- From: Glenn Adams <glenn@skynav.com>
- Date: Thu, 13 Oct 2016 08:32:14 -0600
- To: Michael Dolan <mdolan@newtbt.com>
- Cc: W3C Public TTWG <public-tt@w3.org>
- Message-ID: <CACQ=j+fiDturGZe--cNkD8bi+kUPTe8se=-QxhVj7FqxTg1BUg@mail.gmail.com>
On Thu, Oct 13, 2016 at 7:59 AM, Michael Dolan <mdolan@newtbt.com> wrote: > Re 3.2: I don't know what "high value data" is in this context. When > talking to studios about their content the term is used to refer to pretty > much any content with >SD video. And, to the extent TTML2 is used for > captions/subtitles, they are pretty tightly protected by the content > authors under copyright, regardless of the video resolution. Maybe track > down a definition of the term? > > Re 3.6: <set> is arguably a (very specialized) script. > Because the animation vocabulary is declarative rather than procedural, it has generally been considered non-script (in SMIL, SVG, etc). > > Re 3.8: NO. > > Re 3.16: YES it does. See the media type registration which is an > integral part of it. > > Mike > > > -----Original Message----- > From: John Birch [mailto:John.Birch@screensystems.tv] > Sent: Thursday, October 13, 2016 1:49 AM > To: Thierry MICHEL <tmichel@w3.org>; W3C Public TTWG <public-tt@w3.org>; > Nigel Megitt <nigel.megitt@bbc.co.uk> > Subject: RE: TTML2 and questionnaire for Security and Privacy; for review. > > I would suggest that question 3.2 is somewhat ambiguous also... since the > value attributed to an instance of TTML 'data' (a timed text file) is an > attribution made by the user? > Some TTML files may contain 'valuable data' from a user's perspective > (e.g. they may represent significant work effort - or have associated > copyright). > Clearly, the TTML specification is not specifically targeted at 'high > value' data applications (it does not explicitly support encryption, for > example). > > BR, > John > > > John Birch | Strategic Partnerships Manager | Screen Main Line : +44 1473 > 831700 | Ext: 2208 | Direct Dial: +44 1473 834532 > Mobile: +44 7919 558380 | Fax : +44 1473 830078 > John.Birch@screensystems.tv > > Visit us at > Broadcast India, Bombay Exhibition Centre, Mumbai, 20-22 October Languages > and the Media, Radisson Blu Hotel, Berlin, 3-4 November NAB New York, > Javits Convention Centre, 9-10 November, Stand 1750 > > > > PBefore printing, think about the environment > > -----Original Message----- > From: Thierry MICHEL [mailto:tmichel@w3.org] > Sent: 13 October 2016 09:41 > To: W3C Public TTWG <public-tt@w3.org>; Nigel Megitt < > nigel.megitt@bbc.co.uk> > Subject: Re: TTML2 and questionnaire for Security and Privacy; for review. > > > Hi, > > Bellow are updated responses for review regarding TTML2, to answer the > Self-Review Questionnaire: Security and Privacy https://www.w3.org/TR/ > security-privacy-questionnaire/ > > I have incorporated Nigel's comments and the discussion during our last > telecon. > Let me know if you have any concern. > > Thierry > > ---------------------------------------- > > Questions to Consider: > 3.1 Does this specification deal with personally-identifiable information? > --> NO it doesn't. > > 3.2 Does this specification deal with high-value data? > --> NO it doesn't. > > 3.3 Does this specification introduce new state for an origin that > persists across browsing sessions? > --> NO it doesn't. > > 3.4 Does this specification expose persistent, cross-origin state to the > web? > --> NO it doesn't. > > 3.5 Does this specification expose any other data to an origin that it > doesn’t currently have access to? > --> NO it doesn't. > > 3.6 Does this specification enable new script execution/loading mechanisms? > --> This question as worded is ambiguous to us; is it only about script > loading and script execution ? > In our case, a TTML2 document in which a change in the value of an > externally passed in parameter or a media query (for example) may cause a > modification of behavior, and this may lead to the loading of external > resources including audio, images etc, though excluding scripts. We do not > consider "condition" mechanism to be a scripting language. > TTML2 allows loading of resources, just not scripts, and has fetch > semantics by the introduction of external resource loading. It also allows > the addition of links on spans that can have hyperlinks. > > 3.7 Does this specification allow an origin access to a user’s location? > --> NO it doesn't. > > 3.8 Does this specification allow an origin access to sensors on a user’s > device? > 3.9 Does this specification allow an origin access to aspects of a user’s > local computing environment? > --> NO it doesn't. > > 3.10 Does this specification allow an origin access to other devices? > --> NO it doesn't. > > 3.11 Does this specification allow an origin some measure of control over > a user agent’s native UI? > --> NO it doesn't. > > 3.12 Does this specification expose temporary identifiers to the web? > --> NO it doesn't. > > 3.13 Does this specification distinguish between behavior in first-party > and third-party contexts? > --> NO it doesn't. > > 3.14 How should this specification work in the context of a user agent’s > "incognito" mode? > --> This specification has no impact on any incognito mode since the > answer to all the questions about exposing details to origins are "No". > > 3.15 Does this specification persist data to a user’s local device? > --> User agents may choose to cache referenced external resources; this > implementation detail is not covered by this specification and the > specification makes no explicit requirement for caching or non-caching of > any external resource. > > 3.16 Does this specification have a "Security Considerations" and "Privacy > Considerations" section? > --> NO it doesn't. > > 3.17 Does this specification allow downgrading default security > characteristics? > --> NO it doesn't. > > -------------------------------------------- > > > > > > > > > > > > > > > > > This message may contain confidential and/or privileged information. If > you are not the intended recipient you must not use, copy, disclose or take > any action based on this message or any information herein. If you have > received this message in error, please advise the sender immediately by > reply e-mail and delete this message. Thank you for your cooperation. > Screen Subtitling Systems Ltd. Registered in England No. 2596832. > Registered Office: The Old Rectory, Claydon Church Lane, Claydon, Ipswich, > Suffolk, IP6 0EQ > > >
Received on Thursday, 13 October 2016 14:33:07 UTC