See also: IRC log
<tobie> Scribenick: tobie
<fjh> New WDs published for Accelerometer, Gyroscope, Magnetometer , https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0017.html
<fjh> TPAC F2F planning, please respond before 1 May, https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0014.html
anssik: there might be overlaps, but that's the best effort.
... if we find funding could fjh travel?
fjh: that would really help, however still need to understand if I can go
<fjh> github weekly summary 1 : https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0019.html
<fjh> github weekly summary 2: https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0020.html
<fjh> https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0021.html
<fjh> tobie: suggests F2F in Europe outside of TPAC
<fjh> ACTION: fjh discuss F2F alternatives/approach with dom [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action01]
<trackbot> Created ACTION-793 - Discuss f2f alternatives/approach with dom [on Frederick Hirsch - due 2017-04-27].
<fjh> Approve minutes from 6 April 2017
<fjh> https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/att-0013/minutes-2017-04-06.html
<fjh> proposed RESOLUTION: Minutes from 6 April 2017 are approved
RESOLUTION: Minutes from 6 April 2017 are approved
<fjh> CfC completed successfully https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0022.html
<fjh> ACTION: fjh to send transition request for Orientation Sensor specification and FPWD of Motion Explainer Note [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action02]
<trackbot> Created ACTION-794 - Send transition request for orientation sensor specification and fpwd of motion explainer note [on Frederick Hirsch - due 2017-04-27].
<fjh> CR transition request sent and approved, sent publication request.
fjh: transition request sent and approved; I also sent publication request
shalamov: was busy with other things. Will do next week
fjh: suggests fwd the message to the group
dom: request was for GH issue
fjh: suggests responding on the list first so the group is aware, noting that issues will be entered into GH
shalamov: what mailing list?
dom: public-webapps@
<fjh> ScribeNick: fjh
<tobie> fjh: github summary is super useful. Thanks dom et al.
<tobie> fjh: two questions - concern about security risks with low level APIs , though you make good argument in email; and permsissions approach
tobie: great that implementers are getting involved with permissions and security work
... have some stuff available in different places
<scribe> ... new threats keep emerging
tobie: want to first write a paper and discuss and use as basis for moving forward
... do not have shared understanding of goals, use cases and risks
... material is in various issues, which is why need to pull together; lost original draft
... discussions on new threats, issues, mechanisms, implementer notes
... re high level versus low level and security - put tighter permissions on low level APIs
... thus provide incentive for higher level APIs, e.g. fewer user prompts etc
... fingerprinting , eavesdropping using sensors etc - so many threats and many unexpected. Hard to explain to non-experts
... some sensor use cases need low level access, others might not (e.g. ambient light).
... different sensors have different use cases, threats and issues
... just starting, need to create shared goals
anssik: tobie will have F2F time with Lucasz next week
tobie: yes, good
<dom> +1 on "permission prompt" being a bad approach
<anssik> +1
tobie: prompting for permissions is bad
<dom> (but that's distinct from binding sensors to a permission system à la Permission API)
fjh: right, just train users to say yes to prompts
tobie: would like more conversations with Google implementers working on security
... on this topic
fjh: do we need a workshop?
... @dom does this sound like a W3C workshop?
tobie: mistake to assume magic number for security, like sensor frequency of 60Hz, need to understand use cases
fjh: propose workshop of security and permissions on sensors - focus might be good, ratther than generic F2F
dom: had a F2F similar to this in Paris
... in 2015?
fjh: might be worth doing again, first look at what the result of the earlier workshop was
<anssik> https://www.w3.org/2014/07/permissions/
dom: new workshop on new threats, new lessons, new work
fjh: +1
https://www.w3.org/2014/privacyws/
<dom> https://www.w3.org/2014/07/permissions/minutes.html
tobie: lacking work now on permissions API, not a priority
... concern
fjh: can make permissions a priority if we get interest and agreement on goals at workshop
tobie: issues arise, e.g. revocation of permissions, policy; there is a whole ecosystem of work to consider
<scribe> ACTION: fjh to review outcome of W3C Workshop on trust and permissions for web applications [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action03]
<trackbot> Created ACTION-795 - Review outcome of w3c workshop on trust and permissions for web applications [on Frederick Hirsch - due 2017-04-27].
dom: rough agreement on this?
<tobie> dom: I'll start conversation internally
fjh: think useful to consider this as part of the conversation of whether to have a F2F
dom: need to answer the question as to why another workshop and what is new
<dom> ACTION: Dom to look at potential for a permissions-oriented w3c meeting/workshop [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action04]
<trackbot> Created ACTION-796 - Look at potential for a permissions-oriented w3c meeting/workshop [on Dominique Hazaël-Massieux - due 2017-04-27].
<scribe> ACTION: tobie to provide a list of important questions and concerns that need answers - for which a workshop might help [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action05]
<trackbot> Created ACTION-797 - Provide a list of important questions and concerns that need answers - for which a workshop might help [on Tobie Langel - due 2017-04-27].
<anssik> https://w3c.github.io/permissions/
<scribe> ScribeNick: tobie
<anssik> https://github.com/w3c/permissions
fjh: wakelock API had an issue with secure context
dom: spec was re-written based on TAG feedback
... TAG was happy with proposed changes
... I saw old issue with secure context which needed to be revisited
fjh: seems like an issue we could easily fix
... should we ping Andrej?
... we'll just leave it in the minutes
<fjh> none
<fjh> Thanks everyone
<fjh> good call
<fjh> Note we discussed F2F issues with Dom on call so no need for follow up action
<fjh> ACTION-793: discussed during teleconference
<trackbot> Notes added to ACTION-793 Discuss f2f alternatives/approach with dom.
<fjh> close ACTION-793
<trackbot> Closed ACTION-793.