Re: Privacy and security

Hi Igarashi-san, Francois and all,

I think Igarashi-san's generated text is kind of similar
to the security description within the NFC CG's Charter
as well:
[[
The APIs will be designed to permit execution in the Web browser
context, using the security model of the Web. The very short range of
NFC devices requires users to make a conscious decision to put one of
the devices into the appropriate mode and to bring the devices
physically together, and this should enable a simpler security model
that minimizes the need for applications to ask for explicit user
permission. The need for direct user involvement under circumstances
will need to be explored.
]]

I think skimming the above text would be useful, because there is
detailed description on security expectation within the NFC CG's
Charter at:
 https://w3c.github.io/web-nfc/charter/
including the above excerpt.

Regarding Igarashi-san's last sentence, I kind of agree with Francois
and think maybe we could include the last sentence:
[[
Also, User Agents are responsible for providing users with a secure
way to browse the web,including any functionality of TV services.
]]
in the expected spec itself rather than the Charter because the above
text is not really related to the expected WG's "Scope".

However, I don't have strong preference and would see the other
participants' opinions :)

Thanks,

Kazuyuki


On Tue, Dec 15, 2015 at 12:33 PM, Igarashi, Tatsuya <
Tatsuya.Igarashi@jp.sony.com> wrote:

> Thanks, Francois.
>
> >>Also, User Agents are responsible for providing users with a secure way
> to browse the web,including any functionality of TV services.
> >
> >I did not include that last sentence because it sounds very generic. Is
> there a specific point >that you would like to raise here that is not
> already covered by the previous part of the >paragraph? It can certainly be
> included, it just seems to go without saying that user agents >will ensure
> that the user may safely browse the web.
>
> I think that that last sentence is important because it describes the
> requirement specific to this API where most of tuner functions has
> dependency on TV services from 3rd parties. We should take care of such
> security requirement.
>
> Actually, it is derived from the following sentence in the EME draft. I
> suggest to keep the last sentence. I also welcome any improve.
>
> " User Agents are responsible for providing users with a secure way to
> browse the web, including any functionality, such as CDMs, from third
> parties".
>
> The sentence including "2nd level of conformance" may be unnecessary. I
> think that the previous sentences cover the privacy and security
> considerations on this API.
>
> Thank you.
>
> -***---***---***---***---***---***---***---***---***--***---***---***-
> Tatsuya Igarashi (Tatsuya.Igarashi@jp.sony.com)
> Innovative Technology Development Div, System R&D Group
> Sony Corporation
>
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: Francois Daoust [mailto:fd@w3.org]
> Sent: Tuesday, December 15, 2015 12:40 AM
> To: Igarashi, Tatsuya; public-tvapi@w3.org
> Subject: Re: Privacy and security
>
> Hi Igarashi-san,
>
> On 14/12/2015 03:32, Igarashi, Tatsuya wrote:
> > Hi,Folks,
> >
> > I considered the "Privacy and Security" issue.
> >
> > I suggest to meet the usual requirements of the Web runtime, in
> particular, as the Encrypted Media Extensions (EME) [1]. That is, only a
> secure-origin web page is allowed to control tuners by specifying a license
> key to control the tuner of services.
> >
> > I propose to include the following description in the charter.
> >
> > The API layer will meet the usual requirements of the Web
> runtime,including privacy and security requirements. Specifically, the user
> must always be in control of privacy-sensitive information that may be
> conveyed through the APIs, such as the rendering of tuner output, channel
> configurations.
>
> Great! This text looks good to me. I included this text in the latest
> version of the draft charter so that you and others can review it in situ:
> http://w3c.github.io/charter-drafts/tvcontrol-2015.html
>
>
>
> >Also, User Agents are responsible for providing users with a secure way
> to browse the web,including any functionality of TV services.
>
> I did not include that last sentence because it sounds very generic. Is
> there a specific point that you would like to raise here that is not
> already covered by the previous part of the paragraph? It can certainly be
> included, it just seems to go without saying that user agents will ensure
> that the user may safely browse the web.
>
>
> Thanks,
> Francois.
>
> >
> > Thank you.
> >
> > [1] Encrypted Media Extensions: http://www.w3.org/TR/encrypted-media/
> >
> > -***---***---***---***---***---***---***---***---***--***---***---***-
> > Tatsuya Igarashi (Tatsuya.Igarashi@jp.sony.com) Innovative Technology
> > Development Div, System R&D Group Sony Corporation
> >
> >
>



-- 
Kaz Ashimura, W3C Staff Contact for Auto, WoT, TV, MMI and Geo
Tel: +81 3 3516 2504

Received on Tuesday, 15 December 2015 05:14:09 UTC