web development world, lots of people don't
even know link headers exist
... but almost everyone knows how to parse html
... As long as there's a way of putting it in without link
headers
aaronpk: totally
sandro: my question si do you
ever want to be able to do webmention on a jpeg withotu a link
header
... I think that's not worth worryign about, but I can see that
someone might think it is
<hhalpin> I'm going to note that this came up with Objective8 and D-CENT
<hhalpin> I.e. problems with Link headers (i.e. their developers didn't know HTTP Link headers existed)
aaronpk: sounds like we're okay
with slight limitations with current discovery
... Which support vast majority of use cases
<hhalpin> However, it was easy to get folks to add to the HTML
sandro: anything about how you have to parse html?
aaronpk: I think it just says to look for the rel
sandro: html5?
aaronpk: normatively references http link header 5988 and also says ... no doesn't reference html in discovery
sandro: so test suite should have
corner cases about how it appears in html
... and how they differ in closing angle bracket missing
etc
aaronpk: I have a ton of that test data already
http://github.com/aaronpk/Webmention/issues/29
scribe: waiting on IANA to
accept
... paragraph added to spec
http://github.com/aaronpk/Webmention/issues/32
scribe: Just need to add, tried
to do last night, didnt' get to it, but tantek threw some ideas
my way so I should be able to do that now
... And done.
tantek: so you have all issues with a resolution, outstanding editing to do
aaronpk: these three require
editing that we agreed to already that I need to do
... And then conformance requiremetns sectiion I don't have
anything we can review right now but we're not going to cr
so
tantek: add by when?
aaronpk: if we can agree to publish a new draft I can add it in that process
tantek: if you commit to adding one we can say publish it with the edits we've agreed to
aaronpk: yep
tantek: do you have a path forward on all issues?
aaronpk: yes
tantek: we already resolved to
publish new AS2 drafts with edits in the pipeline
... So any of the others things that editors want to publish
new drafts of?
aaronpk: yes webmention
... I do have a change on micropub to register with iana,
queued up, however not a lot of other changes, so I still would
like to publish but it's not a huge change
eprodrom: activitypub?
... Does it make sense to make a resolution right now to
publish with discussed edits?
tantek: do you want to give the
group a chacne to review your changes before doing another
resolution to publish, or are there enough changes the group
already agreed to that you can publish once you make them
... Or do you want more time for those changes plus any
others?
cwebber2: Okay we'll make those
changes first that the group agreed to
... Then do more after that
tsyesika: we fix the bugs the group agreed to and publish
cwebber2: right, yes
tantek: one proposal?
PROPOSAL: Resolve to publish webmention, micropub and activitypub pending changes agreed by the wg this face-to-face
<ben_thatmustbeme> +1
<eprodrom> +1
+1
<aaronpk> +1
<tantek> +1
<cwebber2> ~1
<cwebber2> wait
<cwebber2> +1
<hhalpin> +1
<tsyesika> +1
<wilkie> +1
<sandro> +1
RESOLUTION: Resolve to publish webmention, micropub and activitypub pending changes agreed by the wg this face-to-face
<KevinMarks_> +1
eprodrom: we have spare time, so anything else for next 25 minutes?
sandro: hopefully quick..
... I thought more about github spec labels yesterday and cut
down to 10
... from 16
<sandro> https://github.com/sandhawke/spec-labels-min
<sandro> https://github.com/sandhawke/spec-labels-min/labels?sort=name-asc
sandro: It has its own issues
<hhalpin> Quick notes, we have assembled a group of security/privacy experts to look at decentralization https://nextleap.eu
<hhalpin> And the W3C WebAuth group is likely to have one-factor cryptographic authentication in browsers end of this-year, early-next year
<hhalpin> https://www.w3.org/Webauthn/
<KevinMarks_> does the editor apply these or the commenter?
<hhalpin> No changes needed by specs, but just resources and new W3C work
sandro: Editor, or someone with write access to repo
eprodrom: is there an action we
can take now?
... Review them and deicde if we're going to apply them to our
spec repos?
tantek: first 6 seems self
explanatory
... What's process communiyt?
sandro: Where someone says "I
don't understand how this group works"
... Not for the editors, but they come up
... "Let me speak to your manager"
<Loqi> Tantekelik made 1 edit to [[Socialwg/2016-03-16]] https://www.w3.org/wiki/index.php?diff=97785&oldid=97784
tantek: I think we might need
something stronger
... Like 'needs chair input' or something
cwebber2: what if it's just like "I'm not sure if this has somethign to do with it" and the editor doesn't know either
tantek: this is for the editor to say "this is not about my spec, this is a group issue, sending to chairs"
sandro: I like this being able to used by groups that aren't w3c, that's why I said 'process community' not chair, to generalise
annbass: but... your example
where you said there were issues that were people saying they
were being ignored, I was takign that to mean there's been some
discomfort of different technical positions proposed and
feeling like they're blown off
... THat's in a different category than waiting for management
approval
tantek: that's "commentors are
unsatisfied by response", that's there
... The director will look at each one of these and see if the
commetnor has merit
hhalpin: Do we need to note this unless there's a formal objection?
sandro: the director does like to knwo who is satisfied and who is unsatisfied
hhalpin: I've always just listed formal objections
sandro: talked to Philippe about this
eprodrom: are we comfortable with these labels?
tantek: "waiting for commentor" could mean two different things
sandro: ther'es not a lot o you can do until you hear back
tantek: could be differnet for open vs closed
sandro: if it's closed you might be waiting to see if they're satisfied or not
tantek: 'waiting for group input' -> 'needs group input'
<hhalpin> I think we should note that people were unhappy, but if someone (unsatisfied commenter) proposes a technical solution and it doesn't meet the group's requirements (i.e. its not implemented, has no interest from more than one implementer, or has known technical flaws) then the group can argue simply than the unsatisfied commenter did not satisfiy the groups requirement.
tantek: Do we really need the last one?
sandro: james used that tag
sometimes
... on as2
... standard github one
... ('help')
tantek: is that pr requested?
aaronpk: 'happy to have this in there but I'm not gonna do it'
sandro: so, needs volunteer?
tantek: stronger than that
wilkie: point of entry for new people too
tantek: I like that
... If we can phrase it in a way that makes it welcoming for
new folks
sandro: 'needs volunteer'
everyone: k
tantek: can we collapse the first two? commentor needs no response and satisfied by response
sandro: just 'commentor satsified'
*bikeshedding about colours of labels*
<KevinMarks_> as opposed to Commenter Generally Unsatisified With Life?
tantek: do the editors understand these
aaronpk: what's the rule on timeout?
annbass: will there be a definition documented?
aaronpk: are there some I can't use without group consensus?
sandro: talk the group before
doing a commentor timeout
... And expect that director will look at commentor satisifed
and commentor not satisfied
aaronpk: and waiting for commentor?
sandro: before timeout, or waiting for more information before you can address the issue
<tsyesika> https://github.com/w3c-social/activitypub/labels :)
eprodrom: resolved that, 3
minutes left
... AOB?
ben_thatmustbeme: if anyone wants to help co-write jf2 who knows more about writing specs?
<KevinMarks_> I am happy to help
ben_thatmustbeme: Kevin had offered to help with it I think
<KevinMarks_> yes
<KevinMarks_> jolly good
PROPOSED: make KevinMarks a coeditor of jf2
RESOLVED (by chairs): make KevinMarks a coeditor of jf2
eprodrom: no telecon next
tuesday
... Next telecon 29th March
... Next f2f in Portland
... Any plans to do something social this evening?
<KevinMarks_> good luck finding a quiet place tonight
<wilkie> lol true
eprodrom: End!
RRSAgent end meeting
<ben_thatmustbeme> trackbot end meeting
This is scribe.perl Revision: 1.144 of Date: 2015/11/17 08:39:34 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/taking/looking at what is needed next for taking/ Succeeded: s/processors/processes/ Succeeded: s/jasnell_:/jasnell_,/ Succeeded: s/sectino/section/ Succeeded: s/verison/version/ Succeeded: s/sepc/spec/ Succeeded: s/(but it is to enter)/(but it is to exit)/ FAILED: s/clenaing/cleaning/ Succeeded: s/TOPIC: post type discovery// Succeeded: s/I think this should still be a community effort./My suggestion is to move the IG to be a Community Group (CG), so that anyone in the world can participate, without being a W3C member or Invited Expert./ Succeeded: s/I've met and talked to Syrian people who were caught and tortured and I've asked them what they use for social tools and communication and they say "whatever we can find"/I suggest the main goal of the CG might be to collect additional social use cases that we haven't thought of, especially from people who haven't participated before, or who are from cultural environments we personally haven't experienced./ Succeeded: s/our interest in the consortium/Also, I am now co-chairing the W3C Positive Work Environment Task Force (PWET) with Amy van der Hiel. Our interest in the consortium/ Succeeded: s/yeah, and how/how/ Succeeded: s/yeah. but we've all seen that. and what can we do./I'm not sure about that. But we've all seen it in various situations. What can we do to improve?/ Succeeded: s/has not/has/ Succeeded: s/people don't realize even if you call it out /people don't realize THEY have behaved that way, even when you call it out; / Succeeded: s/or date/or boolean/ Succeeded: s/solution would be un-lossy/solution would be lossy for privacy purposes, but un-lossy/ Succeeded: s/implement this for/implement/ Succeeded: s/caviats/caveats/ Succeeded: s/activitypub document/socialpub document/ Succeeded: s/microformats/micropub/ Succeeded: s/not/now/ Succeeded: s/anagolous /analogous / Succeeded: s/color/colour/ Found Scribe: ben_thatmustbeme Inferring ScribeNick: ben_thatmustbeme Found ScribeNick: ben_thatmustbeme Found Scribe: Ben Roberts Found ScribeNick: aaronpk Found ScribeNick: ben_thatmust Found Scribe: cwebber2 Found ScribeNick: cwebber2 Found Scribe: rhiaro Found ScribeNick: rhiaro Found Scribe: wilkie Inferring ScribeNick: wilkie Found ScribeNick: ben_thatmustbeme Found Scribe: sandro Inferring ScribeNick: sandro Found Scribe: rhiaro Inferring ScribeNick: rhiaro Scribes: ben_thatmustbeme, Ben Roberts, cwebber2, rhiaro, wilkie, sandro ScribeNicks: ben_thatmustbeme, aaronpk, ben_thatmust, cwebber2, rhiaro, wilkie, sandro Default Present: tantek, wilkie, dmitriz, rhiaro, aaronpk, shevski, ben_thatmustbeme, cwebber, tsyesika, sandro, Karli, AnnBass Present: tantek wilkie dmitriz rhiaro aaronpk shevski ben_thatmustbeme cwebber tsyesika sandro Karli AnnBass Agenda: https://www.w3.org/wiki/Socialwg/2016-03-16#Agenda Found Date: 16 Mar 2016 Guessing minutes URL: http://www.w3.org/2016/03/16-social-minutes.html People with action items:[End of scribe.perl diagnostic output]