See also: IRC log
<jcverdie_> material can be found here: https://www.w3.org/wiki/TPAC2014/SessionIdeas#startSession.28.22WoT_devices.22.29
<kaz> done
<inserted> scribenick: kaz
<inserted> scribenick: kaz
igarashi: three open
    questions
    ... device interaction
zkaim, who is here?
zakiim, who is here?
scribe: the sense of WoT is too
    broad
    ... would think about narrower area
    ... (startSession("WoT Devices")
    ... Web servers on any devices and UAs on any devices
    ... device interaction is today's topic
    ... local network connection
    ... we call it "startSession"
    ... UA2UA connection
    ... (Challenges for Device Interaction)
    ... list of W3C groups tackling device connection
    ... MMI WG, Web&TV IG (HNTF)
<ddavis> scribenick: ddavis
igarashi: The Device APIs WG
    started to create the network service discovery API.
    ... The Device APIs WG also looked into Web Intents for
    devices.
    ... And at TPAC 2013 the second screen presentation CG started
    and this month became a working group.
    ... This working group has big momentum and browser vendors
    have already said they'll support it which is very good.
    ... This slide shows what the second screen presentation API
    is.
    ... The example scenario is for tablet and TV.
    ... There are two cases to consider - one is that one UA is
    running on the devices and the rendering result is copied via
    Miracast, AirPlay, etc.
    ... In the other case, two UAs exist and they communicate with
    each other.
    ... In the presentation API, the underlying protocol is out of
    scope.
    ... The communication is started with startSession() and then
    messages are sent using the Messaging API.
    ... This slide shows a comparison of how the presentation API
    differs to the NSD (Network Service Discovery) API.
    ... These are my observations. The Presentation API scope is
    very limited compared to NSD.
    ... NSD can use protocols such as SSDP, mDNS, DIAL and
    HTTP.
    ... For the presentation API, there is no discovery information
    sent to the web application.
    ... The UA shows the device list by itself.
    ... This is because of privacy issues. The NSD API does provide
    a list of discovered services to the web app.
    ... This raises privacy concerns.
    ... The Presentation API uses messaging and Cross-Origin Access
    is at the UA's discretion.
    ... For NSD API, messaging is used with CORS.
    ... Regarding protocols, discovery and messaging are out of
    scope for the presentation API but not for NSD API which use
    existing protocols.
<tidoust> Note that support for SSDP, mDNS, DIAL in Network Service Discovery API is also up to the User Agent, i.e. a User Agent is not required to support any of them, see http://www.w3.org/TR/discovery-api/#service-discovery
igarashi: I have three open
    questions.
    ... The Presentation API is a good approach to standardize and
    balance between functionality and privacy.
    ... 1) Why should the common messaging API not be used to
    interact with non-screen devices, i.e. WoT devices?
2) How to ensure interoperability if WoT devices are provided by different vendors?
scribe: 3) What is the security
    model for cross-origin access for WoT devices?
    ... Let's look at messaging. startSession is used and for WoT
    devices a URI or URL could be used.
    ... E.g. startSession("urn:schema-example-com:wot")
    ... Discovery is UA implementation dependent.
igarashi: Messaging is very
    generic and the same protocol can be used for WoT
    devices.
    ... The second open question is about interoperability with WoT
    devices.
    ... The protocol is out of scope which is a good
    decision.
    ... In the case of WebSockets and WebRTC, they're defined by
    W3C.
    ... However the protocol is defined by IETF. Maybe this idea
    can be used for presentation API.
    ... PHY/MAC layers vary in WoT devices.
    ... Regarding the security model, my question is whether the
    content security policy for the web can also work for the
    WoT.
    ... I wonder whether technology such as CORS can be used along
    with the presentation API.
    ... Another security question which will be explained more by
    Toshiba is whether WoT devices can or cannot support TLS/SSL
    practically.
    ... Also, can we standardize a security model beyond the
    presentation API?
    ... I wonder if there is a reasonable presentation for
    non-technical consumers.
    ... That's the end of my presentation.
honma: I'd like to show a demo of
    non-screen devices using the presentation API.
    ... I'm from NTT Communications.
    ... There is a presentation API library which I'd like to
    demonstrate.
    ... I'm using Sony's ActionCam. It has no screen but it
    provides a REST API.
    ... The user can take a picture and record video with this
    API.
    ... When using non-screen devices, we need to specify the type
    of devices. We suggest using urn: for this.
    ... Calling the startSession method the session object will be
    returned.
    ... Using an event handler and postMessage method, the web app
    can communicate with the ActionCam using the remote API
    provided by the camera.
    ... This is a web app using the presentation API.
[Shows demo]
honma: Clicking the in-page
    button means I can select the device.
    ... This application is using the presentation API for
    communication.
    ... This is the application of this demonstration.
    ... The presentation API shim works with the device driver
    module, which tries to find the camera with SSDP.
    ... After that, the web app can communicate with the device, in
    this case using the Sony API.
    ... Finally, I propose requirements of the system such
    as...
    ... Filtering rules for which the UA can discover 1) by web app
    with dedicated API, and 2) browser discovers all kinds of
    devices and notifies the web app.
    ... The second requirement is regarding communicating with
    various devices.
    ... 1) With the modules provided by the 3rd party vendor, and
    2) With the modules provided by the browser vendor.
komatsu: Next is Sakamoto-san with a talk about the security model.
sakamoto: I'm from Toshiba
    Japan.
    ... Recently we've been accessing many devices simultaneously
    in a home network, for example tablets, TVs and
    smartphones.
    ... Hybridcast is a new service launched in September last year
    in Japan.
    ... The user can enjoy multi-screen services.
    ... The companion applications use HTML5 from service
    providers.
    ... This slide shows the connection method.
    ... The signal first comes from the TV set and sends the URL
    from the TV set to the phone.
    ... The companion browser gets the web app from the provider's
    server.
    ... In more detail, firstly the URL is sent from the TV to the
    phone.
    ... Then the browser accesses the URL and gets the HTML5 app
    for the companion device from the server and executes it.
    ... We can use the maker's JavaScript engine.
    ... This slide shows the entire system.
    ... We can send information from the TV to the phone. with a
    WebSocket server in the TV set.
    ... The TV set can not publish SSL certificates for the WS
    server.
    ... The phone browser is not allowed self-certification from
    the TV set so maybe the browser displays a warning
    message.
    ... Recently one or two browsers have changed their security
    policy for the WebSocket protocol, so we can not use SSL in the
    local network.
    ... This means we can send information to the phone.
    ... So we'd like to change the security policy in the local
    network.
    ... In conclusion, Japanese broadcasters are trying to use
    WebSockets to exchange information between TVs and
    phones.
    ... But we cannot do this using published certificates from a
    TV to a phone.
    ... So we should discuss the security policy if we plan to use
    WebSockets for home networks.
komatsu: Our session is based on Mr Igarashi's three open questions.
komatsu: From now we have an open discussion. Does anyone have any questions?
    tidoust: I'm Francois, staff contact for the second screen WG. 
    ... I'd like to emphasize the need to consider use cases. 
    ... In the camera demo, I wonder if the use of the presentation API is the best thing for this problem. 
    ... I'd expect getUserMedia to be used. 
    ... In my view it's better to use getUserMedia because the web app just wants a camera feed, it doesn't want a URL. 
    ... I expect the presentation API to be extended to other use cases but it may not be the right thing sometimes. 
    ... Also, the Device API WG is looking at specs for sensors which could be relevant for WoT instead of the presentation API. 
    ... The scenario seems to be important.
    
    komatsu: For today's camera demo, to use getUserMedia is interesting. 
    ... But Mr Igarashi's proposal is not just about cameras.
    
    igarashi: In my opinion, it depends. That demo is just one example. 
    ... Also Sony's camera supports various functions which require some messaging passing mechanism. 
    ... The second issue is should we specify a Device API for all devices, for Sony and for all other manufacturers. Should we have APIs for all devices? That would be thousands. 
    ... It's probably not reasonable to define APIs for each device. A more generic approach is required. 
    ... In the web, W3C doesn't define a protocol.
    
tidoust: Should the messaging service run on the device?
igarashi: Maybe a proxy case can be considered. That's an implementation issue.
    jean-claude: I prefer their demo to one I could do which is between two pages. Theirs has more impact. 
    ... The device proxy - does it do discovery?
    
komatsu: Yes, it supports SSDP .
jean-claude: One web page is a service, the other is something that discovers the service, is that right?
    igarashi: That's right, but the second screen doesn't have a display so no way to show the messages. 
    ... The second screen API has two aspects - discovery by the UA and messaging between devices.
    
    bryan: One thing to consider is discovery which Rich Tibbett has been looking at for years. 
    ... There are going to be thousands of devices and lots of protocols. I don't think it's going to be possible to incorporate all this in browser modules. 
    ... Maybe you could have a local services acting as a bridge to enable discovery and you can then delegate the security to that bridge. 
    ... We have to consider the role of the device as a host for web services outside the browser. 
    ... The second thing is the long-term viability of the user experience is going to depend upon how quickly these things can be built. 
    ... The W3C's timeline is not going to support the diversity that's going to hit us like a flood. 
    ... We have to defer to the specific devices and services for security and privacy. 
    ... The security/privacy problem for the web has to be solved on a larger web scale. 
    ... But that's a separate thing. 
    ... Let's use bridges to solve this in the platform.
    
    igarashi: I understand what you're saying Bryan. 
    ... I tried to narrow the scope of the discussion. 
    ... Maybe devices don't connect directly to a UA. They could go through the existing model of the web (SSL). 
    ... But in a local network there are some use cases already. This is the scope of our discussion. 
    ... There are also intermediate devices in this case. We use private network address in this case.
    
    bryan: I agree a gateway in the home should be able to use SSL. 
    ... It's not the browser that's complaining. 
    ... We have to consider what's practical. Wherever that gateway is it can solve the problem in the short term. 
    ... You have a native application using localhost, on the backend you have an app.
    
    igarashi: even communicating with a local server we have a security issue. 
    ... The browsers don't allow pages to communicate with SSL pages. 
    ... The gateway is one solution to the deployment issue but the security issue still exists.
    
louay: There are two
    parts to the presentation API - controller and messenger.
    ... The presentation API is independent from the technology - it provides
    communication between two web pages.
komatsu: Our demo is just related to hardware devices.
igarashi: the messaging api is app-specific.
louay: Maybe in the
    background a different protocol is used but from the developer
    point of view the same messaging method is used.
    ... Thecommunication between devices is application-specific.
komatsu: Currently
    the implementation is the presentation provides high-level
    messaging.
    ... There are other video devices that have specific device driver modules and
    generic messaging can be done with the application.
louay: I'm speaking
    about how to address these devices.
    ... A specific type of URI is pointing to a specific type of device. I wonder how
    we can do this in a more abstract way. At the moment the
    presentation API is using URLs to point to web pages.
komatsu: We need a
    more abstract identifier.
    ... Maybe represented by URL, I'm not sure. We need to discuss such an
    identifier.
jean-claude: If you have a printer, you don't want to have possible URIs for all possible printers, you want to just say "printer".
igarashi: Applications should use web service-specific APIs.
jean-claude: As Louay said, you have the presentation API on the discovery side but you need a way for the web page to say "I'm a web service". What's your thought on that? If you want to have UA to UA communication you need something.
igarashi: That's out
    of scope and up to the browser vendor currently. The current
    presentation API just defines the API and the protocol and
    security policy is up to the implementation.
    ... Shall we ask everyone about these questions?
    ... Do you think presentation API should be defined for non-screen devices?
[roughly 30% yes, one person a possible no, 70% don't know]
igarashi: Do you think W3C should define underlying messaging and discovery protocol for WoT devices?
[0% raised hands]
bryan: Would you accept a definition that was based on existing W3C tech such as WebRTC/WebSockets?
igarashi: I think
    that modification is OK. Maybe we should separate discovery as
    well.
     ... For the communication protocol, we should support existing
    protocols?
[roughly 15% yes, 0% no]
igarashi: Do you think we need to think about the security policy more?
[roughly 30% yes, 0% no]
ann: How many people think these were good presentations?
[100% yes]
komatsu: Thank you for your time.