[minutes] F2F meeting Feb 1st

Hi,

The draft minutes of our 1/2 F2F meeting in Mountain View on February
1st are available at:
http://www.w3.org/2012/02/01-webrtc-minutes.html

and copied as text below. Please send corrections as you find errors.

When the chairs send the list of resulting action items to the list,
I'll probably integrate them in the minutes.

Dom


            Web Real-Time Communications Working Group F2F

01 Feb 2012

   [2]Agenda

      [2] http://www.w3.org/2011/04/webrtc/wiki/February_1_2012

   See also: [3]IRC log

      [3] http://www.w3.org/2012/02/01-webrtc-irc

Attendees

   Present
   Regrets
   Chair
          Stefan, Harald

   Scribe
          anant, derf, dom

Contents

     * [4]Topics
         1. [5]publish new WD
         2. [6]Incoming Notifications by Dan Druta
         3. [7]JSEP
         4. [8]Capabilities API and fingerprinting
         5. [9]Data Stream API
     * [10]Summary of Action Items
     _________________________________________________________

publish new WD

   stefanh: the first draft is continuously updates, are there any
   objections to publishing the current version of the ED as a WD?

   no objections noted

   harald: we should push a new version of the WD when we have JSEP
   documented in the editor's draft

Incoming Notifications by Dan Druta

   <Ted_Hardie> Just as a reminder for those used to WEBRTC methods,
   all the decisions from the RTCWEB meeting will need to be confirmed
   on the list.

   DanD: there was an informal discussion around notifications at TPAC,
   following which I sent out a paper to the mailing list detailing the
   problem
   ... the main idea with this is to allow unsolicited notifications
   for incoming connection requests in WebRTC clients
   ... To make notifications available without user visible UI, and in
   a variety of different clients(and browsers)
   ... Presenting 2 use cases. 1) Bob uses Ringo's webrtc service on a
   mobile phone, calls alice and leaves a voice mail; Alice calls Bob
   later (and Bob, on a different webrtc-enabled client is able to
   receive it via a notification)

   2nd use on slide, missed the transcription

   DanD: Factors to consider while designing a notification system:
   multiple connection on battery constrained devices, web development
   effort to use them should be minimal, webapps working group has an
   API for server-sent events which could be extended
   ... discussing client scenarios. simplest one in which the user is
   available, online with the app in front (easy). second one is which
   the user is online and available but the app is in the background
   ... third one is when the user is available, but the app is closed.
   by available, it means the user has expressed an intent to receive
   incoming notificaions

   <anant_> 2nd option is to use an existing solution, not particularly
   preferable by members in the past

   3rd option is to define a notifications spec and define a basic
   structure for notifications

   DanD: proposal is to register a URI scheme or data format (MIME) and
   associate the browser as the handler
   ... Create an API to parse this notification structure and for
   applications to attach themselves to certain notification events
   ... proposal was also sent to the webapps WG, members are requested
   to read it
   ... Could we implement the API as headless browser? No, because you
   would need to create a new browser for every notification service
   and it doesn't tie it well to the PeerConnection API
   ... Can we use sendMessage so that it isn't tied to the browser

   opening up for questions

   juberti: we have an asynchronous channel via websockets, signaling
   is an application provider issue. what are we trying to solve here?

   DanD: Websocket solutions assume that the browser is running, not
   applicable to devices where the app is not running

   juberti: there are already solutions to run web pages in the
   background, why not use that?

   DanD: but those assume that the app is running on the client, which
   may not be true, especially on mobile?

   juberti: it's what desktop clients do

   DanD: Each individual connection on mobile costs battery

   stefanh: you suggested that the incoming notification should be
   connected to the PeerConnection, should it not tie in to other parts
   of the API?

   Cullen: I think the most important part about this is aggregating
   connections, we can copy the iOS model by making one connection to
   each aggregation source which pushes down blobs from the app
   (signed) and use webintents model to then dispatch them to apps.
   this allows flexibility in allowing apps to register themselves for
   particular intents

   Adam: is this a webrtc problem or is this is a problem in general?
   ... Chat applications could use something like this too
   ... this feels a bit like the JavaME push registry

   DanD: if we look at the two use cases there is definitely a gap
   regarding notification
   ... the keyword in the proposal is connection-less push, there are
   ways today to achieve this in efficient manners
   ... there still has to be a way for user A to notify user B that
   they are available
   ... the problem space is larger, webrtc is a subset that can benefit
   and is the primary beneficiary of notifications

   juberti: I agree with Adam that there are many other applications
   that can use this and agree with Cullen that we can use many of the
   existing solutions for this
   ... I don't understand why we are in the business of defining a
   notification service, when there are already ways for apps to do
   this using existing technology
   ... contents of the notification should be a blob, structure need
   not be defined

   DanD: defining the specific structure doesn't mean it has to be a
   laborious one
   ... it's the gluing piece that's most important

   ???: I agree this is a generic problem of how to allow webapps to
   use a generic notification service, what is the level of
   standardization that we can achieve? most existing system are
   proprietary anyway

   DanD: I agree that this is a broader scope problem, but it also can
   be focused on particular requirements
   ... That's one of the reasons I was looking into what the specific
   structure we need
   ... is there a benefit of sending the offer blob, something to
   consider

   ???: existing systems let you push blobs around, we don't need to
   specify what exactly the structure is, it could be application
   specific

   DanD: what are the elements that are neccesary, and having a
   consistent behavior for what happens when someone is calling me
   would be nice to standardize

   Ashish: can we handle the use-case where I want to get a
   notification from mom, doesn't matter what provider, some way of
   establishing an identity; only ring if she calls

   stefanh: this group's core competence is not that; DanD: to my
   understanding, no

   Adam: if you are running the webapp on your phone there has to be
   some level of trust

   ekr: It is reasonable to have a system dispatch events to an app,
   and you have app-level permissions

   juberti: do we know what the status is on bryan sullivan's proposal
   on sms events?

   DanD: it was submitted at the last TPAC, do not know what the status
   is

   juberti: it seems like that's the kind of place to work out this
   problem

   <rillian> hey, look at all the people

   DanD: I was trying to recommend in the paper is to use webrtc use
   cases to accelerate that work, and if there are any specific
   elements of that spec to be captured (if need be)
   ... let's piggy back on that proposal, do we need to do anything
   specific? and support that work in webapps WG

   harald: conclusion from the chairs: there is generic work that needs
   to be done which is done elsewhere in the w3c, and we need to link
   there when it is done

   cullen: that work is about sms, harald: no sms is just one channel
   ... is the aggregation part being done elsewhere in the w3c?

   harald: we will continue to monitor and figure stuff out

JSEP

   harald: we had a pretty clear decision at the IETF that the next
   version of the API draft be based on JSEP

   ted: decisions at the IETF required confirmation on the mailing list

   harald: we also need confirmation at w3c whether we accept IETF's
   recommendation or not

   cullen: if we are moving away from 3264, myself and matthew kaufman
   have an alternative proposal that we would like to bring up

   adam: do we have a recommendation for API? or is it a protocol?

   harald: speaking as myself, we should sit down tomorrow and modify
   the spec, and experiment to see if it works

   adam: is it necessary to put it in the spec to see if it works out?

   juberti: things don't get implemented in chrome unless they are in a
   written spec that we can point at. we would like to see if jsep
   works, working build of chrome by Paris

   harald: roap could be implemented without changes to webkit API,
   jsep is not like that

   derf: one of the things that the current API lacks (that roap
   brought clarity to) is the state machine from 3264, helps browser
   implementers figure out. JSEP as currently specced lacks a lot of
   those things, and I would like to see that fleshing out done before
   it is added to the draft

   juberti: I would also like that fleshing out!
   ... that will occur between now & paris but it doesn't need to block
   inclusion in spec
   ... given the benefit of getting implementation experience, still
   worth doing

   cullen: did not suggest that jsep not be iterated on and
   experimented in code, but we also have alternative proposals which
   need to be considered

   stefanh: for larger changes to spec we need a consensus, I would
   like to see jsep fleshed out before inclusion

   <burn> anant: does spec need to be in w3c for it to be in chrome?

   <stefanh> anant: is there a req that the spec in w3c space or not
   (for the webkit people)

   <stefanh> justin: don't know really

   juberti: what do we gain by that instead of just reving the ED?

   dom: I don't have a strong opinion on this, but there is a fair
   amount of work to put it in the editor's draft

   juberti: we've already thrown away a lot of implementation in chrome
   already, additional proposal become available; but we should try
   what we have now and was recommended yesterday and move forward

   dom: you're right but we don't have consensus on what the API looks
   like
   ... editor's draft must also look like what the group has consented
   to

   cullen: I do not get why having this text in the ED is important,
   other than just having a document for implementors to look at
   ... it's very difficult to evaluate if the spec is incomplete, what
   happens when setLocalDescription is called?

   harald: how much time do you need for the alternative proposals?

   cullen: lesser time than what it took for JSEP to form since the
   last interim (-3 weeks for Christmas!)
   ... we shouldn't rule out a whole class of proposals based on that
   ... it will be healthy to explore the range of possibilities

   harald: im looking for a drop-date by which if we have no
   alternative proposals that we go forward with implementing JSEP

   harald; we don't want to be in a situation like in december where we
   couldn't do anything while waiting for a proposal

   tim: my fear (for putting the API in the spec) is that it's easy to
   put the API calls themselves but specifying the behavior is hard and
   will end up being whatever chrome implements

   <burn> anant: need to have implementation first to demonstrate that
   it works. We need multiple implementations before we put into the
   draft.

   <burn> anant: when we put it in a document it does not have to be
   the ED

   juberti: the original version of the spec was something that didn't
   work, and that's why we had to make ROAP

   cullen: matter of taste, how big things are before moving to the
   draft. there are exceptions to the spec but the history of the spec
   is that it was from the WhatWG

   ted: one of the things i've heard in terms of this spec is that we
   want to get implementation experience, it would be nice to show what
   particular use cases an implementation tackles

   Mathieu: comment on JSEP/ROAP - IETF/W3C. I think they are an
   evolution for SDP and I think the IETF should define how the data
   flows but the W3C is defining the API there is overlap which is
   causing this debate

   harald: a lot of the back and forth is exactly that process, I don't
   see any clear answer

   Christer: we have made decision yesterday to move away from 3264,
   but isn't JSEP just an extension to offer/answer? independent of
   whether it's O/A there's a question of whether it's actually SDP
   that we used to define the paramters

   <Ted_Hardie> Speaker is Christer

   harald: trying to get to some degree of conclusion. clearly we have
   some amount of work to do on the current jsep spec, we have to find
   a timeline for other proposals and criteria by which we judge
   whether they are better/worse than JSEP
   ... take it to the list! we'll get implementations and try it out
   somehow

   looking at code samples for jsep

   <dom> [11]Code samples for JSEP/ROAP

     [11]
http://lists.w3.org/Archives/Public/public-webrtc/2012Jan/0093.html

   <jesup> If later on we a chance to discuss congestion interaction
   apis, this is the document to use:
   [12]http://lists.w3.org/Archives/Public/public-webrtc/2012Feb/0000.h
   tml

     [12]
http://lists.w3.org/Archives/Public/public-webrtc/2012Feb/0000.html

   <stefanh> discussion on getUserMedia vs. HW reservation of camera

   <stefanh> what happens if several tabs have right to use camera, and
   suddenly many wants to use it

   <dom> [13]Permissions for Device API Access Editors draft

     [13] http://dev.w3.org/2009/dap/api-perms/

   <dom> sorry, I meant:

   <dom> [14]Feature Permissions "This document defines APIs for web
   pages to request permission to use privileged user agent features. "

     [14] http://dev.w3.org/2009/dap/perms/FeaturePermissions.html

   <adambe> jesup: That would be the same as if the page in the iframe
   was loaded in a separate window

   <adambe> eric: The default should be that the app manipulate the
   media

   <adambe> eric: An app would get a "gold star" if it didn't
   manipulate media

   <adambe> cullen: I think the default should be "no access", the app
   knows whether it will need to access the stream or not

   <adambe> cullen: The app can decide

   <adambe> cullen (via an API)

   <adambe> eric: we should do work on securing local access to media

   <adambe> jesup: that's it

   <derf> dom, yes.

   <derf> burn: There has been some interesting discussion on
   capabilities.

   <dom> ScribeNick: derf

Capabilities API and fingerprinting

   burn: We actually decided that rather than talking about specifics,
   we'd talk about higher level topics and give people an opporunity to
   comment.
   ... We pulled together e-mail topics for people to comment on.
   ... Proposals on WebRTC, RTCWeb, Media Capture lists about
   capabilities.

   <dom> [15]Addressing fingerprinting issues @ mozilla

     [15] https://wiki.mozilla.org/Fingerprinting

   burn: I'm not presenting answers, presenting questions so we get a
   lot more opporunity for discussion.
   ... The questions are, what do we actually need from a user
   interface standpoint?
   ... We're going to talk about fingerprinting.
   ... What APIs do we actually need?
   ... The key topics are what do we need for user interface reasons?
   ... And to reach consensus on the user privacy issues.
   ... I believe that the reason people want capabilities is for user
   interfaces.
   ... There are really two categories of user inteface needs:
   ... 1) For the app author to know what can be used (is there a
   camera? what resolution can it produce?)
   ... If you're trying to do remote surgery, you might not want a
   low-resolution video.
   ... 2) The other category is to show the user what is available or
   not available.

   <dom> (not wanting low-resolution is different from detecting it in
   advance)

   burn: These are different: for the first category you might want
   more detail than the second.
   ... You may only need to show the user whether or not there is a
   camera, but an application may want to know if the camera can do
   face recognition, etc.
   ... First question, are these really needed?

   fluffy: Question about your question: when do we need these
   capabilities?

   burn: First we should decide if we need them at all.

   ekr: As a strawman, I believe we don't need capabilities at all.

   fluffy: I believe for some of the applications I want, I want to
   know if I'm getting video from the front or back video camera.
   ... Let's just say my application only ran on devices with two
   cameras, front and back.
   ... Matthew Kaufman has brought up this example many times: you may
   very regularly have a workstation in front of you with three
   monitors with three webcams, and only one of those is the right one.

   anant: Taking what current web applications do today is probably not
   the best, but for the second point, what is actually available is
   very transient.
   ... So for example, the best model is to try to do what you want,
   and fail if the resources aren't available.
   ... For example, Skype will let you try to start a call with no
   camera, and start a configuration wizard.

   Ted_Hardie: I totally disagree.
   ... Presence systems are a great example. Not only do I want to know
   what I have, I want to know what the other guy has.
   ... Let's face it, there are applications out there that people do
   where you might actually select people to talk to based on their
   current capabilities.
   ... One of the things that came up was the dating up. I might be
   more willing to talk to someone on a dating site if I can see they
   have a video camera and it's not just typing back and forth.
   ... But I do think that we have to be kind of careful about what we
   think we mean.
   ... There is a difference between the capabilities of the system in
   which the browser finds itself, and those that will be available at
   application instantiation.
   ... There needs to be a way to tell what the system capapbilities
   are even if they're not currently available.
   ... I may gray out my camera icon if it's being used by another
   application as a real-time event, but I still need to know that a
   camera is present.
   ... When I think of capabilities, I think of what's available on the
   system, and not what's currently availalb.e
   ... The question of what are the free resrouces is a different
   question.

   ???: I would love to see description of the output devices,
   speakers, headphones, so you can give feedback about echo problems.

   anant: One of the points you made is that capabilities is different
   from what's available, but how would you deal with a webcam that's
   unplugged?
   ... Are you suggesting the need for events of some sort, so that
   browsers can be notified when capabilities change?
   ... Here's the thing, the class of applications that need that level
   of detail are the ones that will want to munge around in SDP.
   ... There are actually two classes of things that we're trying to do
   today.
   ... There are web pages and webapps.
   ... For example, I think it's aboslutely silly to tell Facebook that
   they can't tell how many cameras you have. They already know
   everything about you.
   ... While I agree that capabilities are important for building
   applications, the class of applications that need that is very, very
   small.
   ... Mozilla and others are working on web applications as a distinct
   idea, that can be installed just like installing a native
   application.

   ddruta: I think you need the actual availability of resources.

   Ted_Hardie: Three unrelated points:
   ... 1) Whether or not the class of applications that care about this
   and the class of application that munges SDP really depends on the
   level of munging.
   ... The class of application that needs to know how many m-lines you
   need is different from the kind that wants to know the details of
   every single codec you support.
   ... 2) I would be very surprised if people thought navigating to the
   pokerstars website was the same experience of installing a
   pokerstars app.
   ... 3) The perfect is the enemy of the good. If a guy plugs a camera
   in, and then needs to manually referesh the page for it to show up,
   before we get a pub-sub system for events.

   <dom> (getting hardware events is not something difficult by any
   measure)

   Ted_Hardie: It's great if it figures this out on its own, but it's
   not a great shock to a user if he needs to tell the page about it.
   ... ekr: I've got a situation with 3 monitors and cameras. I say
   give me a video stream, and it gives me the wrong one. What behavior
   to you proscribe for the user to get the right camera?

   anant: The proposal that we have is for the user interface to be
   able to switch between cameras is something that the browser chrome
   provides.

   juberti: Speaking as someone who develops an application that does
   want to have its fingers in everything, Hangouts probably needs
   about 1 byte of information.
   ... A bit for the camera, a bit for the microphone, and some notion
   of a preferred device.
   ... I think anant's suggestion that the browser provides the UI for
   switching cameras is fine.

   burn: It seems to me that this won't scale.
   ... If you have a lot of devices, it seems to me trying to put this
   in the chrome...

   anant: I think it's exactly the right place. On a Mac, you have a
   system control panel that tells you what the default camera is.

   juberti: Even on Windows 7, there's no notion of a default camera.

   anant: Why do you think the browser is not the place to switch
   between cameras?

   burn: If you only need one camera and one microphone, then it's
   probably fine.

   juberti: I want to make a telepresence system in a box... with three
   monitors and three cameras, and that doesn't work if you can only
   have one camera at a time.

   burn: Right, the browser isn't the place to decide any arbitrary
   mapping of devices, so you can decide which camera is camera 1,
   which camera is camera 2, etc.

   anant: We could come up with another API so the browser decides
   which camera shows up in a preview in a given location of the
   screen.
   ... We want the ability to lie.
   ... Even if I do have a web cam, I may just want to stream an AVI
   file.

   burn: It puts it completely under user control, what stream is being
   provided. Interesting.

   juberti: I really like the idea of having this in the chrome
   somewhere, because it's going to be static.
   ... Even in the telepresence scenario, the need to pick the cameras
   is going to be fairly low.

   adambe: In the current proposal there is a textbox for selecting a
   file, in order not to lock people out of applications that require
   video.
   ... Another thing is, I think a quite common way to interact with
   this chrome dialog is you go to a page, it acquires your media
   devices, you get a UI in the chrome, and it shows a preview and VU
   meters for your microphones, and you see the camera you want is not
   connected, you plug it in, and it pops up....
   ... I don't know, if you need events, and if you plug in a camera
   and suddenly something happens, I think that may be scary for users.

   juberti: What applications do we see working well with a
   pre-recorded video file?

   adambe: Like a chat application, I could just loop something.

   juberti: I'm not compelled by this argument.

   anant: I disagree. We should absolutely let people loop files if
   they want to.

   juberti: I think having capabilities bits that are meaningless...

   anant: Maybe we rename them "has webcam" instead of "has video"...

   juberti: We keep bringing up the case of plugging in a camera to go
   make a call, and I think that's an antiquated notion and very much
   an edge case.

   ???: If we come up with an API that says "has audio", when we get to
   smell-o-vision, we're going to be screwed.

   fluffy: I want to address two different things.
   ... 1) W.R.T. pluggin in webcams going away...
   ... My laptop has an incredible thin camera, but on the wall back
   there is one with a lot of glass.
   ... I think as we move to HD, people are going to want to use
   devices that provide a lot higher quality.
   ... 2) I think that when you're talking about a device with a small
   amount of screen real-estate, but you have an application that wants
   to easily be able to switch between front & back...
   ... I don't see how we're going to get browser chrome that doesn't
   use up a lot of screen real-estate, but still lets you easily
   switch.

   burn: There's a lot of things happening on PCs right now, but we do
   need to make sure it works for small, mobile devices.

   ???: I think two bits of information for capabilities is too
   restrictive.

   ???: If I have three cameras and I want to write an app that picks
   the best one, am I going to have to come to the W3C to get a new
   spec for that?

   jlennox: For the plugging in the device thing... the use case I
   think of is, I see who's calling, and I realize I don't want the
   person in the cube next to me overhearing what they're saying, and I
   plug in a headset.
   ... The other thing is for the multiple cameras, I'll probably be
   using them both in the same browser, even if it's not the same app.

   anant: The whole fundamental of the web is that APIs are simple, so
   that JS does not have to worry about what camera is the best. The
   browser is in a much better position to make this decision.

   ???: You're saying to me that the only thing I can do is write for
   the lowest common denominator.

   anant: Why do you think, if there are three cameras, the browser
   isn't going to provide you the best one?

   ???: What if I want to do some 3D thing?

   jlennox: For front and back there is no best, it depends on what
   you're doing.

   jesup: There's some other issues involving capabilities. Talking
   about the login issue for Google+. What happesn when you're logged
   into 3 devices on your Google ID, and one of them has a camera, one
   of them has a mic, and one of them has both.

   juberti: So the whole point of having capabilities is to give the
   user some idea that they're going to have a good experience.
   ... If you fork the call and it goes to one device that has a
   camera, and one doesn't, that's probably okay.
   ... It's not perfect, but for example Google routes the call to the
   device that actually has the camera.
   ... It's not perfect, but it's goal is to give the user less
   frustration.

   jesup: My point is that as you have more of these devices on your
   hip, they'll always show the ability to do voice and video, even if
   you're at your desktop which has neither.

   hta: So, channeling Jim Gettys, of all people, I think we're talking
   about what is the best camera... I think, anant, that I totally
   disagree with you.
   ... Because if I want to answer my phone, the default video I might
   want is an image that kept just to my face that doesn't show that I
   didn't put on my pants, that comes from a room security camera that
   was slightly processed before it get there.
   ... Which links multiple applications, some of which run in a
   browser and some which do not.
   ... The single capability bit of, "Do I have video?" is needed.
   ... But the richness of what lies behind that answer should not be
   underestimated.

   ekr: I'm glad I'm not writing these things, but I think the choices
   are, you want a small list of do I have a camera, do I have a mic,
   or I want everything that the hardware can possibly tell me about
   the device.

   dom: For any feature, you can make up a use case for it.
   ... The real question is what do we lose if we give more
   information?

   burn: I think the answer [to do we need capabilities] is a very
   strong yes, but there is the question of what level we need.

   ???: By my count we have one of five boxes to fill in: some, all, or
   none, properties: no, and properties: yes. And if it's "none",
   properties doesn't make sense.

   burn: I think the answer to this is that it is worth discussing
   capabilities. Because there's enough use cases that it's worth
   having the discussion.

   anant: I think we can eliminate the none option.

   burn: I think you were the only one who would have said none, so if
   you're saying that, then I agree with that.

   dom: I might say the none option does appeal to me, until I get a
   better picture of the risk.
   ... Two bits of information is not a lot, but two bits are bits.
   ... 0 bits in terms of privacy is better than 2 bits.

   fluffy: I think "having video" is a lot more than 1 bit.
   ... If you look at the exact time that I plug in my camera and
   remove my camera, that is likely to be very unique across a large
   collection of devices.

   burn: I would just ask, since this is not the IETF, if you're
   prepared to formally object to more than 0 bits?

   dom: Certainly not.

   hta: I would say you have less than half an hour left.

   burn: This is the second of the major topics.
   ... Of the things we'll need to think about later is, what is the
   relationship between capabilties and hints?
   ... And what is the complexity of that, do you need two bits? do you
   need more than that?
   ... I put a quote on here: "Every additional bit of user
   distinguishing information brings us closer to personal
   identification by sites."
   ... The key question is what level and quanitity of capabilities
   information can be shared?
   ... In general it would be nice to know what level and quantity of
   information, but we might want to consider if that depends on the
   state of the call?
   ... Is this before the call is accepted, whether any media streams
   have been requested, after the call has been accepted?
   ... And what are the kinds of permissions associated with this?

   ekr: As always we have to start with a threat model. I assume the
   concern here is the creation of a super-cookie?

   burn: Yes, without you saying who you are, they figure out who you
   are.

   ekr: The way the browser is strucutred now, there is ample
   opportunity to do this.
   ... I think that implies operating in multiple modes. If you try to
   turn off cookies now, the web doesn't work. If you only turn off
   3rd-party cookies, it barely works.

   <dom> (I'm browsing with 3rd-party cookies off without that much
   trouble, actually)

   ekr: Unless the user has already expressed they're willing to
   undergo some pain and suffering to avoid creating a super-cookie...
   ... If the guy's running Tor, then I'm all excited about ways to
   prevent fingerprinting, but otherwise I think give them all the
   capabilities they want.

   <dom> [16]Panopticlick

     [16] https://panopticlick.eff.org/

   anant: I want to mention a site called Panopticlick run by the EFF.
   ... When I visited it, I had 21 bits of identifying information.
   Give the number of people today, you only need 33 to uniquely
   identify individuals.
   ... So every bit we add gets us that much closer to allowing ad
   networks uniquely identifying who you are without any collusion.

   burn: When I said a cookie tells them who you are, I meant they can
   distinguish you from anyone else who's visited your site.

   anant: The threat that we're trying to tackle is you exposing enough
   entropy that they can uniquely identify you without sharing
   information with other websites.

   ekr: Let's stipulate the browser generates a 128-bit random number
   at initialization time and sends that to every website in the
   universe.
   ... So that allows every site to see that you've visited them over
   and over again.
   ... And it allows them, in coordination, to figure out that the same
   person has visited multiple sites.

   anant: The risk we're trying to protect against is the guy who finds
   that you are the only person who bought Smell-o-Vision from this
   Walmart, which means they can tell who you are without coorindate
   with any other site.

   ???: I don't see these as bits that are unique. Audio and video are
   so prevalent, they don't provide much value.

   ???: Let's say there's some guy who has 16 cameras attached to his
   system, that's not 16 bits.

   anant: It's bits of entropy. For example, looking at the ordering
   information that fonts are returned, you can figure out what
   sub-version of the operating system they're using.
   ... Audio and video may not be two bits, but each time you add more
   information you're getting closer to 33 bits.

   juberti: Is this 21 bits counting the user agent or not?

   anant: Yes.

   juberti: Can't you already get the OS version, browser version from
   the UA already?

   jlennox: Panopticlick claims that I'm the only person who visited
   their site with my list of plugins.

   burn: Yeah, some of their results seem unlikely.

   fluffy: Yeah, I took a brand new Apple with nothing installed and
   that showed up as unique.
   ... But you look at what they actually check, and it's like whoa...

   anant: When you're actively telling the site who you are, none of
   this is relevant.
   ... When you go to Facebook and log in with your real name, there's
   no harm at all.
   ... If there's some way in which we can tie in... that's one way we
   can elevate privileges for a site. Another way is installing an app,
   but just clicking on a URL should not expose this information.

   ???: This seems like an entirely generic threat to me, and I don't
   see why WebRTC feels the need to take on this threat by itself.

   dom: WebRTC is not the only group facing this issue.
   ... It has come up in the Device APIs WG and the WebApps WG as well.
   ... I guess the thing is that everyone is quite worried about it,
   and there's no general solution that is available today.
   ... One piece though is that we might be uniquely identifiable by
   Facebook without wanting to tell them that you own 10 monitors, etc.
   ... I don't think we can simply ignore it, even if we as a group...
   we'd be very likely to get last call comments on this, but even
   before that from implementors...
   ... That doesn't mean we shouldn't play with capabilities and
   identity, but I don't think we can just ignore this problem and hope
   for the best.

   ???: This slide could be, I assume, in almost any working group, if
   you put a different verb in there.

   ???2: I'm totally all for privacy, but saying that you have a
   browser mode that turns off capabilities... is there a problem with
   that?

   anant: There is a problem with that. In our experience with Mozilla,
   preferences do not matter.
   ... Default preferences matter. 98% of users don't change any knob.
   ... Firefox is totally extensible, so there'll be a knob to turn it
   off, but we're discussing what the default is.

   ???2: People who care about privacy will turn it off.

   anant: Ordinary people don't understand the issues of privacy. So
   it's our responsibility as technical people to make reasonable
   decisions for them.
   ... Setting sane defaults for the general population is what we're
   trying to do here.

   jlennox: Fingerprinting is not the only leakage we have to worry
   about here.
   ... Someone mentioned wanting to know whether or not the camera was
   currently in use...
   ... That seems like a serious information leakage if someone could
   tell when I was on a phone call.
   ... Even if it's not fingerprinting, it's still behavioral tracking.

   burn: So you mean if you have two websites open, while you're using
   the camera on one, the other one knows you're using it.
   ... Would you be okay with having a setting in the browser that
   disables that?

   jlennox: I don't change preference either.

   Matthieu: I would be worried about going to Facebook and them having
   the exact model of camera I have so they can better serve me ads.
   ... I do want applications that are allowed to get information that
   is useful to them, but there is probably a trade-off there.

   burn: I don't know a technology yet that says only use my
   information for what I want you to use it for.

   jesup: There is also the political website example... if someone can
   use that information to figure out who you are, your browser can be
   very dangerous to you.

   burn: People who understand that their life might be in jeopardy,
   are they likely to change their defaults?

   jesup: They won't even understand why that's an issue.

   hkaplan: If you go to a sight like light-reading or related message
   boards... at work I'm not allowed to post at sites like that, so of
   course I use a pseudonym.
   ... I know to click the button that flushes my cookies, clears my
   cache...
   ... But I don't want them to know that I'm the same person that logs
   in as both Hadriel Kaplan and Stalker.
   ... But as for the site that gets my information in order to better
   target ads... that's a feature!

   burn: As for the items on the slide, I don't think we've even
   addressed half of them.
   ... I don't think we have a clear consensus.

   anant: I have a proposal: I think we should expose the minimum
   amount of information needed to implement something as complex as
   Google hangout.
   ... It sounds like we need the audio bit and the video bit and an
   API to allow the user to flip between sources in Chrome.

   burn: I like the idea of picking an app or set of applications, but
   whether Google Hangouts should be the reference...

   juberti: I'm okay with that choice.
   ... When you're talking about APIs, are you talking about internal
   browser APIs, or...?

   anant: No, not even APIs, but internal browser settings.

   juberti: I agree with anant's proposal.

Data Streams API

   burn: We're moving on. Obviously there's a lot more to discuss.
   ... So we'll continue the discussion on the mailing list, and on the
   conference calls as well.

   <dom> [17]WebRTC Data Streams slides

     [17]
http://www.w3.org/2011/04/webrtc/wiki/File:WebRTCDataStreamsIETF82.5.pdf

   <dom> ScribeNick: dom

   Justin: Randell talked about the wire format for data streams
   yesterday
   ... it raises questions about the requirements
   ... the core problem we're trying to solve today is to allow to send
   data for low-latency/high bandwidth needs
   ... we want support for multiple channels
   ... [details use cases from slides]

   ???: there is also a requirement around in-order / not-ordered

   <JonathanLennox> JonathanLennox was me

   justin: [details changes since last draft]
   ... unidirectional data streams make it much easier to deal with
   multiparty use cases

   ???: re unidirectional for multicast, if you want to build a full
   mesh, the number of streams will have to go up with the number of
   participants

   scribe: so that makes it somewhat more complicated since you have to
   deal with adding/removing streams

   justin: we already do that for mediastreams
   ... [datastream design slide]
   ... due to unreliability and unidirectional, we don't have full
   fidelity with websockets
   ... but the closer we stick to them, the better
   ... [datastream and mediastream slide]
   ... to avoid duplicating APIs, and given their commonality, I'm
   proposing a basestream class
   ... only addStream need to be specialized
   ... ["changes to peerconneciton" slide]

   Adam: addDataStream() need to return a DataStream object

   Stefan: since DataStreams are unidirectional, you need @@@

   Justin: [DataStream API]
   ... there is currently no bit to distinguish in-order/not-in-order

   Eric: I assume the streams are in a single SCTP connection

   Justin: yes
   ... Is there a max number of channels in a single association?

   Magnus: in the order of the 64K, so probably not a pb

   Justing: [DataStream API slide]
   ... MTU is set in maxMessageSize
   ... [Basic Flow slide]
   ... [Full Example slide]

   Magnus: the mime type needs to come after the protocol (?)
   ... in the SDP example

   Harald: why have you picked on signalling these channels, instead of
   relying on channel events from the implementation

   Justin: will that you give you the label? The reliability?

   Harald: it will tell you the channel number

   Justin: I have another slide on signalling vs non-signalling
   ... [multiparty example slide]
   ... [open issues]
   ... we've had the discussion on the list for a simple method as
   proposed by Stefan
   ... Want to get sure that the group agrees we need the more complex
   API
   ... ["CC" stands for congestion control]

   ???: on congestion control, I think it would be a dramatic mistake
   to use bandwidth to signal packet drops

   Justin: getting feedback on the congestion control state can help
   adjust it

   Randell: feedback on available bandwidth can be used to make a
   number of adjustments
   ... but not sure about feedback on specific packet drop
   ... but feedback on congestion control in general seems useful

   Magnus: I don't think leaky buckets is a good model for this
   ... what matters is the current state being acked by the other side

   Spencer: I wouldn't mind talking about the congestion control stuff
   ... application-level congestion control is really hard
   ... I would encourage to think hard about how much applications
   should be doing

   Magnus: the only thing you can do is to try to adapt to the
   congestion
   ... you can't direct congestion control itself
   ... but adapt the transmitted data for instance

   @@@: moving back from congestion control to the signalling issue

   scribe: I do think it's worth considering whether or not these
   channel numbers can be used
   ... one thing I remember from the data APIs we discussed yesterday
   is that they're very application-specific
   ... they're not going to a lot of filters
   ... they could go through a central muxer (?)
   ... There is some thoughts to be given here; labels may have a place
   ... not sure about reliable/non-reliable — I think that should be
   available directly from the SDP stack
   ... the only remaining bit that seems to need signalling here is the
   label
   ... there is some use cases I thought of where you may have a very
   high volume of channels coming and going
   ... e.g. if you're acting as a proxy for the other person you're
   talking to
   ... you may have a very high number of channels closing and opening
   ... or if you're doing a backup
   ... if you make it expensive to open and close connections
   ... the application developers will start implementing on top of a
   single connection

   Justin: it's a good thought exercise to go through to identify which
   use cases wouldn't work
   ... I have a specific use case in mind that is hard to solve without
   labels

   @@@: the description could be done via a separate data channel
   (rather than via the signalling channel)

   scribe: given that a bunch of applications wouldn't need this

   Harald: signalling, I would like to study a case - I don't
   understand why you want it
   ... re congestion feedback, if you've played WoW, you've heard "Lag!
   Lag! Lag!"
   ... not communication transport information to the application level
   has been a mistake we shouldn't repeat

   Jonathan: some examples for reliable/non-reliable
   ... mouse pointer: you want in-order, but not necessarily reliable
   ... for file transfer, you want reliable, but doesn't need to be
   in-order

   ???: [help, I missed that]

   ->
   [18]http://www.w3.org/2011/04/webrtc/wiki/File:Aligned_Data_API.pdf
   Aligned Data API

     [18]
http://www.w3.org/2011/04/webrtc/wiki/File:Aligned_Data_API.pdf

   <JonathanLennox> It was asking about whether push notifications
   should be aligned with data channels, either in technology or in
   API. Justin said he hadn't thought about it at all.

   Stefan: I drafted a proposal to offer a simplified data API aligned
   with other APIs
   ... [Basic Proposal slide]
   ... [Changes to PeerConnection slide]
   ... [postMessage() spec extract]

   Justin: would this be reliable or unreliable?

   Stefan: only reliable as a starting point
   ... [examples slide]
   ... based on feedback, we could add DataOptions for reliability,
   priority

   Ted: it seems that you want to set this up for every PeerConnection
   ... so you would create a data channel even if you don't have use
   for it
   ... If so, I don't think many enterprise folks would be too happy
   for that
   ... because you've created an encrypted channels you don't know what
   it is used for
   ... I'm not sure what the benefit is

   Stefan: the point is to align it with web sockets

   Ted: I don't think that's quite as motivated as it might be

   Stefan: it could be simple to change the model to make the stream

   Anant: what does it bring over web sockets?

   Stefan: it's peer-to-peer

   Anant: I think not having unreliable data is a killer

   Harald: if the IETF side concludes that it will use a protocol that
   has support for multiple channels with congestion control and
   optional reliability
   ... it would be a shame not to take advantage of it simply for
   saving specification work
   ... given that need for it has been identified in the requirements
   document, it seems to me we should just go ahead with it

   Stefan: it's not clear that needs have been so well identified
   ... also, the most advanced tool that Web developers can use today
   is Web Sockets

   @@@: My discussions with people in Mozilla who have contacts with
   the Web Game writing community

   scribe: and they all want this

   <hta> @@@ = Randell Jesup

   scribe: they're very interested in not having to implement
   not-reliable/reliable, multiple channels
   ... they clearly need channels with different characteristics

   Stefan: I think the conclusion is quite clear that we'll go for the
   DataStream proposal
   ... [reads action items he noted, that will be sent later to the
   list]

   Harald: for Data API, the next iteration is to integrate that in the
   spec

   Justin: and once it's in the spec, we can implement it :)

Received on Wednesday, 8 February 2012 10:05:11 UTC