#social 2016-06-28
2016-06-28 UTC
shepazu, KevinMarks, cwebber2, jasnell, jet, Arnaud, Karli, jasnell_, tantek and annbass joined the channel
# tantek coming up in a few minutes: https://www.w3.org/wiki/Socialwg/2016-06-28
KevinMarks2 joined the channel
RRSAgent joined the channel
# RRSAgent logging to http://www.w3.org/2016/06/28-social-irc
Zakim joined the channel
akuckartz joined the channel
bengo joined the channel
# bengo present+
# bengo +1
# KevinMarks +!
# KevinMarks +1 even
shepazu joined the channel
# bengo +1
# KevinMarks +1
# ben_thatmustbeme can hear only, conference room is ocupied,
# ben_thatmustbeme just got on
# ben_thatmustbeme annbass probably just escapte the / as \/ s/7\/30/6\/30/
# ben_thatmustbeme okay, i have them passing tests, its just i need to finish up one minor piece
# ben_thatmustbeme and yes, today I should be able to do that
# ben_thatmustbeme present+
# bengo rhiaro++
# KevinMarks if only you could webmention them
# KevinMarks I'll have a look
# KevinMarks I copied it in
# ben_thatmustbeme rhiaro, annando is pretty active on github, but we can try in #friendica on freenode to see if anyone has contact info there
# KevinMarks Cathal Garvey
# KevinMarks hm, quitter.no is down
# bengo It explicitly lists the 'id' property as being allowed on Link object in core.
# tantek PROPOSED: Accept editorial change from bengo to AS2 in pull request https://github.com/w3c/activitystreams/pull/329 pending spec editor approval with the intent of making this fix for CR.
# ben_thatmustbeme thats bengo that is talking now
# bengo :)
# ben_thatmustbeme s/ben_thatmustbeme/bengo/
# bengo +1
# tantek RESOLVED: Accept editorial change from bengo to AS2 in pull request https://github.com/w3c/activitystreams/pull/329 pending spec editor approval with the intent of making this fix for CR.
# rhiaro since you're here akuckartz did you manage to get to https://lists.w3.org/Archives/Public/public-socialweb/2016Jun/0080.html or are you letting us time those out?
# ben_thatmustbeme i think it COULD be resolved as editorial
# ben_thatmustbeme or as non-editorial
# ben_thatmustbeme i didn't hear her rejoin
# sandro ( in https://github.com/w3c/activitystreams/issues/53#issuecomment-62921081 he says, ""that would be against the intention of the profile parameter)
# ben_thatmustbeme cwebber2 we cannot hear you
# KevinMarks micropub uses indieauth; webmention doesn't need auth
# ben_thatmustbeme annbass if you want i can take over minuting
# ben_thatmustbeme scribenick: ben_thatmustbeme
# ben_thatmustbeme tantek: back at f2f at MIT we came to an agreement that we would refer to oauth 2 with barer tokens and we would leave it at that
# ben_thatmustbeme sorry, was switching scribes so we can get more in
# ben_thatmustbeme tantek: a reasonable summary from cwebber is that that is insufficient
# ben_thatmustbeme cwebber2: thats issues 1
# ben_thatmustbeme ... issue 2 is, for micropub we list indieauth as a SHOULD (i think)
# ben_thatmustbeme ... is that okay for the group?
# bengo IMO it's good for these specs to say "The Server should explain it's authorization requirements via WWW-Authenticate response header" https://tools.ietf.org/html/rfc6750#section-3
# ben_thatmustbeme aaronpk: the reason that we decided oauth2 with barer tokens is acceptable is because it lets us avoid complicating these issues and these calls
# ben_thatmustbeme ... in stark contrast to oauth 1 with ties requests to authentication
# ben_thatmustbeme ... if you forget everything you know about oauth1, 2.0 becomes much easier
# ben_thatmustbeme ... the important part is that it describes how to get a token. if both of these specs accept tokens, we don't really care how you get that token
# ben_thatmustbeme ... as cwebber2 found, there are not really great solutions for that in desktop apps and hardward devices, they can still use the spec, but they just need a token in some way
# bengo q+
# ben_thatmustbeme ... there isn't a good industry standard on that, so the best way for that is to just say 'use barer tokens' and it can be anything, oath2, indieauth, etc.
# KevinMarks a lot of oauth2 is documenting possible ways to get tokens
# ben_thatmustbeme tantek: it sounds like, you are saying that one way to get a token is indieauth, that sounds like an informative note rather than normative
# ben_thatmustbeme aaronpk: i will say that some of my implementations do not use indieauth, i just copy and paste, and thats a perfectly acceptable method
# ben_thatmustbeme tantek: i think this avoids any issue of the stability of indieauth
# ben_thatmustbeme sandro: basically i agree, at some ponit somebody will come along with a better way to do authentication (i hope)
# ben_thatmustbeme sandro: will the specs need to be rewritten or not? i think the answer is not.
# bengo q-
# ben_thatmustbeme ... its a little bit frustrating when implementing, but thats reality
# bengo q+
# ben_thatmustbeme tantek: it sounds like the state of the industry is messy no matter what we say
# ben_thatmustbeme bengo: as far as the state of the industry is messy, in the last year or two there has been a lot of acceptance of oauth2. they have had a lot of implementations from <lists a bunch>
# ben_thatmustbeme ... oauth2 barer tokens is compatable with that. saying "use barer tokens" is pretty generic, and it lets you use any string at all really
# ben_thatmustbeme ... it could be a little more useful to have an error header to give hints on what is needed for getting that token
# ben_thatmustbeme aaronpk: oauth2 does have a header response for when a request requires a token. I agree the server needs a way to say they need a token. The token is opaque, and it is good that way. its up to the server and client to negotiate that. you don't need that in the spec because thats an implementation detail
# ben_thatmustbeme ... its just saying, the client willg et a string, the client should not try to interpret that string
# ben_thatmustbeme tantek: cwebber2 you originally raised this, is this enough for you to follow up?
# ben_thatmustbeme cwebber2: i think so, i certainly feel like anything useful that could be said on this call has already been said and i can get more info and work on an issue for that
# ben_thatmustbeme tantek: its probably good to record an issue to them to clarify
# ben_thatmustbeme tantek: anything else for that item?
# ben_thatmustbeme cwebber2: no
# ben_thatmustbeme tantek did we want to go back to rhiaro?
# ben_thatmustbeme annbass i'm good
# ben_thatmustbeme aaronpk: the person wants to only have a media endpoint
# ben_thatmustbeme ... is this something we should do now or something we can do in CR
# ben_thatmustbeme sandro: we should do it now, as its not editorial right?
# ben_thatmustbeme aaronpk: it changes the conformance section
# ben_thatmustbeme tantek: the request is to make it optional?
# ben_thatmustbeme aaronpk: yes, make the direct uploads optional if there is a media endpoint
# ben_thatmustbeme sandro: only if there is a media server
# ben_thatmustbeme tantek: your options are to make it optional, or mark it at risk and dropping it in CR
# ben_thatmustbeme ... have you thought about this enough to put forth a specific proposal
# ben_thatmustbeme ... you can mark it optional AND at risk as well
# ben_thatmustbeme aaronpk: the text that would need to change is in the conformance classes section which is .... actually now i'm not seeing that there.
# ben_thatmustbeme ... shoot ... (talks to self a little)
# ben_thatmustbeme sandro: technically we could wait until next week to solve this, even if we get it staged and approval, we could change it
# ben_thatmustbeme ... send an email to the list as soon as you have some clarity to what you want to do here
# ben_thatmustbeme tantek: even better, if you are able to follow up with a PR that the person is ok with, that makes it clear we processed the issue before CR
# ben_thatmustbeme tantek: are there any at risk features in the current draft?
# ben_thatmustbeme aaronpk: i don't think so, the update and delete we implemented
# ben_thatmustbeme tantek: we had only one more explicity item
# ben_thatmustbeme aaronpk: i just wanted to drop links in
# ben_thatmustbeme sandro: you probably all saw a bunch of emails about getting replies from other groups
# ben_thatmustbeme ... two groups replied saying they don't have much time, but there was a response with the security and privacy self review
# ben_thatmustbeme aaronpk: there was another for internationalization
# ben_thatmustbeme <ben_thatmustbeme> i remember looking over the internationalization one before, i think we discussed some time ago
# ben_thatmustbeme tantek: sandro, can you make sure the issues get filed for these
# ben_thatmustbeme ... the response from the other groups was to get these questionaires filled out
# ben_thatmustbeme ... they may cause changes later
# ben_thatmustbeme tantek: thanks everyone, next week, usual time, chair will be evan
# aaronpk and video: https://www.youtube.com/watch?v=0u2Knp8P9eY
# ben_thatmustbeme trackbot, end meeting
# RRSAgent I have made the request to generate http://www.w3.org/2016/06/28-social-minutes.html trackbot
# ben_thatmustbeme Zakim, bye
# ben_thatmustbeme haha, tantek, don't you have to be a full member for that?
# ben_thatmustbeme ahh
# ben_thatmustbeme annbass: just generated https://www.w3.org/wiki/Socialwg/2016-06-28-minutes
# ben_thatmustbeme aaronpk: is loqi still not informing of wiki edits in here
# ben_thatmustbeme thought it would be in by now
# ben_thatmustbeme weird
# ben_thatmustbeme aaronpk: its not caching, curl does the same
shepazu joined the channel
# ben_thatmustbeme nope, wget fetches it fine, curl does not
# ben_thatmustbeme so some other header
Arnaud, tantek_ and tantek joined the channel
# ben_thatmustbeme aaronpk: change the |'s to %7C
# ben_thatmustbeme i spent FAR too long on that
# Loqi Rhiaro made 3 edits to [[Socialwg/Addressing Issues]] https://www.w3.org/wiki/index.php?diff=98882&oldid=98836
# Loqi Rhiaro made 2 edits to [[Socialwg/2016-06-28]] https://www.w3.org/wiki/index.php?diff=98883&oldid=98876
# Loqi Cwebber2 made 1 edit to [[Socialwg/2016-06-28]] https://www.w3.org/wiki/index.php?diff=98876&oldid=98834
# Loqi Sandro made 1 edit to [[Socialwg/2016-06-28]] https://www.w3.org/wiki/index.php?diff=98881&oldid=98878
# Loqi Aaronpk made 2 edits to [[Socialwg/2016-06-28]] https://www.w3.org/wiki/index.php?diff=98885&oldid=98883
# Loqi Tantekelik made 1 edit to [[Socialwg/2016-06-28]] https://www.w3.org/wiki/index.php?diff=98886&oldid=98885
# Loqi Benthatmustbeme made 2 edits to [[Socialwg/2016-06-28-minutes]] https://www.w3.org/wiki/index.php?diff=98889&oldid=0
# Loqi Benthatmustbeme made 1 edit to [[Socialwg/2016-06-28]] https://www.w3.org/wiki/index.php?diff=98888&oldid=98886
# Loqi Benthatmustbeme made 2 edits to [[Socialwg]] https://www.w3.org/wiki/index.php?diff=98891&oldid=98749
# ben_thatmustbeme yay
# ben_thatmustbeme rhiaro: i wonder if people might have an issue with the fact that you just published their emails publicly on the archives?
# ben_thatmustbeme s/emails/email addresses/
Arnaud joined the channel
# ben_thatmustbeme yes
# ben_thatmustbeme i wonder if that should really be considered a bug actually. if you send to the mailing list it asks you to confirm that it can publish your email address and content, but if you sent to someone it publishes their email address publicly.... unless they both happen to have agreed to it already
# ben_thatmustbeme sandro, just waiting on pubrules to come back up. barring any other fixes anyone spots
# ben_thatmustbeme oh, it looks like i have to take out the link to bengo.is which is down right now
# ben_thatmustbeme it was up just a few days ago, so i'm assuming temporary
# ben_thatmustbeme since its ben's homepage, i'm pretty sure thats the case
# ben_thatmustbeme agreed, i was hoping he would be on, but i figure we have some time until i can actually verify that all the pubrules pass
shepazu joined the channel
jasnell, tantek and Arnaud joined the channel