Re: Minutes from Pointer Events WG call 4 September 2019

Patrick: we don't have an actual meeting planned for TPAC (as I also
won't be able to make it this time), but if people who are already there
and want to have a semi-formal skype call or something, let me/the list know
It would be great to have a semi-formal discussion during TPAC. In the mean time I asked for a slot for Webapps WG on Thursday to discuss st least https://github.com/w3c/pointerevents/issues/204. I believe, we have some other issues to discuss as well (pen-action and highlight events<https://github.com/MicrosoftEdge/MSEdgeExplainers/labels/Highlight%20API>)

Besides Patrick, who would be available during TPAC and what days and times work best to have this meeting?

Thanks,

-Grisha


Sent from Outlook<http://aka.ms/weboutlook>

________________________________
From: Patrick H. Lauke <redux@splintered.co.uk>
Sent: Wednesday, September 4, 2019 8:35 AM
To: public-pointer-events@w3.org <public-pointer-events@w3.org>
Cc: Daniel Libby <dlibby@microsoft.com>
Subject: Minutes from Pointer Events WG call 4 September 2019

Dear all,

minutes from today's call available on
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2F2019%2F09%2F04-pointerevents-minutes.html&amp;data=02%7C01%7CGrisha..Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380207404&amp;sdata=VQl0U8pA4oyV7SbwWXIp%2ByZCTwW%2BBFKN6VpEETTSpuo%3D&amp;reserved=0 and posted below

(btw Daniel let me know if you've already been added to the
public-pointer-events mailing list, github, etc - otherwise, I'll chase
that up for you)

PEWG
04 Sep 2019
Attendees
Present
patrick_h_lauke, NavidZ
Regrets
Chair
patrick_h_lauke
Scribe
patrick_h_lauke
Contents
Topics
Summary of Action Items
Summary of Resolutions

<scribe> Scribe: patrick_h_lauke

Navid: had a task to define pointer capture scope

<NavidZ_> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fpointerevents%2Fpull%2F300&amp;data=02%7C01%7CGrisha.Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380207404&amp;sdata=5%2F7De63n2RTX7DQbh4lRJ64Fvk%2F%2BsVNnMAK8NXoLB70%3D&amp;reserved=0

<NavidZ_> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fpointerevents%2Fissues%2F16&amp;data=02%7C01%7CGrisha.Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380207404&amp;sdata=z6%2F7g4T6suH0CqZ15tCMbqTuY9h%2Bk9eBFVcGd61xfAY%3D&amp;reserved=0

limits only work on a document. there was an old issue about security
risk if not restricted in iframes

maybe we should always limit to sandboxed iframes

recently we decided to just live with this and see if use cases come up,
and that's what latest PR does

matches chrome behavior, and olli was ok with it as well

if inner iframe sends pointerID, can outer frame/parent capture it

<NavidZ_> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fpointerevents%2Fissues%2F291&amp;data=02%7C01%7CGrisha.Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380207404&amp;sdata=4fLlr8NwC2T2ZWc23o%2FlvvzmQ7QfH5mivoW9PceXfDQ%3D&amp;reserved=0

will send request on mailing list to see if we agree on resolution of
latest pull request

<NavidZ_> Next topic:

<NavidZ_> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fpointerevents%2Fissues%2F204&amp;data=02%7C01%7CGrisha.Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380207404&amp;sdata=c45ufVG2zf9jJkiabbQJYDTBh3MRzpdzxl9EsZUmsgs%3D&amp;reserved=0

Daniel: this came out of research in platform stuff on windows. OS
actually can do better job of rendering pointer trail etc, so provide
metadata on what app has drawn and leave it up to OS to do rest

no concrete proposal, but wanted to get sense from cross-platform
perspective

Navid: question also how much we can support this feature across platforms

also comes down to amount of metadata - e.g. do we pass on what pressure
is, or what the line thickness/radius should be

Daniel: should be some kind of transform/radius of the size of the tip.
OS can also match end of trail to more seamless ink stroke...

Navid: wonder if we can enough exposure so last piece of trail is not so
far away from the coords that were globbed by the app itself (?)

Daniel: being able to determine support, apps can opt in/out

more like a graceful degradation approach. what would support look like
on other platforms? does it match how other platforms support inking at
OS level? early stages/ideas

you can see this with Windows native OneNote app, depending on which
brushes are used

Navid: looking forward to something more concrete, but if you see
reduced latency we may have interest

Daniel: will do more prototyping, hopefully something to share at TPAC

Navid: one update regarding an issue...

<NavidZ_> Next topic:

<NavidZ_> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fpointerevents%2Fissues%2F100&amp;data=02%7C01%7CGrisha.Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380207404&amp;sdata=JQQHrnPenbbZ%2FLjEqTnm8zidBznbd%2FuuEuZdAb9A5Ao%3D&amp;reserved=0

prototyped something that can be tested behind flag

not fully compatible because coords are promoted from integer to float

landed a change behind a flag, going to discuss this with UIEvents/web
apps WG at TPAC

Navid: regarding merging extension document merging: touch-action move
done, still work to be done to more the coalesced/raw stuff

will work on those and send PR addressing most of those

one aspect to consider is privacy. raw/coalesced only to secure origins

security person in Google pointed out this exposes specific device
capabilities/properties

can fingerprint device of the user (e.g. 1000 Hz mouse)

maybe not quite a permission model, but only to secure origin

are there any other APIs that follow this?

Daniel: think it makes sense

not sure if i've seen secure origin for privacy reasons

Navid: permission model may be too hard to specify, but at least secure
origin mitigates man in the middle attacks etc

Daniel: i have seen it with paint worklet and animation worklet

Navid: will check if there's some wording or similar that we can use

Patrick: we already have some language in spec about user agents also
allowing user to stop certain info from being exposed at the user's
request. worth using same for this here too

I will check on our side what we have, and it's worth expanding to cover
coalesced/raw even more strongly. And secure origin only is a
mitigation, but won't help if you as user don't actually want a site to
track you (secure origin or not)

[mention of calls, AOB, TPAC]

Patrick: we don't have an actual meeting planned for TPAC (as I also
won't be able to make it this time), but if people who are already there
and want to have a semi-formal skype call or something, let me/the list know

(as an aside, just checked PE spec, and we have wording around user
agents MAY consider allowing users to turn things off in
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw3c.github.io%2Fpointerevents%2F%23security-and-privacy-considerations&amp;data=02%7C01%7CGrisha.Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380207404&amp;sdata=NdBwBC4Z%2FA63NGGPj1bJEOMNy5QDwHdUljP%2FMzRg58o%3D&amp;reserved=0)

--
Patrick H. Lauke

https://nam06.safelinks.protection.outlook.com/?url=www.splintered.co.uk&amp;data=02%7C01%7CGrisha.Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380207404&amp;sdata=iSqp5d%2FjOZ3trN6rtA6IPJ%2BQO7QTEeSpHgynvPFv%2BsM%3D&amp;reserved=0 | https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fpatrickhlauke&amp;data=02%7C01%7CGrisha.Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380207404&amp;sdata=7yKVABh6MsqEq6cK4PRt%2FAwA4QlrNhEXFw%2FQ8E4%2FL1E%3D&amp;reserved=0
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflickr.com%2Fphotos%2Fredux%2F&amp;data=02%7C01%7CGrisha.Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380207404&amp;sdata=1ncs82RbKK1ipgZ7tWHB93Zdvu7BqOf7fYZBkpT2uOY%3D&amp;reserved=0 | https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fredux.deviantart.com&amp;data=02%7C01%7CGrisha.Lyukshin%40microsoft.com%7Cb0a1ae550ff9434958af08d7314d8868%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032081380217400&amp;sdata=oBdhdj%2BgDPslMnKKrHVJcNRvsev%2BF6r2IEJOa8c%2BdXg%3D&amp;reserved=0
twitter: @patrick_h_lauke | skype: patrick_h_lauke

Received on Wednesday, 11 September 2019 01:13:11 UTC