IETF
weirds@jabber.ietf.org
Thursday, March 14, 2013< ^ >
Peter Koch has set the subject to: WEIRDS WG at IETF-86
Room Configuration
Room Occupants

GMT+0
[00:14:34] Peter Koch leaves the room
[00:14:49] vincent.levigneron leaves the room
[03:07:01] josephyee joins the room
[03:47:23] josephyee leaves the room
[04:39:26] Ning Kong joins the room
[04:39:35] Ning Kong leaves the room
[11:49:35] josephyee joins the room
[12:38:59] josephyee leaves the room
[13:00:54] Ning Kong joins the room
[13:03:08] Ning Kong leaves the room
[13:14:06] Ning Kong joins the room
[13:21:50] josephyee joins the room
[14:24:34] Ning Kong joins the room
[14:50:20] Ning Kong leaves the room
[14:52:24] Ning Kong joins the room
[15:18:36] Ning Kong leaves the room
[15:23:50] Ning Kong joins the room
[15:24:18] Ning Kong leaves the room
[15:38:35] josephyee leaves the room
[16:00:55] Peter Koch joins the room
[16:50:11] Peter Koch leaves the room
[17:02:11] josephyee joins the room
[17:10:15] Ning Kong joins the room
[18:23:41] Ning Kong leaves the room
[18:41:18] josephyee leaves the room
[19:51:49] Ning Kong joins the room
[20:17:18] Ning Kong leaves the room
[20:30:01] josephyee joins the room
[20:46:22] josephyee leaves the room
[21:16:50] Scott Hollenbeck joins the room
[21:17:03] Andy Newton joins the room
[21:20:49] Scott Hollenbeck leaves the room
[21:21:01] Scott Hollenbeck joins the room
[21:26:53] bje joins the room
[21:28:10] <Scott Hollenbeck> Audio just went away?
[21:28:10] Ning Kong leaves the room
[21:28:44] <Andy Newton> there was audo
[21:28:48] <Andy Newton> audio?
[21:29:12] <Scott Hollenbeck> I think so: http://ietf86streaming.dnsalias.net/ietf/ietf867.m3u
[21:29:19] <bje> does not connect for me
[21:29:20] Ning Kong joins the room
[21:29:58] <Andy Newton> says the stream server cannot accept any more connections
[21:30:07] <Scott Hollenbeck> Me neither, now. It was there a moment ago.
[21:32:16] <bje> is anyone i the room able to relay to the chairs that there is an audio problem, or are we all remote?
[21:32:50] john.levine joins the room
[21:33:12] yone joins the room
[21:33:24] richard.barnes.scribe joins the room
[21:33:33] vincent.levigneron joins the room
[21:33:34] <richard.barnes.scribe> anyone here not in the physical room?
[21:33:49] <Andy Newton> yes
[21:33:50] Andrew Sullivan joins the room
[21:33:59] <richard.barnes.scribe> well, get over here :)
[21:34:01] <Scott Hollenbeck> I'm not
[21:34:14] <richard.barnes.scribe> Chairs have begun, Agenda slide
[21:34:16] <bje> also not physically there
[21:34:19] olaf joins the room
[21:34:21] <bje> also, hi richard
[21:34:27] <Andrew Sullivan> alsi not
[21:34:31] <Scott Hollenbeck> Yo, Olaf, no audio!
[21:34:35] <richard.barnes.scribe> Ning Kong presenting
[21:34:37] <Andrew Sullivan> also, even
[21:34:44] <richard.barnes.scribe> Open Questions on Security Issues for RDAP
[21:34:52] <olaf> You have audio now Scott?
[21:35:07] <Andy Newton> no audio
[21:35:15] <Scott Hollenbeck> No - are you in Caribbean 5?
[21:35:27] <olaf> yes caribian V
[21:35:30] <richard.barnes.scribe> slide: Agenda
[21:35:34] <olaf> Pete is checking into it.
[21:35:34] tony.l.hansen joins the room
[21:35:36] <richard.barnes.scribe> slide: Index
[21:35:46] <richard.barnes.scribe> slide: #1 Federated Authentication
[21:35:57] resnick joins the room
[21:36:03] <olaf> Let us know when you have the feed.
[21:36:29] <richard.barnes.scribe> does the chairs' mic work?
[21:36:30] <olaf> Did yiou hear me?
[21:36:35] <Scott Hollenbeck> no
[21:36:39] <olaf> OK thanks
[21:36:51] <bje> it is not an audio quality problem, it is a connection problem :)
[21:37:02] <resnick> Reporting to noc.
[21:37:16] <richard.barnes.scribe> ning: Considering whether we need to specify a federated authentication mechanism
[21:37:26] <richard.barnes.scribe> e.g., oauth 2.0, OpenID, ...
[21:37:42] <richard.barnes.scribe> olaf: adjourning for a few minutes to fix the audio
[21:37:51] <Scott Hollenbeck> Right, http://ietf86streaming.dnsalias.net/ietf/ietf867.m3u doesn't exist
[21:37:52] <richard.barnes.scribe> pete: NOC says everyone is disconnected
[21:37:58] <richard.barnes.scribe> olaf: ok, not adjourning
[21:38:01] <Scott Hollenbeck> oh lovely
[21:38:04] <olaf> It is a general problem, not a room problem.
[21:38:06] marcos joins the room
[21:38:07] <olaf> We are continuing
[21:38:15] <richard.barnes.scribe> [i will try to paraphrase the audio]
[21:38:37] <john.levine> http://tools.ietf.org/agenda/86/slides/slides-86-weirds-2.pdf
[21:38:43] <john.levine> following slides pretty closely
[21:38:53] <richard.barnes.scribe> joseph yee: when you present this, do you have a use case for fed auth?
[21:39:09] <richard.barnes.scribe> ning: maybe thousands of gtlds will have RDAP service
[21:39:26] <richard.barnes.scribe> don't want to have to have many different accounts
[21:40:11] <richard.barnes.scribe> kaveh: that's correct, but do you know any cases where public WHOIS providers are using authentication at all?
[21:40:26] <richard.barnes.scribe> ning: most whois services don't have authentication, so no use case now
[21:40:27] <Scott Hollenbeck> Is Ed Lewis in the room? He had some questions about the current federated auth text in the security draft
[21:40:37] <olaf> I can start a skype conversation
[21:40:41] <richard.barnes.scribe> [scott: don't see him here
[21:40:42] <richard.barnes.scribe> ]
[21:40:44] <olaf> My skype ID is dacht.net
[21:40:47] <olaf> send me a request
[21:41:12] <richard.barnes.scribe> murray: certainly can't require fed auth, but if we prefer one for some reason, we might suggest it
[21:41:35] <richard.barnes.scribe> levine: agree we can't requirement, don't want to preclude it
[21:42:04] <richard.barnes.scribe> ning: so we should just consider the options?
[21:42:29] <richard.barnes.scribe> levine: don't really know what we need to do right now.  there are some precedents in what's done at icann today
[21:42:39] <richard.barnes.scribe> murray: what are they using today?
[21:42:52] <bje> audio feed is back
[21:43:05] <Scott Hollenbeck> Yay!
[21:43:07] <olaf> Thank Rich.
[21:43:11] <richard.barnes.scribe> levine: FTP login for zone file access, username/password that they distribute to registries
[21:43:21] <richard.barnes.scribe> [whew, my fingers are tired]
[21:43:22] Peter Koch joins the room
[21:43:38] <richard.barnes.scribe> slide: #2 Server Authentication
[21:43:39] <bje> thank you Richard,
[21:44:35] <bje> this is tied intimately to the bootstrap problem: the bootstrap should be secured, if necessary
[21:44:35] josephyee joins the room
[21:45:28] sm joins the room
[21:46:01] <resnick> I am carefully looking at the charter while watching this presentation. I am wondering...
[21:48:17] <sm> Ah, Federated
[21:48:27] marcos leaves the room
[21:50:13] <richard.barnes.scribe> also, hi byron!
[21:51:40] <Scott Hollenbeck> I'm not convinced that it's a problem.
[21:52:03] <Andy Newton> I agree. I'm not sure this is a problem. I think we need to defer this topic.
[21:53:27] <Scott Hollenbeck> Authorization? or authentication?
[21:54:10] <Scott Hollenbeck> OK, he said both words. was just wondering.
[21:54:26] linlin.zhou joins the room
[21:54:42] <richard.barnes.scribe> yeah, sorry for being a little ambiguous about that
[21:54:50] sm leaves the room
[21:55:24] <richard.barnes.scribe> slide: #3 Updated Authentication Approach
[21:55:30] <Scott Hollenbeck> fwiw httpauth also cites the "old" http authentication RFCs
[21:57:40] <Scott Hollenbeck> nodding
[21:58:07] <Andy Newton> What requirement is there for any RDAP server to do authenticated access? That's all a matter of policy.
[21:59:25] marcos.sanz joins the room
[22:01:43] john.levine leaves the room
[22:02:54] <richard.barnes.scribe> slide: #4 Data Integrity for Redirection Service
[22:03:09] <richard.barnes.scribe> Andy: did you want that on the mic?
[22:03:37] <Andy Newton> no
[22:04:44] john.levine joins the room
[22:05:26] <richard.barnes.scribe> slide: #5 Data Abuse on Searchable RDAP
[22:08:35] <Andy Newton> Can this be asked at the mic at the end of the preso: will the security draft provide guidance on the scrubbing of data in RDAP to prevent things like script tags from finding their way into RDAP data?
[22:08:59] <richard.barnes.scribe> mic?
[22:09:04] <richard.barnes.scribe> ok will do
[22:09:14] <Scott Hollenbeck> I think we should add that, yes
[22:09:16] <Andy Newton> Since a lot of Whois data today gets gatewayed on to web pages.
[22:10:36] <bje> andy: is that an error if a description contains "<strong>THIS IS IMPORTANT</strong>", or if a client displays that niavely?
[22:10:47] <bje> I would think scrubbing data is a presentation issue, not a server data issue
[22:10:58] <bje> if that's what you mean, hooray
[22:11:10] <bje> naively, not niavely
[22:11:10] <Andy Newton> I'm not talking about the embedding of malicious code into data
[22:11:15] <Scott Hollenbeck> so we provide security considerations text to make implementors aware of the issue
[22:11:32] <richard.barnes.scribe> little bobby tables http://xkcd.com/327/
[22:11:54] <bje> I understand <script> injection, but I think clients should deal with it (via security considerations) rather than a server data issue
[22:12:04] <richard.barnes.scribe> andy: did my commentary mis-characterize that?
[22:12:05] <bje> or bobby tables injection
[22:12:16] <Andy Newton> nope, you did a very good job richard. thanks
[22:12:17] <richard.barnes.scribe> steve sheng presenting on recent ICANN work
[22:12:22] <richard.barnes.scribe> slide: Goals
[22:13:48] markk joins the room
[22:18:31] john.levine leaves the room
[22:20:34] john.levine joins the room
[22:22:19] <Andy Newton> you can have multiple contacts, each with a separate lang tag
[22:26:05] <Andy Newton> we have a lang JSON attribute.
[22:26:07] <olaf> Thanks Andy... does that also go for other data in the response, and do you cluster?
[22:26:28] <Andy Newton> you can sprinkle it where you wish, just like with XML.
[22:26:35] <olaf> Just don't know exactly how that works, I should read spec ;-)
[22:26:38] <resnick> More to the point: Can you say, "This is another representation of the same contact" and not just "This is another contact"?
[22:26:50] <Andy Newton> so, yes to multiple contacts.
[22:27:01] <Andy Newton> Pete: yes, just use the same handle for both representations.
[22:27:16] <resnick> That's what I was looking for. Thanks.
[22:29:38] <bje> he can take his time, he's standing between me and heading off to the office!
[22:31:08] marcos.sanz leaves the room
[22:33:48] <Scott Hollenbeck> thank you!
[22:34:06] <Andy Newton> thanks everybody
[22:34:10] resnick leaves the room
[22:34:14] markk leaves the room
[22:34:16] yone leaves the room
[22:34:18] Scott Hollenbeck leaves the room
[22:34:19] Ning Kong leaves the room
[22:34:20] vincent.levigneron leaves the room
[22:34:24] olaf leaves the room: Computer went to sleep
[22:34:45] john.levine leaves the room
[22:34:48] linlin.zhou leaves the room
[22:35:46] Andrew Sullivan leaves the room
[22:36:20] bje leaves the room
[22:37:18] Peter Koch leaves the room
[22:41:30] richard.barnes.scribe leaves the room
[22:42:00] richard.barnes.scribe joins the room
[22:44:08] Andy Newton leaves the room
[22:48:01] richard.barnes.scribe leaves the room
[22:51:07] tony.l.hansen leaves the room
[22:54:46] josephyee leaves the room
[22:58:46] olaf joins the room
[23:00:22] olaf leaves the room: Computer went to sleep
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!