IETF HTML5 Meeting March 2009

From W3C Wiki

The IETF is meeting in San Francisco in March 2009. Given that there are overlapping areas of interest, in particular with the HTTPbis and HTML working groups that it seemed like it might be a good idea to have an informal get-together.

Venue/Participants

Location: Hilton San Francisco, Room: Continental 7&8

Date/time: 8pm Wednesday, March 25th

Participants:

  • David Levine (IBM)
  • Meadhbh Hamrick(Infinity)
  • Barry Leiba
  • Sabatore Loreto
  • Sam Ruby
  • Mark Nottingham
  • Larry Masinter
  • Lisa Dusseault
  • Rob Sayre
  • DanConnolly
  • Ian Hickson
  • Chris Wilson
  • Yngve N. Pettersen (Opera)
  • David Singer
  • Poeus Uhley (sp?)
  • Lucas Adamski (Mozilla)
  • Jonas Sicking

Goals

  • Better mutual understanding of what the technical issues are and who should be involved in the technical discussions
  • Common mutual understanding of what the procedural issues are
  • Plan for how to move forward with coordination

Agenda Items / Minutes

HTML5 related issues

  • The Web Socket protocol spec (or some other technology that addresses the same needs; note HTML WG scope/requirements issue)
    • IETF has a number of related Server Initiated HTTP initiatives, and is in the process of setting up a mailing list for "SI-HTTP".
    • The advocates for this feature were not in the room, and Hixie did not further elaborate on the the use cases.
    • Action Item: MNot to bring this to the appropriate mailing list
  • HTML5's URI section (DanConnolly and Larry Masinter to work on this; e.g. HTML WG action 68)
    • We discussed IDN and URI/IRI (international domain names vs. HTML5/W3C use of IRI). Changes to IRI would impact specs like Atom. Larry advocated revising this spec, others were less enthusiastic. It would be a big undertaking, and it wasn't clear that Martin Dürst was available.
    • Rob Sayre suggested the name "Hypertext References". This was met with wide approval.
    • Action Item: Dan to reformat the document as an Internet Draft
  • Content-Type sniffing section of HTML5 (Adam Barth working on a draft)
    • The IETF would block progress on such a draft, even as an Informational RFC, if it conflicted with a standards track RFC (i.e. HTTP).
    • MNot indicated that he saw it as quite possible that the HTTPbis Working Group would reach rough consensus on the revising HTTP to provide some "wiggle room" for such an RFC.
    • Lisa indicated that this work could proceed without needing to block on the completion of the HTTP spec, i.e., rough consensus was sufficient to unblock.
    • Action Item: Lisa to review the current draft.
  • Origin header proposal (Adam Barth internet draft)
    • The IETF is not convinced that there is a use case for this new header
    • IETF would prefer slight changes to referrer header
    • Browser vendors are highly skeptical that that will be sufficient
    • Action Item: MNot to send a pointer to prior discussion
  • Security mechanisms for CORS and CRSF (both in HTML5 and W3C/WhatWG Web Apps)
    • 2-3 years ago CORS/CRSF was reviewed negatively. It has been substantially rewritten in a way that addresses the issues that were raised; implementation was well underway
    • A protocol and security review need to be initiated ASAP.
    • Todo: Jonas to send an email with pointers and/or description to Mark Nottingham
  • Other Web security issues Top 8 Web 2.0 Security Threats, Top 20 Web security threats
    • IETF does not want to do user interface recommendations
    • The W3C has tried, but has historically not succeeded in getting all the right people into the discussion.
    • There are ample examples of items that would benefit from a greater security review: OAuth is an example that involves both UI and protocol, OpenID and phishing. Sandbox of JavaScript.
    • We discussed a "joint workshop". The concern is that it would attract a number of people who don't have "skin in the game".
    • During the discussion, it came out that there are efforts to produce an HTTP Authentication mechanism based on OAUTH.
    • Action Item: Meadhbh Hamrick (Infinity) to explore involving NIST
  • MIME type registrations for text/html and application/xhtml+xml (note HTML WG issue ISSUE-53 mediatypereg)
    • This item appeared to be routine business as usual. Any issues are internal to the W3C.
    • Action Item: Sam to work on reconciling the multiple uses of the MIME types
  • HTML 5 and scripting media types: Bug 6684: Disregard of RFC 4329 and IANA MIME Media Types
    • Markup for things like inline CSS was not thought to be a coordination issue

Metadata

Web Apps related:

  • MIME types for zip-based formats (for WebApps)
  • URI schemes in packages (for WebAPPS)
    • A number of limitations (example: disallow multiple syntaxes) were discussed, no disagreement was apparent.
    • Don't use +zip, come up with a media type and submit for review
    • A mailing list was set up for this public-pkg-uri-scheme@w3.org

Others:

  • What other WhatWG/W3C/IETF activities that might require a similar kind of coordination?
  (scope the coordination issues for IETF participants)
  • Participants in this meeting seemed to view it as being very useful.
  • Finding venues that naturally attracts the people with the right interest would be valuable. Example(s):