14:04:24 <RRSAgent> RRSAgent has joined #tvapi
14:04:24 <RRSAgent> logging to http://www.w3.org/2015/12/08-tvapi-irc
14:04:57 <Bin_Hu> Bin_Hu has joined #tvapi
14:09:45 <igarashi> igarashi has joined #tvapi
14:10:40 <igarashi> This meting has started?
14:10:46 <kaz_> kaz_ has joined #tvapi
14:11:06 <tidoust> igarashi, not yet, we have a problem with WebEx
14:12:48 <tidoust> RRSAgent, make logs public
14:12:53 <tidoust> Meeting: TV Control API CG call
14:12:55 <tidoust> Chair: Bin
14:13:50 <tidoust> Present+ Kazuyuki_Ashimura, Bin_Hu, Chris_Needham, Tatsuya_Igarashi, Francois_Daoust, Paul_Higgs, Sung_Hei_Kim
14:14:49 <tidoust> scribe: tidoust
14:15:13 <tidoust> Topic: Review of action items
14:15:28 <tidoust> Bin: I think that we have completed all the open action items, so the list is empty.
14:15:46 <kaz> -> https://www.w3.org/community/tvapi/wiki/Main_Page/Agenda_Telco_Dec_08_2015 agenda wiki
14:15:50 <kaz> agenda: https://www.w3.org/community/tvapi/wiki/Main_Page/Agenda_Telco_Dec_08_2015
14:16:04 <tidoust> Topic: Review of the draft WG charter
14:16:49 <tidoust> Bin: Thanks Francois for drafting the initial charter. It's great to see momentum since TPAC, where ATSC indicated interest to reference this specification.
14:16:54 <kaz> -> http://w3c.github.io/charter-drafts/tvcontrol-2015.html draft WG charter
14:17:08 <tidoust> ... Based on these discussions, several people at W3C kicked off transition activities.
14:17:21 <kaz> rrsagent, draft minutes
14:17:21 <RRSAgent> I have made the request to generate http://www.w3.org/2015/12/08-tvapi-minutes.html kaz
14:17:34 <tidoust> ... Several people have contributed to these discussions already. I think the charter is in good shape.
14:17:57 <tidoust> ... The goal is to wrap-up and see if others have additional comments.
14:18:11 <tidoust> q+
14:18:32 <kaz> q?
14:18:38 <kaz> scribenick: kaz
14:18:55 <kaz> tidoust: agree the draft charter looks good
14:19:03 <kaz> ... but there are two questions
14:19:10 <kaz> ... would like to raise again
14:19:34 <kaz> ... the group agrees with what would happen?
14:19:48 <kaz> ... also the API would be for usual Web runtime?
14:20:06 <kaz> ... would work for TV tuner as well
14:20:32 <kaz> ... the charter currently doesn't clearly states
14:20:46 <kaz> ... it's for usual Web model
14:20:55 <kaz> ... so want to check that point
14:21:20 <kaz> bin: the deliverable of this proposed group should be usual Web runtime
14:21:30 <kaz> q+
14:21:32 <kaz> ack t
14:21:40 <kaz> ... similar to the ones on automotive
14:21:52 <kaz> q?
14:21:59 <tidoust> scribenick: tidoust
14:22:02 <tidoust> ack kaz
14:22:08 <kaz> ack k
14:23:07 <tidoust> kaz: I think that's an important point. Probably we should ask TV vendors for this question. Igarashi-san, for instance, do you have a specific opinion? Usual Web runtime may be difficult to define in any case.
14:24:10 <tidoust> igarashi: I personally think that regular Web browsers will not support this API in a long time. Broadcasters will not allow to use this API for everyone, I think. I don't have a clear opinion but I'm wondering about the current security model of the automotive API.
14:24:18 <kaz> q+
14:24:31 <kaz> ack k
14:24:44 <tidoust> Kaz: That's a good question.
14:25:17 <tidoust> ... The WG works collaboratively with the BG. The current spec does not handle security considerations in particular.
14:25:32 <tidoust> ... The first version is only read-only, i.e. getting not setting.
14:25:53 <tidoust> ... That is a difference between these two APIs.
14:26:29 <tidoust> Igarashi: I think the situations are similar. Can any Web application use the automotive API?
14:26:43 <tidoust> Kaz: Right. We might want to clarify things in the charter, then.
14:27:42 <tidoust> Igarashi: Currently, if we apply the security context to the TV Control API, we need to think about very complex issues, including related to addressing broadcasters concerns.
14:28:04 <tidoust> Kaz: other concerns for TV manufacturers, I suppose.
14:28:08 <tidoust> Igarashi: right.
14:28:42 <tidoust> Kaz: Section 3.1 could include links to Automotive WG, Web of Things IG.
14:29:05 <tidoust> Paul: Is the automotive group where different applications from different sources are running on the same platform?
14:29:22 <tidoust> ... There might be less and more sensitive apps.
14:29:46 <tidoust> ... I wonder if the group is working on the classification of apps. Then I could see how that could apply to us.
14:30:11 <tidoust> ... Otherwise, we need to look elsewhere, and find a way to authenticate an app.
14:30:38 <tidoust> ... so that it gets the rights to use this API.
14:31:09 <kaz> -> http://www.w3.org/2015/10/auto-f2f/DSC_0078.JPG strawman model
14:31:15 <tidoust> Kaz: The Automotive WG is working on several aspects related to this, e.g. in a Wiki page. The group has started to work on security models.
14:31:32 <tidoust> ... We need some kind of proxy that handles the connections inside and also outside of the car.
14:31:43 <tidoust> ... That could be some kind of hardware or some kind of software.
14:31:55 <tidoust> ... This is probably relevant to the TV Control API WG as well.
14:32:38 <kaz> s|Automotive WG|Automotive WG/BG|
14:32:42 <tidoust> Bin: Thanks for the great input. First, in 3.1, we need to add Automotive group to understand their security model to prevent apps to gather sensitive information from the vehicle.
14:33:19 <tidoust> ... Regarding the security model, let me read the current text to see if we need to adjust it
14:33:35 <tidoust> [[ The API layer will meet the usual requirements of the Web runtime, including privacy and security requirements. The Working Group may introduce a second level of conformance to expose features that may prove more specific to tuner-centric devices (TV and radio sets typically), such as the ability to scan channels. ]]
14:34:03 <tidoust> Bin: The second sentence indicates that we may add a second level.
14:34:44 <tidoust> ... It's really subject to interpretation. Do you think that future work may include work on defining a second level?
14:35:05 <tidoust> q+
14:35:34 <tidoust> Bin: I think that the text here is good enough.
14:35:47 <kaz> ack f
14:36:01 <tidoust> [[ The specification(s) produced by this Working Group will include security and privacy considerations. The APIs developed by this group may use a different security model than the traditional browser security model. ]]
14:36:03 <tidoust> http://www.w3.org/2014/automotive/charter.html
14:36:51 <kaz> s/Bin:/Kaz:/
14:37:26 <kaz> fd: would note the Automotive WG Charter says:The APIs developed by this group may use a different security model than the traditional browser security model.
14:37:37 <kaz> i/fd:/scribenick: kaz/
14:38:15 <kaz> ... when I heard Igarashi-san, TV-centric model would be a bit difference
14:38:40 <kaz> ... so would add similar text as the Automotive Charter to the TV Control API Charter
14:38:44 <kaz> igarashi: +
14:38:48 <kaz> s/+/+1/
14:39:00 <kaz> ... would use the similar text
14:39:21 <kaz> kaz: that's good
14:39:31 <tidoust> scribenick: tidoust
14:39:54 <tidoust> Bin: So it would be beneficial to add a similar sentence as in the Automotive WG charter.
14:40:44 <kaz> ... btw, would ACs ask what the "different security model" would be?
14:41:10 <kaz> fd: would expect push-backs from ACs
14:41:23 <kaz> q+
14:41:29 <kaz> ack t
14:41:58 <kaz> bin: maybe we should use a bit different words
14:42:31 <kaz> ... the group may enhance the security model based on the current Web security model
14:42:45 <kaz> ... for different types of TV devices
14:43:08 <kaz> s/enhance the/enhance the traditional/
14:43:47 <kaz> fd: my problem might be that "enhance" may sound more secure than the usual model
14:44:34 <cpn> q+
14:44:44 <Paul_Higgs> "augment
14:44:48 <kaz> bin: if there is no better words, maybe we can simply reuse the one from automotive
14:45:06 <Paul_Higgs> "augment" the current security protocols
14:45:46 <kaz> igarashi: channel information is not controlled by the user
14:46:10 <kaz> ... other security model may require secure origin like EME
14:46:28 <kaz> ... but it might be problematic
14:46:47 <kaz> ... because "secure origin" could control the device on their own
14:46:51 <kaz> q?
14:46:59 <tidoust> scribenick: tidoust
14:47:44 <tidoust> Chris: I just agree with the comments from Igarashi-san. I would like to get a better understanding of where we see the divide between the two types of devices. It's not entirely clear in my own mind where we might draw the line.
14:48:14 <tidoust> ... If we're on a broadcaster Web site, can the app switch to other channels of the same broadcast?
14:48:21 <tidoust> ... It's not entirely clear what the division may be.
14:48:26 <kaz> q?
14:48:30 <kaz> ack cpn
14:49:15 <Bin_Hu> Words: The group may use a different security model than the traditional browser security model for the second level of conformance.
14:49:31 <tidoust> Kaz: I just wanted to say that I have been working as staff contact and will work with Francois to handle AC review concerns, so don't think we should worry too much about wording.
14:50:20 <kaz> fd: hope it's useful to have this discussion
14:50:55 <kaz> ... my initial question was the group would work for web runtime and some specific (device) runtime?
14:51:08 <kaz> s/was/was:/
14:51:17 <kaz> ... the question related to the timeline
14:51:33 <kaz> ... the more we put into the charter, we need more time
14:51:46 <kaz> ... the goal is to generate a W3C standard within one year
14:51:53 <kaz> ... that is an aggressive target
14:52:19 <kaz> ... so I wanted to raise the question on the scope of the group
14:52:41 <kaz> ... I'm fine with keeping the two levels of security models
14:53:00 <kaz> q?
14:53:02 <kaz> ack k
14:53:09 <kaz> q+ igarashi
14:53:11 <kaz> ack i
14:53:21 <tidoust> Igarashi: I'd like to understand the case for having the Web runtime model apply to this API
14:53:32 <kaz> i/Igarashi:/scribenick: tidoust/
14:53:40 <kaz> rrsagent, draft mintues
14:53:40 <RRSAgent> I'm logging. I don't understand 'draft mintues', kaz.  Try /msg RRSAgent help
14:53:45 <kaz> rrsagent, draft minutes
14:53:45 <RRSAgent> I have made the request to generate http://www.w3.org/2015/12/08-tvapi-minutes.html kaz
14:53:46 <tidoust> ... In my mind, the channel information and program information are very specific data that require some kind of copyright.
14:53:53 <kaz> s|rrsagent, draft mintues||
14:54:04 <tidoust> ... That's very different from application-specific data.
14:54:23 <tidoust> ... How would the API address business owner concerns?
14:54:36 <tidoust> ... EME does not handle copyright issues of the owner of data.
14:55:03 <tidoust> ... In this case, the goal is to expose data to the application, which is very sensible.
14:55:08 <kaz> i/would ACs ask/scribenick: kaz/
14:55:08 <kaz> rrsagent, draft minutes
14:55:08 <RRSAgent> I have made the request to generate http://www.w3.org/2015/12/08-tvapi-minutes.html kaz
14:55:54 <kaz> i/hope it's useful/scribenick: kaz/
14:55:57 <kaz> rrsagent, draft minutes
14:55:57 <RRSAgent> I have made the request to generate http://www.w3.org/2015/12/08-tvapi-minutes.html kaz
14:56:23 <tidoust> Bin: Understood. The reason I want to keep this in the charter is that, first I want to keep things more open for future. Secondly, I'd like to be pro-active about AC review comments we may get that point out SysApps WG did not work out in the end.
14:56:27 <kaz> q+
14:56:59 <tidoust> ... I don't have a strong opinion though. This means the whole paragraph in the draft charter may need to be revisited as a result.
14:57:33 <tidoust> ... We may want to introduce some new text to replace this text.
14:58:02 <cpn> q+
14:59:26 <tidoust> Kaz: The traditional Web security model may be updated based on requirements of the Automotive world. I don't think we should worry too much.
14:59:44 <tidoust> Chris: My comment is that I would like us to keep the Web runtime in the scope of the charter.
14:59:45 <kaz> ack k
14:59:47 <kaz> ack c
15:00:09 <tidoust> ... The TV Control API gives us a very nice integration point with video sources and the <video> element.
15:00:24 <tidoust> ... It's one of the main interesting points of the specification to me.
15:01:20 <tidoust> ... I agree that there are features such as channels scan that we would not want to expose to Web apps, but I think it should be in our scope to work out which are the sensitive APIs and how do we pull in place the appropriate security controls around the access to these APIs.
15:01:41 <kaz> q+ igarashi
15:01:43 <kaz> ack i
15:01:48 <tidoust> ... There's a lot of unanswered questions but I think the group should have the opportunity to work on this.
15:02:14 <kaz> -> http://www.w3.org/2014/automotive/charter automotive charter
15:02:20 <tidoust> [[ The specification(s) produced by this Working Group will include security and privacy considerations. The APIs developed by this group may use a different security model than the traditional browser security model. ]]
15:02:28 <tidoust> http://www.w3.org/2014/automotive/charter.html
15:03:21 <tidoust> Igarashi: I think the wording of the Automotive charter are good.
15:03:40 <tidoust> ... Also, Chris, wouldn't broadcasters have issues with metadata being exposed to any Web application?
15:03:41 <kaz> s/are/is/
15:03:49 <tidoust> Chris: That's something I need to look at.
15:04:58 <tidoust> Bin: Time check! Sorry, we've reached the top of the hour and I need to hop to another call. Why don't we discuss this on the mailing-list and conclude in next call?
15:05:08 <tidoust> ... We should be able to achieve consensus through emails.
15:06:20 <tidoust> Igarashi: Right. I'd like to comment one thing about the milestone. I understand that the current milestone is very aggressive. If we're not, we will lose momentum in the industry!
15:07:02 <tidoust> Francois: Right, I said aggressive, but not impossible ;) That's also the reason why it seems important to refine the scope to avoid unexpected issues.
15:07:36 <tidoust> Bin: Francois, please update section 3.1 based on discussions and work on text for runtime.
15:07:40 <tidoust> Francois: Sure!
15:08:26 <tidoust> Kaz: By the way, the WebEx does not seem to work well, so I'll work on this.
15:08:51 <tidoust> Bin: Right, first call in 2016 should be January, 12th. I'll circulate the info.
15:09:17 <tidoust> [Call adjourned]
15:09:23 <skim13> skim13 has left #tvapi
15:09:24 <tidoust> RRSagent, draft minutes
15:09:24 <RRSAgent> I have made the request to generate http://www.w3.org/2015/12/08-tvapi-minutes.html tidoust
17:03:59 <Zakim> Zakim has left #tvapi