Re: [discovery-api] Consolidated comments and questions from Norifumi Kikkawa on 2013-02-12 (public-device-apis@w3.org from February 2013)

From: Norifumi Kikkawa <Norifumi.Kikkawa@jp.sony.com>
Date: Tue, 12 Feb 2013 17:01:14 +0900
To: "Cathy.Chan@nokia.com" <Cathy.Chan@nokia.com>
Cc: "richt@opera.com" <richt@opera.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>
Message-Id: <20130212170114.3B33.846B5FC5@jp.sony.com>

On Fri, 8 Feb 2013 06:27:57 +0900
"Cathy.Chan@nokia.com" <Cathy.Chan@nokia.com> wrote:

> > -----Original Message-----
> > From: ext Norifumi Kikkawa [mailto:Norifumi.Kikkawa@jp.sony.com]
> > Sent: Wednesday, February 06, 2013 4:05 AM

> > Regarding cross-domain access, I have a concern on prohibiting access other
> > than that to the port used in the controlUrl.
> > IMO, one of the big goal of NSD is to intract with existing UPnP products
> > without modifying them. These products do use various communication
> > addition to SOAP. For example, DLNA uses HTTP Streaming and it doesn't
> > mandate the tcp port for streaming must be the same as that for SOAP.
> 
> 
> To make matters worse, a DLNA media server can also list content that is 
> hosted on third-party content providers, in which case it would be impossible 
> to grant cross-domain access. I don't think this is a problem that NSD would 
> be able to solve (nor is it its job to solve).

Agree. 
 
> > Under user permission, any access should be allowed to the permitted
> > device in the local network, I think.
> 
> The problem here is that this would open up the device way more than 
> necessary/expected by the user. This *might* be fine for a standalone UPnP 
> device, but absolutely not for e.g. a software media server running on a PC. 
> Granting the web app access to the software media server MUST NOT open it up 
> to telnet or ftp  or any other access to the same PC!

Yes, the problem is that we don't have a clear way to identify resources/ports
the granted web app will use since home network application uses various
communication protocols, assuming HTTP, RTSP Streaming or vendor 
specific ones.  The device description can tell some of them, but not all. 

I agree that third party contents may not be its job to solve now.
However, at least the typical DLNA usecases, namely, watching contents
with home network device (pull/push), should be realized to make this
API useful. Need some mechanism to grant access . I also hope better
idea than "Allowing anything if granted"...

Thanks,
Kikkawa
 
> - Cathy.
> 
> >
> > Thanks,
> > Kikkawa
> >

--------------------------------------------------------------
 Norifumi Kikkawa <Norifumi.Kikkawa@jp.sony.com>
  Sec.1  Dept. No.2
  Cloud Technology Development Div.
  COR&D Sony Corporation
 (TEL) +81 50 3750 3953 
--------------------------------------------------------------

Received on Tuesday, 12 February 2013 08:01:46 UTC