VQ: late regrets from Tim and DaveO
TimBL: partial regrets due to RDFa discussion at SWD meeting at MIT
<DanC_> minutes 9 Jan
VQ: minutes 9 Jan ok by me. any reason not to approve?
Ed: remove DRAFT?
RESOLUTION: to approve 9 Jan minutes, (whether DRAFT removed or not)
VQ: agenda updates?
DanC: I have a question about IRIEverywhere
PROPOSED: to meet 12:00 ET (17:00 UTC, 09:00 PT) Thursdays starting 1 Feb
VQ: there seems to be a critical mass around this proposal; I have seen some reservations...
<timbl> I can manage either of the two proposed time, the first with some rearrangemengt of medium pain
proposal doesn't carry due to a little new info and unknown input from others
DanC: ok, backing off from a long-term decision to next week...
HT: how about half an hour earlier next week so SKW can join? [that's 12:30 Boston time, yes, HT?]
<ht> yes DanC
NM: regrets 30 Jan due to travel
<Zakim> Norm, you wanted to say that I have to give regrets for Tuesday and Thursday of next week; I'll send a list of all my open slots and promise not to object to anything selected in
RESOLUTION: to meet Tue, 30 Jan 12:30pET
NDW: regrets 30 Jan
<DanC_> Subject: RE: TAG - Password in clear text. Tue, 9 Jan 2007 13:20:10 -0600
^msg from Ed
VQ: Ed, any news from MEZ since that 9 Jan msg?
DanC: perhaps I should follow up with Thomas [WSC WG team contact] on whether MEZ [WSC WG chair] got the message or whatever
<scribe> ACTION: DanC to follow up on request for wording re "TAG - Password in clear text."
Ed: maybe there's not enough consensus to finish this after all?
DanC: indeed, John Cowan's msg emphasized a gap in positions, to me.
<noah> Me too, as I recall.
<noah> Haven't reread lately.
<ht> I have done my action, see http://lists.w3.org/Archives/Public/www-tag/2007Jan/0021.html
HT: I did raise the question about how user agent's can't know whether the password is in the clear due to javascript...
<noah> Yes, that's the concern I raised on the last call, that we are telling the browser to warn, but the Javascript may encrypt in a way the browser can't detect.
HT: and I got a response that confirms this is going on
Ed: it's not clear that these javascript techniques are secure
DanC: they look like traditional challenge/response authentication
Noah: some folks use passwords as
"speed bumps" into their sites...
... their requirements are met by passwords in the clear
... how about "HTTP basic is not secure against the
following..."?
DanC: that doesn't address my major concern, which is that web site operators are giving the impression that passwords are protected but not actually protecting the password across the net
Noah: [a pretty good story that the scribe got too far behind to record]
<noah> BTW: someone raised the question last week of what Yahoo! Mail is doing. From what I can tell going to their site, they are using HTTPS and also marking the input field as type="password"
Ed: it's not clear that we've got consensus on what's right and what's wrong
VQ: OK, so we've got DanC's new action an HT's action done...
HT: no progress. :-/
DanC: does the URNs-and-registries finding touch on commercial motivation for DNS alternatives?
HT: no; do you have something solid to point to?
DanC: I think so.
<scribe> ACTION: DanC to look for an example of commercial motivation for alternatives to DNS
HT: please continue my
action
... I still plan to work on this draft
<scribe> ACTION: HT to Update draft finding URNs, Namespaces and Registries. [CONTINUES]
reviewing ACTION NM, accepted on 5 Dec 2005: Produce a new version of URI Schemes and Web Protocols.
NM: I had little confidence when
I tried it at first; I have a little more confidence now,
though it's not obvious what to write. Also, I did a bunch of
TAG writing lately and used up some of that sort of energy;
could use a break.
... so yeah, let's keep the issue open but withdraw the
action.
DanC: yeah, until somebody is inspired...
<scribe> ACTION: NM to Produce a new version of URI Schemes and Web Protocols. [WITHDRAWN]
DanC: Congrats, Norm, on the XQuery REC. The F&O stuff reminds me of the IRIEverywhere issue, and some questions/axioms/formulas TimBL wrote up...
<DanC_> Mappings and identity in URIs and IRIs
issues list has 2 actions re http://www.w3.org/2001/tag/issues.html#IRIEverywhere-27
one on TBL and one on HT...
DanC: do we care about the XML
Core action? withdraw?
... that was about XML Namespaces 1.1, which is
done.
<scribe> ACTION: HT to with Norm report the Namespaces/URI/IRI discussion to XML Core. [DONE]
<scribe> ACTION: DanC to ask TimBL whether XQuery and XML Namespaces 1.1 address IRIEverywhere to his satisfaction, noting http://www.w3.org/2003/04/iri.html
ADJOURN.