W3C home > Mailing lists > Public > public-secondscreen@w3.org > May 2015

Re: [presentation-api] Allow page to turn itself into a presentation session

From: François Daoust via GitHub <sysbot+gh@w3.org>
Date: Thu, 28 May 2015 16:45:14 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-106478813-1432831514-sysbot+gh@w3.org>
I took an action to investigate possible spec adjustments that would 
be needed for that issue, if any. In the end, I do not think that 
there needs to be any normative adjustment to the spec to enable the 
use case if we drop the `presentationId` from `startSession` as agreed
 as part of the discussion on issue #39 (Resumption of multiple 
sessions).

When a user loads a Web page on a user agent that can act as a 
presenting user agent, the user agent may automatically allow external
 devices to connect to that Web page using the Presentation API. The 
Web page may ignore all incoming messages if it does not want to 
become a presenting page, otherwise it can listen to the 
`sessionavailable` event on `navigator.presentation` to be notified 
when an external user agent connects to it, as agreed to resolve issue
 #19 (Specify behavior when multiple controlling pages are connected 
to the session).

As noted in a previous comment, for the user agent to be able to turn 
a Web page into a presentation session, the Web page would already 
need to run in the right private browsing mode.

In summary, to resolve the issue, I would propose to:

1. add a statement along the lines of "A presenting user agent MAY 
expose any Web page it loads in a private browsing context as a 
presenting browsing context" to make it clear that this is an 
acceptable behavior; and
2. complete the spec with informative guidelines on the implications 
of what "exposing" may entail when we have a clearer picture.

I'm using "private browsing context" here to mean the restricted 
context that the spec is likely going to mandate on presenting user 
agents.

There is one privacy question that remains but it also applies to the 
multiple controlling pages case: how can an external user agent know 
that there is a presentation session running on the presenting user 
agent for that URL? Will the presenting user agent advertise the URL 
on the local network for instance?

The charter notes that the mechanism by which other user agents become
 authorized is out of scope. As with security considerations, we may 
still need to write implementation guidelines once we have practical 
experience on the topic to ensure that implementers understand 
possible implications.

@mfoltzgoogle, @avayvod: Who can tell which URL is currently loaded in
 Chromecast? Everyone on the local network? Only paired devices?



-- 
GitHub Notif of comment by tidoust
See 
https://github.com/w3c/presentation-api/issues/32#issuecomment-106478813
Received on Thursday, 28 May 2015 16:45:19 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 28 May 2015 16:45:19 UTC