- From: Igarashi, Tatsuya <Tatsuya.Igarashi@jp.sony.com>
- Date: Wed, 16 Dec 2015 01:55:02 +0000
- To: "HU, BIN" <bh526r@att.com>, François Daoust <fd@w3.org>, Kazuyuki Ashimura <ashimura@w3.org>
- CC: "public-tvapi@w3.org" <public-tvapi@w3.org>
- Message-ID: <5943E58877A60A46898393C0DA7C0BF829C4A9@JPYOKXMS125.jp.sony.com>
Hi Bin, Previously, I had the same concern on security as yours . However, the proposed sentence could cover the case of "more a complete list of features that are more specific to tuner-centric devices". To access the web, the same security requirements as EME should apply to this API. the user must be able to browse Web content, including any tuner functionality related to TV/radio services provided by third parties, in a secure way. As Francois said, it would be hard to agree on generic 2nd level of conformance to access the web. In addition, an implementer could apply a 2nd level of conformance to this API for a specific environment. Thank you. -***---***---***---***---***---***---***---***---***--***---***---***- Tatsuya Igarashi (Tatsuya.Igarashi@jp.sony.com<mailto:Tatsuya.Igarashi@jp.sony.com>) Innovative Technology Development Div, System R&D Group Sony Corporation -----Original Message----- From: HU, BIN [mailto:bh526r@att.com] Sent: Wednesday, December 16, 2015 4:07 AM To: François Daoust; Igarashi, Tatsuya; Kazuyuki Ashimura Cc: public-tvapi@w3.org Subject: RE: Privacy and security Igarashi-san, Francois, Kaz, Thank you very much for the discussion, and it is very productive and constructive. All look good. Thinking it over, I feel that we may still not exclude the second level of conformance completely out of scope. This is because we may not have a complete list of features that are more specific to tuner-centric devices. And those features are still evolving at business side for end users. So I would propose that we still leave the sentence of second level of conformance in scope, but in a softer tune as follows: "In the event that some features may prove more specific to tuner-centric devices (TV and radio sets typically) and need to be exposed by API, the Working Group may consider a second level of conformance if using usual web runtime model entails more work and/or adds additional complexity to address security/privacy issues for those features. " Basically we leave the door open so that we can address those features that may not be thought of at this moment, but later appears important during the course of work. Thank you Bin -----Original Message----- From: François Daoust [mailto:fd@w3.org] Sent: Tuesday, December 15, 2015 7:29 AM To: Igarashi, Tatsuya <Tatsuya.Igarashi@jp.sony.com<mailto:Tatsuya.Igarashi@jp.sony.com>>; Kazuyuki Ashimura <ashimura@w3.org<mailto:ashimura@w3.org>> Cc: public-tvapi@w3.org<mailto:public-tvapi@w3.org> Subject: Re: Privacy and security Hi Igarashi-san, Le 15/12/2015 07:34, Igarashi, Tatsuya a écrit : > > Hi, > > How about this paragraph about Privacy & Security requirements ? > > The API layer will meet the usual requirements of the Web runtime, > including privacy and security requirements. Specifically, the user > must always be in control of privacy-sensitive information that may be > conveyed through the APIs, such as the rendering of tuner output, or > channel configurations. In addition, the user must be able to browse > the web in secure way, including any functionality of tuners related > to TV services from third parties. > Thanks for the clarification. Now I understand the specific point that you wanted to make. Given the specific context, it seems a good idea to be explicit. I included the suggested text in the latest draft charter. I took the liberty to re-order words, hopefully so that the sentence reads even better. I also followed your suggestion to drop the possibility to define a second level of conformance from the draft charter (and dropped the liaison with the Auto WG which I had added in the meantime and which was motivated by the need to discuss a different runtime): https://github.com/w3c/charter-drafts/commit/059563afd15a7587988f01b72e2bdd11dbd6c27c Dropping this second level altogether may entail more work to address security/privacy issues for some of the features exposed by the API. I would say it is a good thing otherwise, be it only because it would avoid having to agree on what the second runtime could look like, something that has proven hard to achieve in the SysApps WG for instance. I invite interested parties to evaluate this possibility and provide feedback on this specific update, as needed: https://w3c.github.io/web-nfc/charter/ Francois.
Received on Wednesday, 16 December 2015 01:55:59 UTC