W3C

- DRAFT -

Device and Sensors Working Group Teleconference

20 Apr 2017

Agenda

See also: IRC log

Attendees

Present
Frederick_Hirsch, Alexander_Shalamov, Tobie_Langel, Anssi_Kostiainen, Wanming_Lin, Dominique_Hazael-Massieux
Regrets
Mikhail_Pozdnyakov
Chair
Frederick_Hirsch
Scribe
tobie

Contents

<scribe> Scribenick: tobie

Welcome, scribe selection, agenda review, announcements

<fjh> New WDs published for Accelerometer, Gyroscope, Magnetometer , https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0017.html

<fjh> TPAC F2F planning, please respond before 1 May, https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0014.html

anssik: there might be overlaps, but that's the best effort.
... if we find funding could fjh travel?

fjh: that would really help, however still need to understand if I can go

<fjh> github weekly summary 1 : https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0019.html

<fjh> github weekly summary 2: https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0020.html

<fjh> https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0021.html

<fjh> tobie: suggests F2F in Europe outside of TPAC

<fjh> ACTION: fjh discuss F2F alternatives/approach with dom [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action01]

<trackbot> Created ACTION-793 - Discuss f2f alternatives/approach with dom [on Frederick Hirsch - due 2017-04-27].

Minutes approval

<fjh> Approve minutes from 6 April 2017

<fjh> https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/att-0013/minutes-2017-04-06.html

<fjh> proposed RESOLUTION: Minutes from 6 April 2017 are approved

RESOLUTION: Minutes from 6 April 2017 are approved

FPWD of Orientation Sensor specification and FPWD of Motion Explainer Note

<fjh> CfC completed successfully https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0022.html

<fjh> ACTION: fjh to send transition request for Orientation Sensor specification and FPWD of Motion Explainer Note [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action02]

<trackbot> Created ACTION-794 - Send transition request for orientation sensor specification and fpwd of motion explainer note [on Frederick Hirsch - due 2017-04-27].

HTML Media Capture update

<fjh> CR transition request sent and approved, sent publication request.

fjh: transition request sent and approved; I also sent publication request

Screen Orientation API

shalamov: was busy with other things. Will do next week

fjh: suggests fwd the message to the group

dom: request was for GH issue

fjh: suggests responding on the list first so the group is aware, noting that issues will be entered into GH

shalamov: what mailing list?

dom: public-webapps@

Generic Sensor API

fjh: github summary is super useful. Thanks dom et al.
... permissions are hard

<fjh> tobie: great that implementers are getting involved with permissions and security work

<fjh> … have some stuff available in different places

<fjh> … new threats keep emerging

<fjh> … want to first write a paper and discuss and use as basis for moving forward

<fjh> … do not have shared understanding of goals, use cases and risks

<fjh> … material is in various issues, which is why need to pull together; lost original draft

<fjh> … discussions on new threats, issues, mechanisms, implementer notes

<fjh> … re high level versus low level and security - put tighter permissions on low level APIs

<fjh> … thus provide incentive for higher level APIs, e.g. fewer user prompts etc

<fjh> … fingerprinting , eavesdropping using sensors etc - so many threats and many unexpected. Hard to explain to non-experts

<fjh> s/permissions are hard/two questions - concern about security risks with low level APIs , though you make good argument in email; and permsissions approach/

<fjh> … some sensor use cases need low level access, others might not (e.g. ambient light).

<fjh> … different sensors have different use cases, threats and issues

<fjh> … just starting, need to create shared goals

<fjh> anssik: tobie will have F2F time with Lucaz next week

<fjh> tobie: yes, good

<fjh> s./Lucasz/Lucasz/

<dom> +1 on "permission prompt" being a bad approach

<anssik> +1

<fjh> tobie: prompting for permissions is bad

<dom> (but that's distinct from binding sensors to a permission system à la Permission API)

<fjh> right, just train users to say yes to prompts

<fjh> tobie: would like more conversations with Google implementers working on security

<fjh> … on this topic

<fjh> do we need a workshop?

<fjh> @dom does this sound like a W3C workshop?

<fjh> tobie: mistake to assume magic number for security, like sensor frequency of 60Hz, need to understand use cases

<fjh> fjh: propose workshop of security and permissions on sensors - focus might be good, ratther than generic F2F

<fjh> dom: had a F2F similar to this in Paris

<fjh> dom: in 2015?

<fjh> fjh: might be worth doing again, first look at what the result of the earlier workshop was

<anssik> https://www.w3.org/2014/07/permissions/

<fjh> dom: new workshop on new threats, new lessons, new work

<fjh> +1

<fjh> https://www.w3.org/2014/privacyws/

<dom> https://www.w3.org/2014/07/permissions/minutes.html

<fjh> tobie: lacking work now on permissions API, not a priority

<fjh> … concern

<fjh> fjh: can make permissions a priority if we get interest and agreement on goals at workshop

<fjh> tobie: issues arise, e.g. revocation of permissions, policy; there is a whole ecosystem of work to consider

<fjh> ACTION: fjh to review outcome of W3C Workshop on trust and permissions for web applications [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action03]

<trackbot> Created ACTION-795 - Review outcome of w3c workshop on trust and permissions for web applications [on Frederick Hirsch - due 2017-04-27].

<fjh> dom: rough agreement on this?

dom: I'll start conversation internally

<fjh> fjh: think useful to consider this as part of the conversation of whether to have a F2F

<fjh> dom: need to answer the question as to why another workshop and what is new

<dom> ACTION: Dom to look at potential for a permissions-oriented w3c meeting/workshop [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action04]

<trackbot> Created ACTION-796 - Look at potential for a permissions-oriented w3c meeting/workshop [on Dominique Hazaël-Massieux - due 2017-04-27].

<fjh> ACTION: tobie to provide a list of important questions and concerns that need answers - for which a workshop might help [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action05]

<trackbot> Created ACTION-797 - Provide a list of important questions and concerns that need answers - for which a workshop might help [on Tobie Langel - due 2017-04-27].

<anssik> https://w3c.github.io/permissions/

Wake Lock

<anssik> https://github.com/w3c/permissions

fjh: wakelock API had an issue with secure context

dom: spec was re-written based on TAG feedback
... TAG was happy with proposed changes
... I saw old issue with secure context which needed to be revisited

fjh: seems like an issue we could easily fix
... should we ping Andrej?
... we'll just leave it in the minutes

Ajourn

Other Business

<fjh> none

Adjourn

<fjh> Thanks everyone

<fjh> good call

<fjh> Note we discussed F2F issues with Dom on call so no need for follow up action

<fjh> ACTION-793: discussed during teleconference

<trackbot> Notes added to ACTION-793 Discuss f2f alternatives/approach with dom.

<fjh> close ACTION-793

<trackbot> Closed ACTION-793.

Summary of Action Items

[NEW] ACTION: Dom to look at potential for a permissions-oriented w3c meeting/workshop [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action04]
[NEW] ACTION: fjh discuss F2F alternatives/approach with dom [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action01]
[NEW] ACTION: fjh to review outcome of W3C Workshop on trust and permissions for web applications [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action03]
[NEW] ACTION: fjh to send transition request for Orientation Sensor specification and FPWD of Motion Explainer Note [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action02]
[NEW] ACTION: tobie to provide a list of important questions and concerns that need answers - for which a workshop might help [recorded in http://www.w3.org/2017/04/20-dap-minutes.html#action05]
 

Summary of Resolutions

  1. Minutes from 6 April 2017 are approved
[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/04/20 15:04:32 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/help./help, however still need to understand if I can go/
FAILED: s/permissions are  hard/two questions - concern about security risks with low level APIs , though you make good argument in email; and permsissions approach/
Succeeded: s/Lucaz/Lucasz/
Succeeded: s/tobie:promiting/tobie: prompting/
Succeeded: s/>/?/
Succeeded: s/>/?/
Succeeded: s/permsissions/permissions/
Succeeded: s/hi anssi :)//
Succeeded: s/github week/github weekly summary/g
Succeeded: s/ACTIONB-793: discussed during teleconference//
Succeeded: s/transition request sent and approved/transition request sent and approved; I also sent publication request/
Succeeded: s/suggests responding on the list first so the group is aware/suggests responding on the list first so the group is aware, noting that issues will be entered into GH/
Present: Frederick_Hirsch Alexander_Shalamov Tobie_Langel Anssi_Kostiainen Wanming_Lin Dominique_Hazael-Massieux
Regrets: Mikhail_Pozdnyakov
Found ScribeNick: tobie
Inferring Scribes: tobie
Agenda: https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0018.html
Found Date: 20 Apr 2017
Guessing minutes URL: http://www.w3.org/2017/04/20-dap-minutes.html
People with action items: dom fjh tobie

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.
[End of scribe.perl diagnostic output]