HTML Media Task Force Teleconference

22 Jul 2014


See also: IRC log


paulc, +1.415.832.aaaa, davide, +1.408.536.aabb, +1.425.868.aacc, joesteele, geguchi, markw, ddorwin, adrianba, ReimundoGarcia, jdsmith, BobLund, glenn
joesteele, joesteele_


<trackbot> Date: 22 July 2014

<paulc> Good morning.

<davide> good afternoon

<joesteele> Scribe: joesteele

<paulc> Agenda: http://lists.w3.org/Archives/Public/public-html-media/2014Jul/0014.html

Role Call

Previous minutes -- http://lists.w3.org/Archives/Public/public-html-media/2014Jun/0072.html

Action items and Issues

<paulc> who is aacc?

<paulc> Agenda: http://lists.w3.org/Archives/Public/public-html-media/2014Jul/0014.html

<paulc> Joe: Cannot hear you.

hold on -- looks like I got disconnected

<ddorwin> the call went quiet for at least 3 of us

<ddorwin> paulc, do you hear other people?

<paulc> trackbot, start meeting

<trackbot> Meeting: HTML Media Task Force Teleconference

<trackbot> Date: 22 July 2014

<ddorwin> Jerry, Joe, and David are in our own conference apparently.

<scribe> Scribe: joesteele

<scribe> Chair: paulc

<paulc> Can anyone hear me?

<ddorwin> no

<BobLund> No

<ddorwin> you probably need to rejoin

Role call

EME status and bugs

<paulc> Editor's draft: http://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html

paulc: Editors draft has had 2-3 drafts since last mtg
... few new bugs

<paulc> http://tinyurl.com/7tfambo

paulc: this is the list of bugs
... 22 bugs total

Encrypted Media Extensions Stream Format and Initialization Data Format Registry

<paulc> https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/initdata-format-registry.html

pauc: that is the registry -- need to make sure editors are aware this is referenced in editors draft
... although no "references" list in the editors draft

<paulc> See bug https://www.w3.org/Bugs/Public/show_bug.cgi?id=25733

pauc: normally there would be a list of references
... this bug was discussing the registry for in-band source tracks
... Director has said we are ok with having pointers to informative registries even when they use normative language
... we can add a "references" section and point to this registry

ddorwin: will add as part of the refactoring

<ddorwin> ReSpec

ddorwin: using ReSpec

<ddorwin> Tracking bug for ReSpec: https://www.w3.org/Bugs/Public/show_bug.cgi?id=25506

paulc: anyone working on this bug knows about this also -- moot now because MSE heartbeat was published

New EME bugs

[Bug 26332] New: Applications should only use EME APIs on secure origins (e.g. HTTPS)

<paulc> https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332

paulc: David do you want to say anything?

ddorwin: chances are that CDMs are exposing IDs that are not well protected, we should protect them with secure origin
... this is a common theme on the Internet

paulc: several commenters I don't usually see
... is it clear what changes we would make?
... is comment 5 the only change proposed?

<paulc> See comment five: https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#c5

ddorwin: this is still open to provide guidance, needs to be normative

paulc: Adrian or Jerry have a comment?

jdsmith: I wonder if this is a strong countermeasure - would need a license server on the other end to exploit the ID

joesteele: I am in favor of this because it provides protection for the application vendor, but not so much worried about the privacy implications. I believe the protections are already described for the IDs

markw: I support the comments about the identifiers, we have text about protecting that already. The problem with having the origin as HTTPS is that all the content has to be downloaded over HTTPS -- don't support for that reason

ddorwin: not meant to be offensive, there is no normative text about protecting the identifier.
... only thing we can do is relate to the origin
... no obvious to me how the ID is protected - each CDM has to be checked by the UA to make sure it is not leaking these IDs

jdsmith: my question is -- do we want to be stringently requiring HTTPS when there are valid use cases for HTTP.
... there is an implication that CDMs need to protect their data exchanges
... this might be a strong counter-measure for sites that could use HTTP

paulc: some people were not aware of this bug - so folks should add their comments in the bug
... let's go broad and continue with the other new bugs

[Bug 26313] New: Steps for createSession should define what happens if the sessionType is not supported


paulc: Jerry you created, David commented right after, have you seen Davids response?

<paulc> See David's response: https://www.w3.org/Bugs/Public/show_bug.cgi?id=26313#c1

jdsmith: had not seen this yet

paulc: we could move forward then, you can respond in the bug
... editors might be able to just resolve

[Bug 26401] New: Key message destinationURL usage is not reflected in examples


<paulc> Example 2 at https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html#examples

joesteele: this was added just to add in support for destinationURL since it will be required for some CDMs

<ddorwin> Related bug: https://www.w3.org/Bugs/Public/show_bug.cgi?id=25920

ddorwin: resolution of the bug was to remove this until we have a way to do this in a safe way
... defaultURL is now NULL in the text

<ddorwin> step 7.8 of https://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html#dom-createsession

<paulc> Joe is concerned about code in function handleKeyNeeded(event)

joesteele: I am not in favor of removing destinationURL -- was hoping that was not the outcome of previous bug

<ddorwin> handleKeyNeeded() is a handler for needkey, which does not have a destinationURL

<ddorwin> Probably want handleMessage() in 8.4.

<paulc> Actually Joe is pointing to function licenseRequestReady(event)

ddorwin: the function you refereded to is not the right one -- think you mean licenseRequestReady()
... need to talk about what the language should actually be -- currently specified as NULL in the initial message
... in the createSession algorithm

<ddorwin> https://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html#dom-update sets destinationURL in step 4.6

ddorwin: the initial one is currently specified as NULL
... I will update the bug with pointers

joesteele: I will update the bug from there
... provide some example code that I think should work

Bugs discussed at last meeting

Bug 26207 - Provide a way to check system capabilities required for UHD playback


<joesteele_> scribe: joesteele_

paulc: maybe I missed it -- several folks have responded
... maybe you can just let us know how you want this bug processed
... Jerry to look at the bug and repsonses

Bug 25896 - Why is EME creating new DOMException subclasses?

<paulc> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25896#c12

paulc: proposal made to close
... anyone objecting should respond in the bug

jdsmith: with this change we lose the numeric capability in the error

ddorwin: I propose closing this bug and opening a new one to add this capability back as needed
... removed the MediaKeyErrors because things have changed -- commented out with issue statements
... should explore Jerrys use case separately
... Joe had a question about getting systemCodes back from Promise rejection

paulc: has the other bug been opened?

jdsmith: I will take the action to open that bug

EME Use cases Wiki


paulc: Joe can summarize his update and call for more comments

<ddorwin> The error bug I was referring to is https://www.w3.org/Bugs/Public/show_bug.cgi?id=26372. Please take a look since errors are up in the air.

<paulc> Mark's feedback: http://lists.w3.org/Archives/Public/public-html-media/2014Jul/0016.html

<paulc> Joe: Use cases on the Wiki should all be supported today

<paulc> ... keyrelease and downscaling might not be supported by some CDMs

<paulc> ... seems to be general agreement that this is good set of use cases

<paulc> ... Joe wanted to get agreement before fleshing them out more

<paulc> ... and Joe has not yet added (to a separate section) future use cases

<paulc> Joe thinks he agrees with Mark's comments and Joe will reflect this back into the Wiki

<paulc> David has done some editing

<paulc> Bob Lund commented positively

ddorwin: there is a new bug on errors -- that was what I wanted to say
... last conversation
... no comments on the wiki

markw: I noticed that there may be confusion about system sessions and license - which seem to be separate things
... can have session that persists when license does not
... not sure how we resolve this - text in the specification talks about both things

<paulc> Joe: Not sure that the Wiki uses case motivate the need for loadSession capability

<paulc> ... some need for handling persistence but not sure of the need for saving a session

<paulc> Joe will send an email or file a bug on Mark's point and agrees there is confusion there

ddorwin: have had some discussion around this -- it was added as a way to manage offline and support the secure proof of key release model
... existing normative text should support both of those models
... may be different from how some keys model key persistence
... need to have a common way to model this
... we could think about another session type but not sure that makes sense

<paulc> Joe: My impression of the loadSession feature is that it was designed by implementers that don't support persistence and without discussion with CDM implementations that do support persistence

<paulc> ... I agree there should be a common model but it may not be this one

<paulc> ... I don't have a new model to propose yet

<paulc> Joe offered to send an email about this and get more discussion going

joesteele: not clear who will use this feature as defined today
... I will send an email about this as noted

jdsmith: just wanted to say we are having similar problems with the loadSession model -- might need some reconsideration

markw: we are talking about system licenses I would agree with many of the comments made, but when talking about session and secure key release need a way to find those previous sessions
... assumed loadSession would be used for that

paulc: comment about more advanced use cases -- I would discourage that until we deal with the existing use cases
... will put on the top of the agenda for next week

joesteele: ok

rrsagent: generate minutes

<ddorwin> loadSession(), etc. were designed to have a consistent model that supports multiple use cases and that could be broadly supported across implementations (possibly with "wrapping" to match the spec). This was discussed with app developers, so there is a desire for this consistent model.

rrsagent: generate minutes

rrsagent: generate minutes

s/ CDMs are exposing IDs/ CDMs are exposing IDs/

rrsagent: generate minutes

rrsagent: generate minutes

rrsagent: generate minutes

rrsagent: generate minutes

rrsagent: generate minutes

rrsagent: generate minutes

rrsagent: generate minutes

rrsagent: generate minutes

rrsagent: generate minutes

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.138 (CVS log)
$Date: 2014-07-22 16:13:57 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/protecting the application/protecting the identifier/
Succeeded: s/4.6/step 4.6/
Succeeded: s/thr/the/
Succeeded: s/references list/"references" list/
Succeeded: s/had said/has said/
FAILED: s/ CDMs are exposing IDs/ CDMs are exposing IDs/
Succeeded: s/commet/comment/
Succeeded: s/application vendor not so/application vendor, but not so/
Succeeded: s/EME exposing IDs/CDMs are exposing IDs/
Succeeded: s/abke/able/g
Succeeded: s/repsond/respond/g
Succeeded: s/might not be supported/might not be supported by some CDMs/
Succeeded: s/Joe wants to/Joe wanted to/
Found Scribe: joesteele
Inferring ScribeNick: joesteele
Found Scribe: joesteele
Inferring ScribeNick: joesteele
Found Scribe: joesteele_
Inferring ScribeNick: joesteele_
Scribes: joesteele, joesteele_
ScribeNicks: joesteele, joesteele_
Default Present: paulc, +1.415.832.aaaa, davide, +1.408.536.aabb, +1.425.868.aacc, joesteele, geguchi, markw, ddorwin, adrianba, ReimundoGarcia, jdsmith, BobLund, glenn
Present: paulc +1.415.832.aaaa davide +1.408.536.aabb +1.425.868.aacc joesteele geguchi markw ddorwin adrianba ReimundoGarcia jdsmith BobLund glenn
Agenda: http://lists.w3.org/Archives/Public/public-html-media/2014Jul/0014.html
Found Date: 22 Jul 2014
Guessing minutes URL: http://www.w3.org/2014/07/22-html-media-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]