15:47:14 RRSAgent has joined #webrtc 15:47:14 logging to http://www.w3.org/2012/02/09-webrtc-irc 15:47:18 RRSAgent, make log public 15:47:24 Zakim, this will be MDCAP 15:47:24 ok, dom; I see UW_MdCap()11:00AM scheduled to start in 13 minutes 15:47:35 Meeting: Media Capture Task Force teleconference 15:47:48 Chair: Harald, Stefan 15:47:52 Agenda: http://lists.w3.org/Archives/Public/public-media-capture/2012Feb/0004.html 15:48:08 dom has changed the topic to: Media Capture Task Force Teleconf Feb 9 - Agenda: http://lists.w3.org/Archives/Public/public-media-capture/2012Feb/0004.html 15:49:05 Is it normal that the conf bridge tells me it is "restricted" at this point ? 15:50:18 hta has joined #webrtc 15:53:58 fluffy, that sounds weird — are you using the right code? 15:54:00 Zakim, code? 15:54:00 the conference code is 63227 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), dom 15:54:57 UW_MdCap()11:00AM has now started 15:55:04 + +1.403.244.aaaa 15:56:03 Pretty sure I had the right code - tried it twice. But I just tried again and it worked so perhaps I had wrong code or it needed to be started or something. 15:56:43 so, I gather you are aaaa 15:56:45 + +46.7.34.27.aabb 15:56:49 Zakim, aaaa is fluffy 15:56:49 +fluffy; got it 15:56:57 zakim, aabb is hta 15:56:57 +hta; got it 15:57:43 stefanh has joined #webrtc 15:58:20 +Josh_Soref 15:59:48 +[Voxeo] 16:00:00 burn has joined #webrtc 16:00:26 zakim, who's on the phone? 16:00:36 On the phone I see fluffy, hta, Josh_Soref, [Voxeo] 16:00:43 Josh_Soref has joined #webrtc 16:00:44 darobin has joined #webrtc 16:00:45 +??P58 16:00:45 zakim, [Voxeo] is Daniel_Burnett 16:00:50 Zakim, ??P58 is me 16:00:57 fjh has joined #webrtc 16:01:10 +Daniel_Burnett; got it 16:01:14 zakim, I am Daniel_Burnett 16:01:20 +dom; got it 16:02:00 zakim, I am fjh 16:02:02 ok, burn, I now associate you with Daniel_Burnett 16:02:03 zakim, I am Harald_Alvestrand 16:02:15 + +46.1.07.14.aacc 16:02:20 +??P5 16:02:22 zakim, who is here? 16:02:25 +[Mozilla] 16:02:27 +[IPcaller] 16:02:28 zakim, aacc is stefanh 16:02:34 zakim, [IPcaller] is me 16:02:47 Zakim, ??P5 is probably me 16:02:53 Zakim, who is making noise? 16:03:04 sorry, fjh, I do not see a party named 'fjh' 16:03:09 sorry, hta, I do not see a party named 'Harald_Alvestrand' 16:03:09 well known keyboard? :-) 16:03:12 + +1.610.889.aadd 16:03:18 On the phone I see fluffy, hta, Josh_Soref, Daniel_Burnett, dom, +46.1.07.14.aacc, ??P5, [Mozilla], [IPcaller], +1.610.889.aadd 16:03:18 Zakim, aacc is me 16:03:27 +stefanh; got it 16:03:35 + +1.415.800.aaee 16:03:42 +fjh; got it 16:03:45 +darobin?; got it 16:03:46 jesup has joined #webrtc 16:03:46 hta: yeah, whenever I don't have access to the conference room, people hear my rather distinctive typing style :) 16:04:01 anant has joined #webrtc 16:04:05 Josh_Soref, listening for 10 seconds I heard sound from the following: dom (4%), stefanh (9%) 16:04:06 Zakim, darobin is darobin 16:04:26 sorry, stefanh, I do not recognize a party named 'aacc' 16:04:29 On IRC I see fjh, darobin, Josh_Soref, burn, stefanh, hta, RRSAgent, Zakim, fluffy, richt_, tsachev, ed, derf, trackbot, rektide, dom 16:04:32 Zakim, darobin is really darobin 16:05:10 Zakim: +anant 16:05:11 +darobin; got it 16:05:11 scribe: Josh_Soref 16:05:16 RRSAgent, draft minutes 16:05:16 I have made the request to generate http://www.w3.org/2012/02/09-webrtc-minutes.html Josh_Soref 16:05:22 Zakim, [Mozilla] holds anant 16:05:27 +darobin; got it 16:05:51 yes. 16:06:14 s/yes.// 16:06:26 s/Zakim: +anant/Present+ anant/ 16:06:32 +anant; got it 16:06:39 xxx: the proposed agenda 16:06:48 Topic: Agenda 16:06:51 s/xxx/StefanH 16:07:02 StefanH: ... Capabilities and Privacy 16:07:07 ... and xx2 16:07:15 Topic: Capabilities and Privacy 16:07:25 stefanh: I've asked xxz to introduce that 16:07:36 s/xxz/burn 16:07:39 xxz: so, what i'm going to do is give a brief summary of what we've talked about 16:07:51 burn: we may have to review some of the arguments we were given 16:07:59 ... a number of people were talking about capabilities 16:08:04 ... and also about fingerprinting 16:08:11 my IRC client cant beep with audio 16:08:12 ... what we did at the last WebRTC meeting 16:08:21 ... was discuss xxa 16:08:29 ... I'll jump to the conclusion of that really long discussion 16:08:38 ... there was a consensus that capabilities information was needed 16:08:45 + +44.208.144.aaff 16:08:45 ... to build applications with WebRTC apis 16:08:53 ... for those unfamiliar with this 16:08:55 zakim, aaff is me 16:08:55 +richt_; got it 16:09:01 Present+ Rich_Tibbett 16:09:01 ... it may seem obvious that this was necessary 16:09:08 ... but it wasn't 16:09:11 Travis has joined #webrtc 16:09:17 ... we tried to decide initially whether we really needed it 16:09:24 ... there are applications like Presence 16:09:27 Present+ Travis_Leithead 16:09:33 ... where you need to know the means through which you can contact people 16:09:41 -> http://www.w3.org/2012/02/01-webrtc-minutes.html#cap Discussions on capabilities and fingerprinting at the WebRTC F2F last week 16:09:49 ... for a Dating site, you may want to give preference to those with a WebCam available 16:09:56 ... that's one example, there were others 16:10:07 ... there was a conclusion that capabilities were needed for the apps people would like to build 16:10:12 Present+ Frederick_Hirsch 16:10:19 ... as part of this discussion, there was a discussion about the level of capabilities 16:10:28 ... do you just want high level, or details 16:10:34 * What's the conf call code? 16:10:37 ... we didn't really come to a clear consensus on the level 16:10:38 Present+ Stefan_Hakansson 16:10:53 ... the richer you want the application to be 16:11:00 ... the more details you want about the client 16:11:17 ... the details will depend on how much you trust the application 16:11:22 +[Microsoft] 16:11:27 ... most people generally trust an application they've locally installed 16:11:53 ... we might want to consider how much capabilities to expose 16:11:59 ... based on how much you've dealt with a site 16:12:05 ... e.g. giving more details once you've logged in 16:12:11 ... for a downloadable-installable-webapp 16:12:22 ... essentially a shell installed on a machine 16:12:31 ... in that case, you may not need to ask about using mic+camera 16:12:45 ... even though if you were to visit the site live you would need to ask (same general app) 16:12:55 ... i'm sure there will continue to be a discussion on this 16:12:59 ... some people proposed... 16:13:05 ... considering Google Hangout 16:13:12 ... and try to design to support for that 16:13:24 ... some wanted to do other things than that, for which they want more capability info 16:13:29 ... we didn't reach a consensus on that 16:13:36 ... that's probably a high level summary 16:13:39 ... one other thing 16:13:48 ... i didn't mention fingerprinting above 16:13:53 -darobin.a 16:13:56 ... but we did discus it quite a bit 16:14:16 ... it was brought up that there are already many bits available for a user w/o this 16:14:28 ... sites may eventually be able to uniquely identify you 16:14:38 ... they know you bought item X at a store 16:14:46 ... because they happen to have sufficient information about you 16:14:52 ... not because they're using linking cookies 16:14:58 ... this is why it was brought up 16:15:03 ... there are sites that you trust 16:15:12 ... sites like Facebook may already know who you are 16:15:15 +??P5 16:15:19 ... for some sites, you may not be giving more information 16:15:24 Zakim, ??P5 is me 16:15:24 +darobin; got it 16:15:25 q+ 16:15:28 ... ok that's about it 16:15:29 Too much information makes things like private browsing not private - can even be dangerous in some cases 16:15:31 ... any questions? 16:15:36 -darobin 16:15:38 fjh: Question about other privacy concerns 16:15:44 ... use of the camera/audio 16:15:48 ... without the user knowing it 16:15:50 q? 16:15:52 q- 16:16:01 burn: there has always been a requirement about notifying users of use 16:16:10 ... this was just a discussion about when things are being used 16:16:26 burn: any other questions 16:16:36 xxb: comments 16:16:49 ... i think it makes sense to have levels about how much capabilities are actually exposed 16:16:57 ... about media being transmitted 16:17:01 Zakim, [Mozilla] holds derf 16:17:01 +derf; got it 16:17:02 ... browsers are not the only HTML clients 16:17:23 ... while browsers should notify users that cameras are on 16:17:30 ... it might not make sense for a smart phone to tell a user that 16:17:40 ... you might want to write a dialer in HTML5 using getUserMedia 16:18:01 ... but it doesn't make sense for the dialer to have to ask for permission or be limited in the data it gets about the hardware 16:18:08 ... that's where defining two separate levels is useful 16:18:08 Zakim, [Mozilla] holds jesup 16:18:08 +jesup; got it 16:18:22 ... then the useragent can decide based on the use case about what to disclose 16:18:31 ... for a browser / random web sites, that's less 16:18:39 ... and for a telephone, the UA could disclose more 16:18:47 ... the spec can define both 16:18:54 ... and the UA can decide which class to apply for the app 16:19:09 s/xxb/anant/ 16:19:18 burn: there wasn't necessarily consensus on 2 levels 16:19:22 ... there was interest on multiple levels 16:19:27 ... maybe more than 2 16:19:32 ... anant was interested in 2 16:19:52 ... i think it might be a good approach to have multiple levels 16:19:56 ... any other questions? 16:20:06 dancohen: Dan Cohen here 16:20:14 ... one question i had was about notifications about capabilities changing 16:20:22 ... let's say you had permission to know about capabilities 16:20:23 s/dancohen/cullen 16:20:32 ... and someone plugged in a camera 16:20:35 s/cullen/fluffy 16:20:40 s/Dan Cohen/Cullen/ 16:20:42 burn: we didn't get consensus on that 16:20:56 ... we didn't have time to discuss in detail how that would work 16:21:01 ... how frequent, or how it would look 16:21:16 xxc: some part of that will be tied to what levels of capabilities we have 16:21:26 ... but when they change, it makes sense to notify at the same level 16:21:33 ... i don't think there's a risk of notifying within the same level 16:21:36 burn: i agree 16:21:39 q+ 16:21:56 chair1: I've heard a lot of people speaking from WebRTC 16:22:01 s/xxc/anant 16:22:05 ... i'd like to hear feedback from the DAP people 16:22:15 xxd: focus on what parts are different 16:22:16 s/chair1/stefanh 16:22:22 burn: what important things did we miss? 16:22:25 s/xxd/harald 16:22:32 fjh: one question is: how do we establish this trust 16:22:38 ... one way is how to establish trust 16:22:43 ... installing an app is one way 16:22:50 burn: we didn't get to that 16:23:00 xxe: my proposal is to let the UA figure it out 16:23:07 ... i think we should leave it up to the UA to decide 16:23:14 xxf: I have some worry about this 16:23:24 ... i understand that things will be different for certain environments 16:23:28 s/xxf/fluffy/ 16:23:38 ... we should say "if you're a browser, you should probably do this" 16:23:40 s/xxe/anant/ 16:23:48 ... it's not like the standard police will go after you 16:23:51 xxg: right 16:24:04 s/xxg/anant/ 16:24:04 q? 16:24:12 xxh: for Chrome and Firefox we have means to escalate privelege 16:24:15 ... and IE 16:24:21 ... I don't know if Travis has comments on that 16:24:25 q+ 16:24:32 ... I think all three have a way to say that 16:24:33 s/xxh/anant/ 16:24:52 q+ 16:24:57 [ Scribe explains that you need to introduce yourself ] 16:25:05 Travis: it was brought up about Windows Metro apps 16:25:09 ... and capabilities / permissions 16:25:16 ack Josh_Soref 16:25:19 ... while i think it's good to describe the options for UAs 16:25:20 ack Travis 16:25:29 ... it might be useful in our spec to categorize these things 16:25:35 ... one categorization is: 16:25:40 ... is this Implicitly trusted 16:25:44 ... is this Implicitly untrusted 16:25:46 Zakim, aadd is me 16:25:46 +jesup; got it 16:26:00 ... determining how frequently you want to ask / what mechanism, is too far 16:26:10 xxj: you're not talking about Trust in the UA 16:26:17 Travis: I think that's what i'm addressing 16:26:21 ... from a high level point of view 16:26:24 ... if the UA is a Phone 16:26:25 s/xxj/harald 16:26:31 ... I think there's a point at which I grant permission 16:26:32 [DAP has had similar discussions many times; but unless we have a good story around trusted/untrusted, I think we should just focus on untrusted for the time being] 16:26:41 ... and that can be done when the hardware is built 16:26:54 ... if the UA is a Browser, and it can be exposed to untrusted apps 16:27:00 ... then it's a different category 16:27:10 fjh: I had a question about the earlier statement 16:27:17 ... about the browser being able to know based on the url 16:27:23 anant: it's not based on the URL 16:27:28 ... for Chrome, you can go to the Chrome web store 16:27:33 ... and install an application 16:27:41 ... that's the mechanism of establishing trust 16:27:57 i/not based/... is there an example?/ 16:28:11 stefanh: are we finished addressing capabilities? 16:28:16 burn: one other question 16:28:20 s/stefanh/harald/ 16:28:26 ... cases where trust might be improved over time 16:28:36 ... we've covered distinctions between UAs that may or may not be trusted 16:28:43 ... and apps that may or may not be trusted 16:28:47 ... but there's this other level 16:28:53 ... say i'm using a Web Browser 16:28:59 ... and i'm using some online application 16:29:02 ... that i did not install 16:29:23 ... that doesn't mean that i might not want to have the ability to gradually improve the privilege of the app 16:29:35 ... I may not have a problem with an app knowing that i have a camera/microphone 16:29:37 -> http://lists.w3.org/Archives/Public/public-webapps/2012JanMar/0554.html Installing web apps, Robin Berjon, Feb 7 2012 16:29:42 ... when I was expressing concern about two levels 16:29:59 q+ 16:30:03 ack fjh 16:30:21 ... it may be convenient for me to say "i trust this " 16:30:34 ... I'm saying there may be "trusted-noninstalled-apps" 16:30:38 ... it may be another category 16:30:51 xxL: by category i'm talking about the information provided 16:31:00 ... not about how the category is established 16:31:01 s/xxl/anant/ 16:31:20 s/xxL/anant/ 16:31:29 ... installation need not be the only way to establish a category 16:31:34 ... we need to provide another way 16:31:35 q- 16:31:42 ... i don't know immediately what those ways might look like 16:31:53 xxm: do we want to talk at all about what capabilities could be discovered? 16:32:00 Perhaps a request for added trust causes a geolocation-type doorhanger 16:32:02 s/xxm/fluffy 16:32:13 ... for the trusted ring, i don't think we need to hide anything 16:32:30 ... then there's the question about how simple we want the JavaScript api to be 16:32:35 ... we don't need to limit for fingerprinting 16:32:42 xxn: overloading... 16:32:59 burn: I agree that we can hide more detailed in a tiered object 16:33:12 ... for apps that we're interested in, we definitely want everything to be available 16:33:19 xxo: an expandable set 16:33:32 Travis: i'm a little concerned about how that principle leads this door right open 16:33:36 s/xxo/harald/ 16:33:40 ... how do we specify *everything* about a device 16:33:45 ... i come from the security camp 16:33:57 ... i'd like to expose the least amount to get by 16:34:01 +1 to Travis 16:34:02 +1 to least priviledge 16:34:07 ... i'd like to iterate over time about what to expose 16:34:14 q+ to talk about device discrimination 16:34:26 xxp: if i have an app on my desktop 16:34:31 that is the problem with desktop apps, and viruses etc 16:34:32 ... it knows everything about my device 16:34:39 s/xxp/burn/ 16:34:40 ... if i try to build something in my browser 16:34:52 ... i want to be able to do everything i could do with that app 16:35:00 Travis: for each device, the details are slightly different 16:35:11 ... having to read up on every driver's technique for exposing information is painful 16:35:27 xxq: for desktop applications, there isn't a well defined api to get most of the information 16:35:35 s/xxq/fluffy/ 16:35:40 ... i don't know burn, i don't think it's really what you think 16:35:49 fluffy: i think concrete examples will be helpful 16:36:01 burn: if i want to build something as rich as what i can have on my computer 16:36:09 ... whatever i can get from my desktop is sufficient 16:36:14 ... i'm not asking for more than that 16:36:19 xxr: i'll want more 16:36:22 RRSAgent, draft minutes 16:36:22 I have made the request to generate http://www.w3.org/2012/02/09-webrtc-minutes.html Josh_Soref 16:36:28 s/xxr/fluffy/ 16:36:29 s/xxr/fluffy/ 16:36:33 q? 16:36:43 q? 16:36:43 ack Josh_Soref 16:36:44 Josh_Soref, you wanted to talk about device discrimination 16:37:01 Josh_Soref: my concern is that I'd like to be able to even buy an application and use it on one device 16:37:16 ... and then use it on a different device with different parameters, assuming the application is transferable 16:37:39 ... the app shouldn't stop working because the app would be hardwired to a specific user agent or device 16:38:20 ... I appreciate teh ability to have precise details or about general things, I want to make sure we don't make it too easy for apps to be hardcoded for some specific hardware configuration 16:38:23 s/teh/the/ 16:38:45 chair2: i'd like to move to the next topic 16:38:50 s/chair2/hta/ 16:39:08 xxs: can we send out proposals for how to deal with Levels and moving from level to level? 16:39:12 s/xxs/anant/ 16:39:16 ... burn can you send in a proposal? 16:39:22 ... i'm happy to send in one as well 16:39:28 burn: i'm willing to send in one, let's talk offline 16:39:43 Topic: Scenarios 16:39:50 http://dvcs.w3.org/hg/dap/raw-file/tip/media-stream-capture/scenarios.html 16:39:53 Travis: I was asked to put together a Scenarios document for Media Capture 16:40:05 ... the goal of the document was to establish the set of realistic scenarios 16:40:11 ... that lightly touch on the things you might want to do 16:40:21 ... with a capture API if you had one available 16:40:34 ... i tried to spread it across both browsers and installed applications 16:40:41 ... i didn't want to write this as a requirements document 16:40:47 ... i wrote it for an Average user 16:40:51 ... not one with 30 cameras 16:41:05 ... I had a few sections: Scenarios, and Rants and Raves 16:41:13 ... [Section 5] 16:41:21 ... We at Microsoft have experimented with things 16:41:28 ... I have commentary 16:41:40 ... Section 5 as it is in the document is what I consider less important to the scenarios 16:41:46 ... but still worth considering 16:41:50 some comments I offered on the scenarios document -> http://lists.w3.org/Archives/Public/public-media-capture/2012Feb/0012.html 16:41:50 ... there are 6 scenarios 16:41:58 ... i can talk through them if the group wants 16:42:05 stefanh: maybe you could go quickly through them 16:42:15 Travis: there are 6 scenarios 16:42:37 ... the first scenario is a user, like a Facebook user 16:42:45 ... using it to capture an image from their webcam 16:42:55 ... the app provides a ui, that enables the camera to turn on 16:42:58 ... and capture a single image 16:43:06 ... the ability has the ability to capture audio 16:43:09 ... for an audio caption 16:43:17 ... maybe converted to text and put on the web page 16:43:24 ... the second scenario is about an enthused user 16:43:28 ... more active in Blogging 16:43:31 ... this is a Video Blog 16:43:45 ... and he goes and describes his commentary on the Political situation 16:43:51 ... he has some friends who will join him 16:44:00 ... they will initiate connections to certain parties 16:44:06 ... who will join in at the end 16:44:17 xxt: when you talked about switching browser caps 16:44:22 s/caps/tabs/ 16:44:26 s/xxt/fluffy/ 16:44:34 Travis: a detail on the text in the scenario 16:44:43 ... he's watching himself do the recording in the browser tab 16:44:49 ... he may need to switch to see some other data 16:45:05 ... it was meant to say that the ability to have the camera running in the background is important to consider 16:45:33 ... the conferencing scenario needs to keep the conference up 16:45:44 ... the third scenario is a student working on an image processing course 16:45:56 ... the teacher has put specific requirements on the size of the video for the assignment 16:46:09 ... the student has to ensure the video fits the parameters 16:46:14 ... she can't operate on a large video 16:46:23 ... she may not need to trust the site 16:46:31 ... fourth scenario is a mobile scenario 16:46:34 ... a user traveling 16:46:38 ... recording a video diary 16:46:44