/irc-logs / w3c / #webapps / 2009-04-03 / end

Options:

1. # Session Start: Fri Apr 03 00:00:00 2009
2. # Session Ident: #webapps
3. # [01:27] * Disconnected
4. # [01:27] * Attempting to rejoin channel #webapps
5. # [01:27] * Rejoined channel #webapps
6. # [01:27] * Topic is 'Web Applications WG (this channel is logged at http://krijnhoetmer.nl/irc-logs/)'
7. # [01:27] * Set by ArtB on Wed Mar 11 20:47:52
8. # [02:49] <anne> shepazu: http://lists.w3.org/Archives/Public/ietf-http-wg/2007OctDec/0298.html
9. # [04:15] * Quits: shepazu (schepers@128.30.52.30) (Client exited)
10. # [04:15] * Joins: shepazu (schepers@128.30.52.30)
11. # [04:20] * Quits: shepazu (schepers@128.30.52.30) (Client exited)
12. # [04:20] * Joins: shepazu (schepers@128.30.52.30)
13. # [06:37] * Quits: nico (nico@133.27.247.181) (Ping timeout)
14. # [06:37] * Joins: nico (nico@133.27.247.181)
15. # [07:28] * Quits: heycam (cam@130.194.73.110) (Quit: bye)
16. # [07:47] * Joins: arve (arve@95.34.27.22)
17. # [08:16] * Quits: arve (arve@95.34.27.22) (Quit: Ex-Chat)
18. # [08:30] * Quits: MikeSmith (MikeSmith@mcclure.w3.org) (Quit: Tomorrow to fresh woods, and pastures new.)
19. # [09:09] * Joins: MikeSmith (MikeSmith@mcclure.w3.org)
20. # [09:48] * Joins: arve (arve@213.236.208.22)
21. # [10:19] * Joins: Marcos (Marcos@213.236.208.22)
22. # [10:22] * Joins: heycam (cam@210.84.21.15)
23. # [11:32] * Quits: arve (arve@213.236.208.22) (Connection reset by peer)
24. # [11:33] * Joins: arve (arve@213.236.208.22)
25. # [12:06] * Quits: Lachy (Lachlan@85.196.122.246) (Quit: This computer has gone to sleep)
26. # [12:23] * Joins: Lachy (Lachlan@213.236.208.22)
27. # [13:05] * Joins: ArtB (d0309a43@128.30.52.43)
28. # [13:20] <ArtB> Marcos, thanks for the quick work moving <update> to Updates spec!
29. # [13:21] <Marcos> no probs
30. # [13:21] <ArtB> hmmm, http://dev.w3.org/2006/waf/widgets-updates/ says Oct 8 2008
31. # [13:21] <Marcos> I'll upload now
32. # [13:21] <ArtB> cool
33. # [13:22] <ArtB> since we aren't meeting next week, perhaps I should start a 1-wk CfC to pulish a new WD of Updates spec. WDYT?
34. # [13:22] <Marcos> done
35. # [13:23] <Marcos> Let me clean it up a wee bit
36. # [13:23] <anne> Marcos, if you really need preferences, why not store them in a separate API?
37. # [13:23] <ArtB> Marcos - I will wait for a heads up. I found one typo:
38. # [13:23] <anne> Marcos, Widgets will get localStorage by virtue of using HTML+JavaScript
39. # [13:24] <Marcos> Anne, not following
40. # [13:24] <ArtB> "public list of any patent disclosures" link has a "chttp://..." i.e. extra "c" that should be removed
41. # [13:25] <Marcos> Anne, yes, we get localStorage for HTML. But what about SVG?
42. # [13:26] <Marcos> ArtB: fixed
43. # [13:26] <Marcos> uploaded
44. # [13:26] <Marcos> n
45. # [13:28] <ArtB> ok; I'll send the CfC when you tell me you're ready
46. # [13:28] <anne> Marcos, it's attached to the global object, not HTML
47. # [13:29] <Marcos> Anne, all we want is that Storage be available on whatever technology uses widgets. If someone wants to build a Flash widget engine, the Storage interface must be available
48. # [13:29] <Marcos> Don't care what the global object is, so long as it has storage
49. # [13:30] <Marcos> (and that some of the values are read only)
50. # [13:31] <Marcos> and that the values of storage are pre-populated based on the preference elements in the config doc on first run
51. # [13:32] <anne> If Flash supports Web Storage it should work
52. # [13:33] <anne> and the Window object
53. # [13:33] <anne> but I'm not sure why we should care about proprietary technology
54. # [13:36] <Marcos> Anne, you can't stifle innovation like that. We care about proprietary tech because proprietary is what becomes a web standard. Think XHR, for instance.
55. # [13:37] <Marcos> Adobe could give Flash to the W3C tomorrow. Or any entity could hand over a technology tomorrow for standardization. The idea is to future proof and not limit how widgets are used.
56. # [13:37] <Marcos> while keeping new uses of widgets standards compliant
57. # [13:38] <anne> Flash already has storage capabilities, why would we want to add more
58. # [13:39] <anne> you seem to insist on that some things should always be the same and some things like format, scripting language, styling language, etc. can be invariant
59. # [13:39] <anne> but the way you pick this seems arbitrary at best
60. # [13:40] <Marcos> Kinda true.
61. # [13:40] <Marcos> Widgets are just a general container format with some guaranteed APIs. That's it.
62. # [13:40] <Marcos> it says nothing of the content itself.
63. # [13:41] <Marcos> In the real world, however, you are right to say: "that's dumb, they are only to really be used with the web stack"
64. # [13:41] <anne> that's pretty pointless because the app is build out of the "content"
65. # [13:42] <anne> and if the "content" provides better APIs they won't use the ones Widgets "guarantee"
66. # [13:43] <Marcos> Ya. But in architecture astronaut land it makes sense. If they don't use our APIs, then they ain't a widget user agent.
67. # [13:43] <Marcos> It's like having a HTML browser with no Window object
68. # [13:43] <Marcos> Does HTML4.01 define a window object?
69. # [13:44] <anne> I'm saying that authors will use the APIs from Flash rather than the ones from Widgets if they author Flash Widgets.
70. # [13:44] <anne> Of course it doesn't. You know that.
71. # [13:44] <Marcos> Why would they use the ones in Flash if they can use the ones provided by widgets?
72. # [13:45] <anne> because they're already familiar with how Flash works and Adobe prolly has better documentation
73. # [13:46] <anne> reinventing storage just because you want it to be the same for all theoretical widget engines is silly
74. # [13:46] <anne> are you going to reinvent geolocation too?
75. # [13:46] <Marcos> No, we are not reinventing anything. We are just using it.
76. # [13:47] <anne> if you expose it separately from localStorage every HTML widget engine will end up with two storage areas for each widget (at least in theory)
77. # [13:47] <anne> that's just dumb engineering
78. # [13:47] <Marcos> My Open Widget Flash Player is not build by Adobe, and it only supports the widget storage interface
79. # [13:48] <Marcos> Anne, no, this is not true. They both use the same Storage interface.
80. # [13:48] <anne> sure, but diffrent objects
81. # [13:49] <anne> subsetting Flash seems to go against the idea of that widgets just provide a simple wrapper for what you already know
82. # [13:49] <Marcos> However, iff it is a widget, the values of Storage are firstly populated by the <preference> element. The widget Storage interface is only slightly different in that it supports read only prefs
83. # [13:49] <anne> for an architecture astronaut you're not very consistent :)
84. # [13:49] <Marcos> lol!
85. # [13:50] <Marcos> I never claimed they did anything for anyone, especially in regards to reusing existing native code for any platform.
86. # [13:51] <Marcos> Ok, stop using Flash. Talk about SVG now.
87. # [13:51] <Marcos> do I get Storage with my SVG widget engine?
88. # [13:51] <anne> yes, under window.localStorage
89. # [13:52] <anne> you'll get it with any XML markup language rendered in a browsing context
90. # [13:52] <Marcos> is that defined in the SVG spec? (i.e., that localStorage and Window must be available to a widget implementation that supports SVG?)
91. # [13:52] <anne> no, it follows from requirements in HTML5 and Web Storage atm
92. # [13:53] <Marcos> But it needs to be stated explicitly that X is a "browsing context" [HTML5]
93. # [13:53] <anne> I don't really see how you can still position it as SVG vs HTML though
94. # [13:53] <anne> they work together
95. # [13:53] <Marcos> it's not a VS thing
96. # [13:53] <Marcos> SVG can be standalone right?
97. # [13:54] <anne> yeah, but HTML5 has some requirements for that too
98. # [13:54] <Marcos> for that? that = svg?
99. # [13:55] <Marcos> what about tomorrow's FOOML?
100. # [13:55] <anne> for loading any kind of document
101. # [13:55] <Marcos> ok, so long as it is a browsing context?
102. # [13:56] <anne> it goes a bit further than that
103. # [13:56] <Marcos> how so?
104. # [13:57] <anne> see bits on navigation and page loading
105. # [14:02] <anne> anyway, you need something like it for HTML/SVG widget engines otherwise you have no scripting :)
106. # [14:04] <Marcos> I see. This only abstracts things further. Basically what you are saying is to do away with the Storage requirement and the XHR requirement and leave it as an implementation detail.
107. # [14:04] <Marcos> Forget the baseline APIs.
108. # [14:05] <Marcos> Makes some sense, as we did the same with all supported content types for the same rationale you are giving
109. # [14:05] <Marcos> more or less
110. # [14:06] <Marcos> Still, it's gonna be a hard sell. Regardless, we would still want the Storage interface to include our requirements.
111. # [14:07] <Marcos> Arve: ^^^^
112. # [14:07] <anne> you can require baseline APIs for HTML widget engines
113. # [14:07] <anne> if you really think your silly distinction matters :p
114. # [14:08] <Marcos> It only matters because I want to guarantee XHR and Storage.
115. # [14:08] <Marcos> no other reason
116. # [14:08] <Marcos> I see them as critical features.
117. # [14:09] <anne> it seems to me you can require them just fine, but if you only want ot require them from HTML/SVG widget engines you could do it in a section dedicated to those
118. # [14:09] <anne> or something like that
119. # [14:09] <Marcos> But Why can't I require them for Flash?
120. # [14:11] <anne> makes no sense for Flash, they have their own APIs
121. # [14:11] <Marcos> But they could add XHR tomorrow
122. # [14:12] <anne> why would they want two HTTP APIs?
123. # [14:12] <Marcos> This is what Yahoo! did, they added XHR
124. # [14:12] <anne> still drinking the Y! koolaid?
125. # [14:12] <Marcos> Just an example
126. # [14:12] <anne> could have known it was that
127. # [14:13] <anne> right...
128. # [14:14] <arve> I'm fine with ditching XHR
129. # [14:14] <arve> I'm not fine with ditching an API that provides the widget with its own packaging data
130. # [14:15] <Marcos> Yeah, that makes sense because it is unique to widgets. What about storage?
131. # [14:15] <Marcos> Do we dump storage?
132. # [14:15] <arve> no
133. # [14:15] <arve> it's required, given that we've decided that the widget can carry declared storage data
134. # [14:15] <Marcos> why, by the same logic that we dump XHR we should dump Storage?
135. # [14:15] <arve> because if we can't, we're back to redefining an already functioning API
136. # [14:16] <arve> there is no requirement that a widget should have network capabilities
137. # [14:16] <Marcos> We have a requirement that widgets provide some mechanism to perform async network communication
138. # [14:16] <arve> do we?
139. # [14:16] <Marcos> we sure do
140. # [14:16] <arve> can we nuke that?
141. # [14:16] <Marcos> hehe
142. # [14:16] <arve> from orbit
143. # [14:17] <arve> I'm leaning towards making network a <feature>
144. # [14:17] <Marcos> http://dev.w3.org/2006/waf/widgets-reqs/#asynchronous-http-requests
145. # [14:17] <arve> if we drop that requirement, it would be a property of the underlying document technologhy
146. # [14:17] <arve> s/ghy/gy/
147. # [14:18] <Marcos> From the astronauts perspective, we are crippling widgets
148. # [14:18] <Marcos> but I can live with that
149. # [14:19] <anne> you know that architecture astronaut projects are not that successful right?
150. # [14:20] <Marcos> ya, look at that HTTP crap
151. # [14:21] <anne> I'm not quite sure there's an anology there
152. # [14:22] <Marcos> prolly not
153. # [14:39] <ArtB> Marcos, fyi, TLR asked IETF's SAAG for comment about Widgets Dig Sig http://www.ietf.org/mail-archive/web/saag/current/msg02590.html
154. # [14:47] <Marcos> Artb, great
155. # [14:47] <Marcos> Anne, so we will drop XHR, but we still need Storage :)
156. # [14:51] <Marcos> well, I'm kinda convinced we don't need it... but we need some API to access preferences declared in the config document and Storage fits
157. # [14:54] <anne> it's still unclear to me why you'd have preferences in config and not just in script
158. # [14:54] <Marcos> I argued the same thing, talk to Artb :)
159. # [14:55] <anne> not too interested in debating this
160. # [14:55] <Marcos> Understood. It's in there now, so we have to live with ti
161. # [14:55] <Marcos> it
162. # [14:57] <anne> that's not how it works
163. # [15:12] * Quits: MikeSmith (MikeSmith@mcclure.w3.org) (Ping timeout)
164. # [15:15] * Quits: Lachy (Lachlan@213.236.208.22) (Quit: Leaving)
165. # [15:15] * Joins: Lachy (Lachlan@213.236.208.22)
166. # [15:19] * Quits: Lachy (Lachlan@213.236.208.22) (Quit: Leaving)
167. # [15:39] * Joins: Lachy (Lachlan@213.236.208.22)
168. # [16:08] * Quits: nico (nico@133.27.247.181) (Ping timeout)
169. # [16:11] * Joins: nico (nico@133.27.247.181)
170. # [16:18] <Marcos> anne, how does it work then?
171. # [16:32] <timelE61i> fWiw, i think i agree w/ anne
172. # [16:50] <Marcos> timelE61i: Anne made a lot of crazy statements, which do you agree with? :)
173. # [17:01] <anne> Marcos, that something is in a draft does not mean it cannot be taken out again
174. # [17:01] <anne> Marcos, the draft in fact says that right at the top
175. # [17:02] <anne> Marcos, crazy?
176. # [17:02] <Marcos> I'm just messin with ya :)
177. # [17:02] <Marcos> I'm just saying they are crazy because I know you are right
178. # [17:03] <anne> I see, guess I'm plenty crazy then :p
179. # [17:03] <Marcos> (it's a feeble attempt to keep my dignity while making the changes you suggested but at the same time denigrating your status for being correct)
180. # [17:04] <Marcos> so yeah! you crazy@
181. # [17:15] * Quits: anne (annevk@83.86.138.148) (Ping timeout)
182. # [17:19] * Joins: anne (annevk@83.86.138.148)
183. # [18:01] * Joins: aroben (aroben@71.58.77.15)
184. # [18:09] * Quits: timelE61i (timeless@80.186.61.136) (Ping timeout)
185. # [18:41] * Joins: Marcos_ (Marcos@213.236.208.247)
186. # [18:42] * Quits: Marcos_ (Marcos@213.236.208.247) (Quit: Marcos_)
187. # [18:43] * Quits: Marcos (Marcos@213.236.208.22) (Ping timeout)
188. # [19:30] * Quits: Lachy (Lachlan@213.236.208.22) (Quit: This computer has gone to sleep)
189. # [20:03] <shepazu> anne: all the HTTP Origin Header discussion on ietf-http-wg would be relevant evidence for liaison with IETF, regarding Adobe's comment, would it not?
190. # [20:17] * Quits: arve (arve@213.236.208.22) (Quit: Ex-Chat)
191. # [20:17] <anne> that's sort of a side discussion, not directly related to CORS
192. # [20:18] <anne> the HTTP WG has never given direct feedback on CORS
193. # [20:34] <shepazu> anne: the message you sent was rather old... Nov 2007, about 1.5 years... should we try again to get some feedback?
194. # [20:35] <anne> we could I suppose
195. # [20:35] <anne> mnot said he's raise it with the http wg again though
196. # [20:36] <anne> so I guess he will
197. # [20:36] <shepazu> yeah, people get busy and distracted
198. # [20:36] <shepazu> so, I think it would be appropriate for us to do so, especially if it's changed in that time
199. # [20:37] <anne> mnot is going to do it already
200. # [20:38] <anne> it changed, but it got pretty much ignored the first time around...
201. # [20:38] <shepazu> when did you talk to mnot?
202. # [20:38] <shepazu> any url?
203. # [20:38] <anne> private
204. # [20:39] <anne> one of the rare standards related private emails I get
205. # [20:39] <shepazu> ok, but he said recently that he'd raise it again?
206. # [20:40] <shepazu> I think I'll make a public request for review, if you don't mind
207. # [20:40] <shepazu> that way, it's all in public view
208. # [20:41] <shepazu> anne: what do you think of Adobe's request to split out CORS into a separate WG?
209. # [20:41] <shepazu> nobody really commented on that, ArtB... should we do that?
210. # [20:42] <anne> I think it's a waste of resources
211. # [20:43] <shepazu> how so?
212. # [20:43] <anne> because I don't see why it's needed
213. # [20:43] <anne> the spec is pretty much done
214. # [20:43] <anne> impls are shipping
215. # [20:44] <anne> what are we doing to do? over engineer a v2 because we need to do something at those F2F meetings?
216. # [20:45] <shepazu> dunno, I have no opinion, I'm just trying to assess responses based on feedback for the AC review of the charter
217. # [20:47] <anne> have fun :)
218. # [20:47] <shepazu> tlr didn't mind where it happened, Adobe wanted to split it out so more people could get involved... Jonas didn't mind splitting it out (but really just wants more feedback)
219. # [20:48] <sicking> i want a reason for why splitting it out is going to archive the effects they seek
220. # [20:49] <shepazu> anne: as editor, you're affected by this... I don't want to hear complaints about how W3C resolved this if the feedback for keeping it in is all indifferent
221. # [20:49] <sicking> shepazu, a convincing reason
222. # [20:49] <sicking> but if they have that i'm fine with splitting out security webapps work
223. # [20:49] <sicking> (though really, security is part of many specs)
224. # [20:49] <anne> shepazu, I gave you my opinion
225. # [20:50] <shepazu> sicking: yes, the fact that they have had a chance to review it for 1.5 years and have neglected to do so doesn't seem like splitting it out would change things
226. # [20:50] <sicking> shepazu, indeed
227. # [20:50] <sicking> shepazu, unless the reason they haven't is because they don't want to join the group for patent reasons
228. # [20:50] <sicking> shepazu, which is not a strong argument with me personally
229. # [20:51] <shepazu> sicking: that seems to be implied, but without more explicit statement, that is too close to FUD
230. # [20:52] <sicking> shepazu, FUD from their part? Or mine?
231. # [20:53] <shepazu> their part... there is an indication that splitting out the work would let more entities join in, but they haven't said why... if it's because of patent concerns, they should simply say so
232. # [20:53] <shepazu> if it's because of other reasons, they should state those
233. # [20:53] <shepazu> as it stands, there is "fear, uncertainty, and doubt" about the reasons for lack of review or participation
234. # [20:53] <anne> Having a separate WG for CORS, a specification which is nearly finished, has three implementations, just seems like a lot of overhead. And the only reason that has been given is that we would get better review, by a person who has not given a review himself.
235. # [20:54] <shepazu> anne: that is that kind of rationale I was looking for from you, thanks
236. # [20:54] <shepazu> you pretty sure that's Opera's stance, in addition to the editor's?
237. # [20:55] <shepazu> note that Adobe's concern was:
238. # [20:55] <shepazu> [[
239. # [20:55] <shepazu> Among other missing communities, the majority
240. # [20:55] <shepazu> of implementors and operators of web servers, proxies, firewalls, and
241. # [20:55] <shepazu> security analysis mechanisms that are concerned with cross-site security
242. # [20:55] <shepazu> issues are not represented in the working group.
243. # [20:55] <shepazu> ]]
244. # [20:56] <shepazu> and:
245. # [20:56] <shepazu> [[
246. # [20:56] <shepazu> Similar coordination concerns apply to coordination of the URI reference
247. # [20:56] <shepazu> mechanism, and the zip-based packaging mechanisms being proposed. The
248. # [20:56] <shepazu> packaging mechanism and the reference scheme used within it, the
249. # [20:56] <shepazu> defaulting of MIME types and the mechanisms for identifying content within
250. # [20:56] <shepazu> a package, the means of cross or intra-packaging issues affect implementors
251. # [20:56] <shepazu> of email security scanners, proxies, gateways, and other internet
252. # [20:56] <anne> shepazu, I've no idea whether Opera cares; we haven't spent a single minute discussing this issue internally so far (thank god)
253. # [20:56] <shepazu> infrastructure that is not well-represented in the working group.
254. # [20:56] <shepazu> ]]
255. # [20:57] <anne> that second issue is about Widgets, not CORS
256. # [20:57] <shepazu> yes
257. # [20:57] <shepazu> I guess marcos isn't here, the bum
258. # [20:57] <anne> the first one may be true, but we invited feedback from the HTTP WG which has those communities on their mailing list I assume
259. # [20:58] <shepazu> but we have plenty of people on record as saying they don't want to split out the widgets work, so the voice is stronger there than on CORS
260. # [20:59] <shepazu> anne: it may not matter to you what Opera's stance is, but it may matter to other companies (like Adobe)
261. # [20:59] <anne> I doubt most of the CORS people care enough to debate about this
262. # [21:01] <shepazu> wow, glibness is such a powerful argument, thanks
263. # [21:02] <anne> I'm pretty much indifferent as I all I have to do is get chaals to nominate me and change the boilerplate text. The W3C otoh has to find a chair, set up a group site, find a team contact, invite members to join, etc. And all for a draft that will unlikely change much.
264. # [21:03] <anne> I think the same goes for most other contributors to CORS. Just a different mailing list to select...
265. # [21:05] * anne looks up glibness
266. # [21:05] <shepazu> the larger, more interesting question is how to get the web server, proxy, and firewall folks on board, if indeed that's the issue
267. # [21:06] <anne> I wonder if he's talking about CORS there or about using Origin as XSRF defense
268. # [21:06] <shepazu> I'm not totally convinced that a new WG would do that, so I don't see strong reason to split it, but is there a strategy to actually engage them, or would simply having a spec be enough to move them forward?
269. # [21:07] <anne> As far as I can tell they do not really have to move anywhere...
270. # [21:07] * Joins: Lachy (Lachlan@85.196.122.246)
271. # [21:07] <shepazu> if the latter is the assumption, then is there evidence from past behavior that they would?
272. # [21:08] <anne> Again, I don't know where you want to move them.
273. # [21:08] <shepazu> Larry seems to think they need to be directly involved, are you saying they don't? and if not, why not? (a pointer to an email message would be fine)
274. # [21:09] <anne> I'm not sure why they need to be involved.
275. # [21:11] <shepazu> this seems to be the level of involvement Adam Barth anticipates is needed: http://lists.w3.org/Archives/Public/ietf-http-wg/2009JanMar/0092.html
276. # [21:11] <shepazu> (for the Origin header, in general)
277. # [21:11] <shepazu> I'm not sure it's applicable here
278. # [21:12] <anne> That's just about authors, as far as I can tell.
279. # [21:12] <anne> We already had plenty of author feedback that they want something like this.
280. # [21:13] <shepazu> sure, I agree there
281. # [21:15] <shepazu> but what is the essence of Larry's argument then? how does this affect web server, proxy, and firewall folks? you seem to imply that this doesn't affect them, but Larry seems to think it does
282. # [21:15] <shepazu> sicking: any thoughts on that?
283. # [21:17] <anne> I suppose it is mostly wondering whether firewalls and proxies will filter out the Origin header. But that was a concern mostly with using Origin for XSRF.
284. # [21:18] <anne> They currently do not filter it out though.
285. # [21:18] <anne> So I think we'll just have to see, especially since this is getting deployed already anyway.
286. # [21:18] <shepazu> CORS does rely on the Origin header, right?
287. # [21:19] <anne> I just said as much...
288. # [21:19] <shepazu> just getting my facts straight
289. # [21:21] <shepazu> and as of right now, the only way this would be affected is if firewalls and proxies *actively change* with regards to the Origin header
290. # [21:21] <shepazu> ok, thanks for the input
291. # [21:38] * Quits: heycam (cam@210.84.21.15) (Ping timeout)
292. # [21:43] * ArtB begins to catch up ...
293. # [21:44] <shepazu> anne: the implementers are Opera, Mozilla, and who else? Safari? Chrome?
294. # [21:44] <ArtB> shepazu, WAF and the WebApps started AC4CSR nka CORS over 3 years ago
295. # [21:44] <shepazu> yeah, I know
296. # [21:44] <ArtB> I think that is sufficient time for detractors to raise formal objections to the work being done in WebApps
297. # [21:44] * Joins: heycam (cam@210.84.43.129)
298. # [21:44] <shepazu> one would think so
299. # [21:45] <shepazu> then again, that was before the Origin header was proposed
300. # [21:45] <ArtB> Given the Consortium's resource constraints I don't understand the logic in creating a new WG just because 1 of 400 members recommends it
301. # [21:45] <shepazu> it has changed dramatically in that time (including 3-4 name changes)
302. # [21:46] <ArtB> We have gone through great efforts and pains to do all of the related work in Public
303. # [21:46] <ArtB> and as such Adobe can contribute even if they don't join WebApps
304. # [21:47] <ArtB> changes - true but I don't think that is justification to split the work off
305. # [21:47] <shepazu> ArtB: I didn't say we were necessarily going to create a WG, but if there are security concerns raised, it behooves us to thoroughly put those concerns to rest to avoid any confusion
306. # [21:47] <shepazu> so, I'm looking for sound justification not to split it out, to reduce future concerns
307. # [21:47] <ArtB> We live by the "silence is assent" rule in Web Apps. Given this, there is 100% unanimity that CORS remain in WebApps
308. # [21:48] <shepazu> I'm not talking about process, I'm talking about due diligence
309. # [21:48] <ArtB> I don't recall any member of WebApps WG ever saying security isn't important
310. # [21:48] <shepazu> did you read the whole backscroll, ArtB?
311. # [21:48] <ArtB> If we have been remiss about not asking the right communities to review, them we can easily correct that, right?
312. # [21:49] <shepazu> ArtB: I'm writing that liaison email right now
313. # [21:50] <shepazu> I'm not satisfied with the work simply remaining under WebApps WG, I'm eager that we be above reproach in doing so
314. # [21:50] <ArtB> that just sounds like grand standing to me Doug
315. # [21:51] <ArtB> "not satisifed"
316. # [21:51] <shepazu> whatever
317. # [21:51] <ArtB> "above reproach"
318. # [21:53] <shepazu> look, Adobe raised an issue that this has not gotten sufficient security review, and I think it's a good idea to make sure that 1) it has, and 2) we prove it has
319. # [21:53] <shepazu> sorry if that offends your delicate sensibilities
320. # [21:53] <ArtB> Please define "sufficient" here
321. # [21:53] <ArtB> as I said, if we missed a community then we (WG + Team Contacts) have been remiss and we can easily correct that
322. # [21:53] <ArtB> without creating a new WG!
323. # [21:54] <shepazu> when did I say we were creating a new WG??
324. # [21:54] <ArtB> "I'm not satisfied with the work simply remaining under WebApps WG
325. # [21:55] <ArtB> "
326. # [21:55] <ArtB> "
327. # [21:55] * Quits: Lachy (Lachlan@85.196.122.246) (Quit: This computer has gone to sleep)
328. # [21:55] <ArtB> That sounds like "creating a new WG" to me
329. # [21:55] <shepazu> let me restate then
330. # [21:55] <ArtB> so what did you mean by the "not satisfied" stuff?
331. # [21:56] <anne> shepazu, can't speak for Opera; what is publicy known is Internet Explorer 8, beta versions of Firefox 3.5 and beta versions of Safari 4
332. # [21:56] <anne> and maybe some version of Chrome too
333. # [21:56] <shepazu> if we are going to continue moving the work forward in WebApps WG despite some criticism for doing so, we need to make sure that the points of criticism are addressed from within the WebApps WG
334. # [21:56] <anne> I haven't found documentation for that and cannot test since I do not have Windows
335. # [21:56] <shepazu> anne: thanks
336. # [21:57] <ArtB> shepazu, of course; I don't think I have said otherwise and forgive me if I have
337. # [21:57] <anne> Origin has always been part of the CORS work
338. # [21:57] <shepazu> no, I didn't say you said otherwise... I must not be communicating well
339. # [21:57] <anne> it just had different names over the course of three years
340. # [21:58] <shepazu> anne: it has changed a bit, though, no?
341. # [21:59] <anne> it was always an origin
342. # [22:00] <anne> stuff changed, but all the essentials remained the same
343. # [22:07] * Quits: Hixie (ianh@129.241.93.37) (Quit: restarting irc client to pick up new configuration)
344. # [22:07] * Joins: Hixie (ianh@129.241.93.37)
345. # [22:11] <ArtB> shepazu, I need to leave for the day so please feel free to follow-up with e-mail
346. # [22:11] <shepazu> ok
347. # [22:13] <ArtB> thanks again to Krijn for making sure all of this is logged !
348. # [22:13] * Quits: ArtB (d0309a43@128.30.52.43) (Quit: CGI:IRC)
349. # [22:27] * Joins: Marcos (Marcos@84.215.160.79)
350. # Session Close: Sat Apr 04 00:00:00 2009

The end :)