- From: Francois Daoust <fd@w3.org>
- Date: Tue, 8 Mar 2016 18:07:00 +0100
- To: <public-tvapi@w3.org>
The minutes of today's call are available at: https://www.w3.org/2016/03/08-tvapi-minutes.html ... and copied as raw text below. Thanks, Francois. ----- TV Control API CG call 08 Mar 2016 See also: [2]IRC log [2] http://www.w3.org/2016/03/08-tvapi-irc Attendees Present Kaz, Francois, Chris, Igarashi_san, Ryan, Sung_Hei, Bin, Paul Chair Bin Scribe Chris, Francois Contents * [3]Topics 1. [4]Review of action items * [5]Summary of Action Items * [6]Summary of Resolutions __________________________________________________________ Review of action items Bin: The draft WG charter is still out for AC review Bin: so we'll wait for the outcome of the review ... We had a good discussion last time, thanks Chris and Ryan ... There are 3 actions from last time Bin: reviewed automotive work and security work ... don't think we need changes to the draft ... maybe we can ask Ryan about the latest status of the automotive group ryan: my update on the media tuner or the automotive in general? cpn: security work specifically Kaz: The automotive security TF has been working on use cases and requirements in a google doc ... Also work on some basic architecture since the TPAC meeting ... There was some detailed discussion at the Paris meeting, with Genivi <kaz> [7]auto minutes - Mar. 3 [7] https://www.w3.org/2016/03/03-auto-minutes.html Kaz: We recently have another security expert, from New Sky Security, which should accelerate the security discussion <kaz> [8]security wiki [8] https://www.w3.org/auto/security/wiki/ASP_TF Bin: We should continue to contact with this expert and see how their security model could apply to our use case ... So, we could leave this action open, as we haven't identified the impact on our spec yet ... And maybe Kaz can help get in contact with the automotive TF ... You could also join the security TF call Chris: I think there are other good W3C resources. There's a fingerprinting guidance document, security questionnaire, and priviledged Context document ... All very useful input. ... It seems useful to go through each of our API features and evaluate them against these documents. ... E.g. the ability to scan/list channels, to schedule recordings, etc. ... Each of these areas may have different level of impacts. ... I noticed in the NFC CG that they produced a report on security and privacy considerations. <cpn> [9]http://w3c.github.io/web-nfc/security-privacy.html -- NFC report [9] http://w3c.github.io/web-nfc/security-privacy.html Chris: The Permissions API is interesting for us. It allows the user to allow or deny a particular API. ... I don't know if that's the right model for us, or if we need something different for that. <kaz> [10]auto tpac minutes [10] https://www.w3.org/2015/10/26-27-auto-minutes.html Chris: Something I heard from the Automotive meeting at TPAC: two possible runtimes, regular Web runtime and Web-view runtime with the possibility to deliver a signed package. ... In some other specification that I've looked at, the Generic Sensors API just says that some reading should be only available to secure contexts. <cpn> The draft on github: [11]https://w3c.github.io/sensors/ [11] https://w3c.github.io/sensors/ <cpn> [12]https://w3c.github.io/fingerprinting-guidance/ [12] https://w3c.github.io/fingerprinting-guidance/ <cpn> [13]https://www.w3.org/TR/permissions/ -- permissions API [13] https://www.w3.org/TR/permissions/ <cpn> [14]https://www.w3.org/TR/powerful-features/ -- privileged contexts [14] https://www.w3.org/TR/powerful-features/ Chris: This all relates to some of the requirements we may have around the visibility of EPG metadata ... Do we allow arbitrary Web pages to have access to EPG data? Or is it something that we may want to constrain to certain restricted contexts. ... There may be business incentive to restrict access. ... It's not just the end-user privacy, also need to consider the content provider's side as well. Bin: Right, it's still a debatting point in most of these markets. <cpn> Kaz: On the previous aotomotive call there was some discussion, what should the destination device should this be? Kaz: In the Automotive API, the discussion is also about the destination server for the EPG data. Is it localhost? ... Some server-based URL? ... The security depends on the destination as well Bin: I guess there are no answers yet. ... So one of the areas to investigate is full/restricted access to EPG data. Kaz: The NFC CG started similar kinds of discussions, the result is great. Bin: I propose to leave these action items open and create two additional action items <scribe> ACTION: Kaz to get in touch with security experts in the Automotive group [recorded in [15]http://www.w3.org/2016/03/08-tvapi-minutes.html#action01] [15] http://www.w3.org/2016/03/08-tvapi-minutes.html#action01] <trackbot> Error creating an ACTION: data field(s) missing from result. Please mail <sysreq@w3.org> with details about what happened. <scribe> ACTION: Bin to draft a Wiki page listing high-level requirements related to restricted access to EPG metadata for the sake of security. [recorded in [16]http://www.w3.org/2016/03/08-tvapi-minutes.html#action02] [16] http://www.w3.org/2016/03/08-tvapi-minutes.html#action02] <trackbot> Error creating an ACTION: data field(s) missing from result. Please mail <sysreq@w3.org> with details about what happened. Chris: Should we do that on the Wiki, or create a report using ReSpec? ... I'm just looking at the NFC group and they published this as a CG report. Bin: Right, that's a final report, but I'm more interested to collect requirements here. ... Once we have done that, we may decide whether to publish a report. Ryan: [shows the automotive tuner use cases] ... All of these pertain to the media tuner API. The functional owner shows who has the information that's needed in each case ... Some of these have multiple owners, e.g., for the parental lock there's both Web Application and Infotainment Systsm ... That was the premise behind the functional owner ... All the system functions listed here should all be present in the media tuner API ... Based on what's needed in current applications today ... I'm currently reformatting the media tuner web page into the correct format, also to make it more self explanatory ... I want to create a draft, to put the pieces together Bin: I have a question about the functional owner. If the owner is the Infotainment System, is it that the functionality needs to be addressed by the API? Ryan: Not really, all of these need addressing by the API, the owner shows more in which direction the information flows ... For example, the Login function is really for the Web Application's use Bin: I agree, so all of these need API support, so the question is whether they are defined by us, or somewhere else Ryan: Yes Kaz: Is the google spreadsheet public? If so we should put it in the minutes <rdavis> [17]https://docs.google.com/a/pandora.com/spreadsheets/d/1yEZVI qgtxp-HgW3dZx9qnUzwOLgGmzmkGO-pF7m8noc/edit?usp=sharing [17] https://docs.google.com/a/pandora.com/spreadsheets/d/1yEZVIqgtxp-HgW3dZx9qnUzwOLgGmzmkGO-pF7m8noc/edit?usp=sharing Bin: There's another column for the mapping between the media API and the TV control API Ryan: Yes, I'll be doing that Bin: Thanks Ryan for the great work <scribe> ACTION: Ryan to continue use case mapping between the automotive media API and the TV Control API, and start to put together a draft [recorded in [18]http://www.w3.org/2016/03/08-tvapi-minutes.html#action03] [18] http://www.w3.org/2016/03/08-tvapi-minutes.html#action03] <trackbot> Error creating an ACTION: data field(s) missing from result. Please mail <sysreq@w3.org> with details about what happened. Bin: That completes the review of active items. Is there anything new in terms of Phase 2 contributions? ... Once Ryan has completed the mapping, there may be some gaps, so we can consider those in our requirements ... Is there any other business? Kaz: Please ask your AC reps to respond to the WG charter review <kaz> (positively :) Bin: Anything else? ... Thank you all for your contributions, and we'll speak on the next call in 4 weeks [adjourned] Summary of Action Items [NEW] ACTION: Bin to draft a Wiki page listing high-level requirements related to restricted access to EPG metadata for the sake of security. [recorded in [19]http://www.w3.org/2016/03/08-tvapi-minutes.html#action02] [NEW] ACTION: Kaz to get in touch with security experts in the Automotive group [recorded in [20]http://www.w3.org/2016/03/08-tvapi-minutes.html#action01] [NEW] ACTION: Ryan to continue use case mapping between the automotive media API and the TV Control API, and start to put together a draft [recorded in [21]http://www.w3.org/2016/03/08-tvapi-minutes.html#action03] [19] http://www.w3.org/2016/03/08-tvapi-minutes.html#action02 [20] http://www.w3.org/2016/03/08-tvapi-minutes.html#action01 [21] http://www.w3.org/2016/03/08-tvapi-minutes.html#action03 Summary of Resolutions [End of minutes]
Received on Tuesday, 8 March 2016 17:07:18 UTC