- From: Igarashi, Tatsuya <Tatsuya.Igarashi@jp.sony.com>
- Date: Tue, 15 Dec 2015 06:34:10 +0000
- To: Kazuyuki Ashimura <ashimura@w3.org>
- CC: Francois Daoust <fd@w3.org>, "public-tvapi@w3.org" <public-tvapi@w3.org>
- Message-ID: <5943E58877A60A46898393C0DA7C0BF829A24B@JPYOKXMS125.jp.sony.com>
Hi, How about this paragraph about Privacy & Security requirements ? The API layer will meet the usual requirements of the Web runtime, including privacy and security requirements. Specifically, the user must always be in control of privacy-sensitive information that may be conveyed through the APIs, such as the rendering of tuner output, or channel configurations. In addition, the user must be able to browse the web in secure way, including any functionality of tuners related to TV services from third parties. Thank you. -***---***---***---***---***---***---***---***---***--***---***---***- Tatsuya Igarashi (Tatsuya.Igarashi@jp.sony.com<mailto:Tatsuya.Igarashi@jp.sony.com>) Innovative Technology Development Div, System R&D Group Sony Corporation From: Kazuyuki Ashimura [mailto:ashimura@w3.org] Sent: Tuesday, December 15, 2015 2:13 PM To: Igarashi, Tatsuya Cc: Francois Daoust; public-tvapi@w3.org Subject: Re: Privacy and security Hi Igarashi-san, Francois and all, I think Igarashi-san's generated text is kind of similar to the security description within the NFC CG's Charter as well: [[ The APIs will be designed to permit execution in the Web browser context, using the security model of the Web. The very short range of NFC devices requires users to make a conscious decision to put one of the devices into the appropriate mode and to bring the devices physically together, and this should enable a simpler security model that minimizes the need for applications to ask for explicit user permission. The need for direct user involvement under circumstances will need to be explored. ]] I think skimming the above text would be useful, because there is detailed description on security expectation within the NFC CG's Charter at: https://w3c.github.io/web-nfc/charter/ including the above excerpt. Regarding Igarashi-san's last sentence, I kind of agree with Francois and think maybe we could include the last sentence: [[ Also, User Agents are responsible for providing users with a secure way to browse the web,including any functionality of TV services. ]] in the expected spec itself rather than the Charter because the above text is not really related to the expected WG's "Scope". However, I don't have strong preference and would see the other participants' opinions :) Thanks, Kazuyuki On Tue, Dec 15, 2015 at 12:33 PM, Igarashi, Tatsuya <Tatsuya.Igarashi@jp.sony.com<mailto:Tatsuya.Igarashi@jp.sony.com>> wrote: Thanks, Francois. >>Also, User Agents are responsible for providing users with a secure way to browse the web,including any functionality of TV services. > >I did not include that last sentence because it sounds very generic. Is there a specific point >that you would like to raise here that is not already covered by the previous part of the >paragraph? It can certainly be included, it just seems to go without saying that user agents >will ensure that the user may safely browse the web. I think that that last sentence is important because it describes the requirement specific to this API where most of tuner functions has dependency on TV services from 3rd parties. We should take care of such security requirement. Actually, it is derived from the following sentence in the EME draft. I suggest to keep the last sentence. I also welcome any improve. " User Agents are responsible for providing users with a secure way to browse the web, including any functionality, such as CDMs, from third parties". The sentence including "2nd level of conformance" may be unnecessary. I think that the previous sentences cover the privacy and security considerations on this API. Thank you. -***---***---***---***---***---***---***---***---***--***---***---***- Tatsuya Igarashi (Tatsuya.Igarashi@jp.sony.com<mailto:Tatsuya.Igarashi@jp.sony.com>) Innovative Technology Development Div, System R&D Group Sony Corporation -----Original Message----- From: Francois Daoust [mailto:fd@w3.org<mailto:fd@w3.org>] Sent: Tuesday, December 15, 2015 12:40 AM To: Igarashi, Tatsuya; public-tvapi@w3.org<mailto:public-tvapi@w3.org> Subject: Re: Privacy and security Hi Igarashi-san, On 14/12/2015 03:32, Igarashi, Tatsuya wrote: > Hi,Folks, > > I considered the "Privacy and Security" issue. > > I suggest to meet the usual requirements of the Web runtime, in particular, as the Encrypted Media Extensions (EME) [1]. That is, only a secure-origin web page is allowed to control tuners by specifying a license key to control the tuner of services. > > I propose to include the following description in the charter. > > The API layer will meet the usual requirements of the Web runtime,including privacy and security requirements. Specifically, the user must always be in control of privacy-sensitive information that may be conveyed through the APIs, such as the rendering of tuner output, channel configurations. Great! This text looks good to me. I included this text in the latest version of the draft charter so that you and others can review it in situ: http://w3c.github.io/charter-drafts/tvcontrol-2015.html >Also, User Agents are responsible for providing users with a secure way to browse the web,including any functionality of TV services. I did not include that last sentence because it sounds very generic. Is there a specific point that you would like to raise here that is not already covered by the previous part of the paragraph? It can certainly be included, it just seems to go without saying that user agents will ensure that the user may safely browse the web. Thanks, Francois. > > Thank you. > > [1] Encrypted Media Extensions: http://www.w3.org/TR/encrypted-media/ > > -***---***---***---***---***---***---***---***---***--***---***---***- > Tatsuya Igarashi (Tatsuya.Igarashi@jp.sony.com<mailto:Tatsuya.Igarashi@jp.sony.com>) Innovative Technology > Development Div, System R&D Group Sony Corporation > > -- Kaz Ashimura, W3C Staff Contact for Auto, WoT, TV, MMI and Geo Tel: +81 3 3516 2504
Received on Tuesday, 15 December 2015 06:34:52 UTC