IRC log of dap on 2017-05-04

Timestamps are in UTC.

13:58:02 [RRSAgent]
RRSAgent has joined #dap
13:58:02 [RRSAgent]
logging to http://www.w3.org/2017/05/04-dap-irc
13:58:04 [trackbot]
RRSAgent, make logs world
13:58:04 [Zakim]
Zakim has joined #dap
13:58:06 [trackbot]
Zakim, this will be DAP
13:58:06 [Zakim]
ok, trackbot
13:58:07 [trackbot]
Meeting: Device and Sensors Working Group Teleconference
13:58:07 [trackbot]
Date: 04 May 2017
13:58:50 [dom]
Present+ Dominique_Hazael-Massieux
13:59:28 [kenneth_]
Present+ Kenneth_Christiansen
14:00:09 [fjh]
Agenda: https://lists.w3.org/Archives/Public/public-device-apis/2017May/0001.html
14:00:14 [shalamov]
Present+ Alexander_Shalamov
14:00:18 [fjh]
fjh has changed the topic to: agenda https://lists.w3.org/Archives/Public/public-device-apis/2017May/0001.html
14:00:53 [fjh]
Topic: Welcome, scribe selection, agenda review, announcements
14:01:04 [fjh]
GitHub digest (25 April): https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/0029.html
14:01:04 [fjh]
GitHub digest (2 May): https://lists.w3.org/Archives/Public/public-device-apis/2017May/0000.html
14:01:26 [tobie]
Present+ Tobie_Langel
14:02:09 [anssik]
anssik has joined #dap
14:02:25 [wanming]
Present+ Wanming_Lin
14:02:39 [anssik]
Present+ Anssi_Kostiainen
14:02:43 [fjh]
Chair: Frederick_Hirsch
14:02:53 [fjh]
Present+ Frederick_Hirsch
14:03:03 [anssik]
ScribeNick: anssik
14:03:04 [fjh]
rrsagent, generate minutes
14:03:04 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/05/04-dap-minutes.html fjh
14:03:43 [anssik]
TOPIC: Minutes approval
14:03:46 [fjh]
Approve minutes from 20 April 2017
14:03:46 [fjh]
https://lists.w3.org/Archives/Public/public-device-apis/2017Apr/att-0028/minutes-2017-04-20.html
14:03:47 [fjh]
proposed RESOLUTION: Minutes from 20 April 2017 are approved
14:03:55 [anssik]
RESOLUTION: Minutes from 20 April 2017 are approved
14:04:06 [anssik]
TOPIC: FPWD of Orientation Sensor specification and FPWD of Motion Explainer Note
14:04:07 [fjh]
FPWD of Orientation Sensor specification and FPWD of Motion Explainer Note
14:04:18 [fjh]
Approved for publication, https://lists.w3.org/Archives/Member/chairs/2017AprJun/0028.html
14:04:26 [anssik]
snapshots prepared: https://lists.w3.org/Archives/Public/public-device-apis/2017May/0002.html
14:04:51 [fjh]
action: fjh to submit publication request for Orientation sensor and motion explainer
14:04:53 [trackbot]
Created ACTION-798 - Submit publication request for orientation sensor and motion explainer [on Frederick Hirsch - due 2017-05-11].
14:04:54 [mikhail]
mikhail has joined #dap
14:04:57 [fjh]
thanks anssi
14:04:58 [anssik]
fjh: I'll proceed with the request
14:05:10 [anssik]
TOPIC: HTML Media Capture
14:05:14 [fjh]
Publication request processed; publication in progress for 4 May 2017.
14:05:14 [fjh]
CR publication draft fixes to fragments, https://github.com/w3c/html-media-capture/commit/e2424bb8dcbce7c479651ccc02a271c043e2a2ee
14:05:24 [fjh]
close ACTION-788
14:05:24 [trackbot]
Closed ACTION-788.
14:05:29 [anssik]
published https://www.w3.org/TR/2017/CR-html-media-capture-20170504/
14:05:52 [anssik]
TOPIC: Screen Orientation API
14:05:57 [fjh]
ACTION-787?
14:05:57 [trackbot]
ACTION-787 -- Kenneth Christiansen to Review screen orientation api with alexander -- due 2017-04-15 -- OPEN
14:05:57 [trackbot]
http://www.w3.org/2009/dap/track/actions/787
14:06:10 [mikhail]
present+ mikhail_pozdnyakov
14:06:19 [fjh]
close ACTION-787
14:06:19 [trackbot]
Closed ACTION-787.
14:07:06 [anssik]
shalamov: have submitted feedback via GH
14:07:16 [fjh]
shalamov: have a few more minor ones. Have heard nothing back from editors.
14:07:36 [fjh]
close ACTION-792
14:07:36 [trackbot]
Closed ACTION-792.
14:07:42 [anssik]
TOPIC: Generic Sensor API
14:08:04 [anssik]
fjh: easy things first, we should publish a new WD
14:08:22 [anssik]
tobie: I wanted to do it yesterday, will do it today
14:08:27 [anssik]
+1 to publish
14:08:38 [fjh]
already agreed to do this
14:08:49 [fjh]
ACTION-779?
14:08:49 [trackbot]
ACTION-779 -- Tobie Langel to Propose changes to address garbage collection issues -- due 2016-12-08 -- OPEN
14:08:49 [trackbot]
http://www.w3.org/2009/dap/track/actions/779
14:09:01 [anssik]
fjh: looking through actions, did you handle the GC issue tobie
14:09:16 [anssik]
tobie: there's a bunch of GH issues on this topic
14:09:22 [fjh]
ACTION-799: issues recorded in github
14:09:22 [trackbot]
Notes added to ACTION-799 .
14:09:28 [fjh]
close ACTION-799
14:09:28 [trackbot]
Closed ACTION-799.
14:09:37 [fjh]
ACTION-781?
14:09:37 [trackbot]
ACTION-781 -- Wanming Lin to Track changes in generic sensor api and update ambient light tests accordingly -- due 2016-12-08 -- OPEN
14:09:37 [trackbot]
http://www.w3.org/2009/dap/track/actions/781
14:09:56 [fjh]
close ACTION-781
14:09:56 [trackbot]
Closed ACTION-781.
14:10:20 [anssik]
https://github.com/w3c/web-platform-tests/tree/master/ambient-light
14:10:20 [fjh]
tobie: reviewed tests including ambient light
14:11:33 [anssik]
shalamov: I'll check if we pull in the latest wpt tests to Chromium
14:12:06 [fjh]
ACTION-785?
14:12:06 [trackbot]
ACTION-785 -- Tobie Langel to Update milestones on generic sensor issues -- due 2017-03-16 -- OPEN
14:12:06 [trackbot]
http://www.w3.org/2009/dap/track/actions/785
14:12:42 [fjh]
tobie to work on cleaning up issue tracker
14:13:25 [anssik]
tobie: triaging GH issues in progress
14:16:29 [fjh]
tobie: first thinking biggest issue is motion, fix permissions / privacy, then look at ALS; but since orientation sensors exist, but implementers not concerned about theoretical attacks, have use cases for ALS so no thinking deal with that first
14:16:48 [fjh]
s/so no/so now/
14:18:24 [fjh]
alex: considering security privacy in parallel
14:18:30 [fjh]
ScrtibeNick: fjh
14:18:47 [anssik]
tobie: adding generic mitigation strategies to the spec
14:19:03 [anssik]
... expanding on https://w3c.github.io/sensors/#mitigation-strategies
14:20:41 [anssik]
... explaining what is in PR https://github.com/w3c/sensors/pull/191
14:21:01 [tobie]
https://docs.google.com/document/d/1MxrVtXkSwrduY3FlYbJe_NYwChdtEWhpFIBgoRARIn0/edit#heading=h.jgeutylz2fcp
14:21:26 [tobie]
https://w3c.github.io/sensors/#mitigation-strategies
14:21:50 [tobie]
https://github.com/w3c/sensors/pull/191
14:22:14 [wanming]
wanming has joined #dap
14:23:48 [fjh]
tobie: listing mitigation strategies is valuable since can now enable variety of use cases
14:24:39 [shalamov]
q+
14:25:22 [fjh]
tobie: working on fixes. also how to fit into HTML event loop - tests lacking on HTML side
14:25:23 [anssik]
tobie: in addition, I'm looking at how to integrate this with the event loop in the HTML
14:25:54 [fjh]
ack shalamov
14:26:57 [shalamov]
https://docs.google.com/document/d/1Ml65ZdW5AgIsZTszk4mD_ohr40pcrdVFOIf0ZtWxDv0/edit?ts=58e6579f&pli=1#heading=h.lmg4m6asf9b4
14:27:17 [fjh]
“Sensor APIs implementation in Chromium: Generic Sensor Framework"
14:27:28 [anssik]
shalamov: few month ago, me and mikhail started to work on a design doc that try to address the permission, security and privacy issues
14:28:35 [anssik]
tobie: initial though this would be a quality of implementation issue turned out to be false assumption, implementers need more concrete guidance
14:28:35 [anssik]
s/initial/initially/
14:29:38 [fjh]
threat levels, security policies, permissions etc should be in w3c spec that spans groups
14:30:00 [dom]
q+ to mention interest on the previously discussed permission++ workshop
14:30:09 [fjh]
ack dom
14:30:09 [Zakim]
dom, you wanted to mention interest on the previously discussed permission++ workshop
14:30:28 [anssik]
tobie: Generic Sensor API to define shared S&P terminology for other specs to use
14:30:45 [anssik]
dom: gauging interest to have a workshop around the topic
14:31:05 [anssik]
... nothing to announce yet, but people at the AC meeting were supportive
14:31:26 [anssik]
... ws needs to organized by Wendy and Dom, but lack of cycles currently
14:33:03 [anssik]
s/to/to be/
14:33:04 [fjh]
q?
14:34:59 [tobie]
https://github.com/w3c/sensors/issues/171
14:35:09 [anssik]
tobie: need input from kenneth_ on an issue 171
14:35:43 [anssik]
kenneth_: I'll look at the issue tomorrow
14:36:02 [anssik]
fjh: question on threats, seems we're going back and forth
14:36:36 [anssik]
tobie: applicable mitigation strategies depend on the use cases and sensor types
14:37:08 [fjh]
s/forth/forth on whether frequency can address security-privacy threats/
14:37:15 [fjh]
makes sense
14:37:47 [fjh]
another example of why listing threats and mitigation strategies is a good approach
14:38:04 [anssik]
... it's a tradeoff, for example frequency, find a good enough frequency that allows the implementation of the use cases while still be security and privacy preserving
14:38:06 [shalamov]
q+
14:38:13 [fjh]
ack shalamov
14:38:58 [anssik]
shalamov: for ALS we try to mitigate risks by rounding, provide data in steps
14:39:10 [anssik]
... for motion sensors, we are thinking of tackling the treats using focus state
14:39:34 [fjh]
s/treats/threats/
14:39:42 [anssik]
... if an input element that can be focused is focused waiting for user input, we can stop or slow the sensors down to the point they cannot be used for attacks
14:40:00 [anssik]
tobie: having list of risks and mitigation strategies helps us find the solutions for each of these sensors
14:40:45 [anssik]
anssik: is this new information, no existing knowledge on mitigations that work for the Web?
14:42:01 [fjh]
tobie: listing problems without offering mitigations is not enough, since security limitations on APIs may not solve right security issues and may prevent use cases
14:42:14 [fjh]
this is new for W3C, elsewhere listing threats along with mitigations is done
14:43:29 [anssik]
https://w3c.github.io/battery/#security-and-privacy-considerations
14:43:38 [anssik]
The user agent should not expose high precision readouts of battery status information as that can introduce a new fingerprinting vector.
14:43:59 [fjh]
anssik: implementers seem to ignore security and privacy considerations
14:44:08 [fjh]
might not if mitigations are mentioned
14:44:37 [fjh]
anssik: also they ignore things that are not testable
14:45:04 [fjh]
can make testable mitigation strategies
14:45:31 [fjh]
anssik: need mitigations to be interoperable
14:46:40 [fjh]
anssik: when are we publishing CR for generic sensor API
14:46:48 [fjh]
tobie: let me think about it, need to clean up document
14:46:57 [anssik]
tobie: will need to cleanup issues first to be able to say where we stand in terms of CR
14:47:09 [fjh]
tobie: 15 open issues, can get it down to 3
14:48:09 [anssik]
TOPIC: Ambient Light
14:48:12 [fjh]
ACTION-778?
14:48:12 [trackbot]
ACTION-778 -- Dominique Hazaël-Massieux to Review tets results pull request for ambient light https://github.com/w3c/test-results/pull/72 -- due 2016-12-08 -- OPEN
14:48:12 [trackbot]
http://www.w3.org/2009/dap/track/actions/778
14:48:31 [fjh]
close ACTION-778
14:48:31 [trackbot]
Closed ACTION-778.
14:48:55 [anssik]
TOPIC: Wake lock
14:49:03 [fjh]
ACTION-774?
14:49:03 [trackbot]
ACTION-774 -- Andrey Logvinov to Transfer https://github.com/w3c/ping/blob/master/wake-lock-privacy.md as github issues -- due 2016-09-15 -- OPEN
14:49:03 [trackbot]
http://www.w3.org/2009/dap/track/actions/774
14:50:01 [fjh]
anssik: related to Ambient Light - attack Lucasz noted - interactions among sensors, possibly related to generic sensor API
14:50:32 [anssik]
anssik: ALS attack uses Wake Lock API to keep the screen awake
14:51:06 [fjh]
anssik: wake lock not shipping yet, but should take this potential attack into account
14:51:30 [fjh]
anssik: possible topic for workshop
14:51:54 [fjh]
@tobie a github issue for this on ALS
14:52:51 [anssik]
TOPIC: Brussels workshop
14:53:21 [anssik]
tobie: attended a workshop organized by UK university
14:54:00 [anssik]
... workshop scope: how standards make privacy impact on users, standards process, IP, open source
14:54:24 [anssik]
... I gave perspective on the W3C aspects, Lukasz shared battery paper findings
14:54:51 [anssik]
... talks around fingerprinting etc.
14:56:53 [fjh]
tobie: Lucasz noted that often API is used for unintended use case
14:57:08 [fjh]
s/unintended use case/unintended use/
14:58:46 [anssik]
battery status mitigations against the tracking scripts: https://github.com/w3c/battery/issues/10
14:58:55 [fjh]
Topic: Battery
14:59:09 [fjh]
ACTION-777?
14:59:09 [trackbot]
ACTION-777 -- Anssi Kostiainen to Edit battery to document privacy concerns related to issue 5 -- due 2016-10-13 -- OPEN
14:59:09 [trackbot]
http://www.w3.org/2009/dap/track/actions/777
14:59:17 [fjh]
in progress
14:59:47 [fjh]
Topic: Workshop
15:00:43 [fjh]
should we complete questionnaire given likely to have workshop instead
15:01:18 [fjh]
dom: sounds like workshop and issues with travel suggests not planning on TPAC
15:01:20 [fjh]
+1
15:02:23 [fjh]
anssik: can we have WG meeting in conjunction with workshop
15:02:34 [fjh]
dom: yes
15:03:50 [fjh]
anssik: would prefer not to have DAS at TPAC
15:04:05 [fjh]
proposed RESOLUTION: DAS will not meet at TPAC
15:04:26 [fjh]
dom: can scale down to simply WG meeting if workshop not possible, but expect workshop should be possible
15:04:32 [fjh]
dom: have smaller scale workshop
15:06:22 [fjh]
anssik: can you please check into possible Intel hosting
15:10:15 [fjh]
tobie: we need to get Google and Mozilla participation if we want permissions work to progress
15:10:56 [fjh]
fjh: we need to frame this workshop appropriately, so it is worthwhile and gets participation; plan for Europe, need early idea on venue to avoid later problems
15:11:07 [fjh]
Topic: Other Business
15:11:10 [fjh]
none
15:11:15 [fjh]
Topic: Adjourn
15:11:19 [fjh]
Thanks everyone
15:11:26 [fjh]
rrsagent, generate minutes
15:11:26 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/05/04-dap-minutes.html fjh
15:33:31 [fjh]
s/Topic: Workshop/Topic: DAS Workshop/
15:33:35 [fjh]
rrsagent, generate minutes
15:33:35 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/05/04-dap-minutes.html fjh
15:33:58 [fjh]
s/ScribeNick: fjh//
15:34:05 [fjh]
rrsagent, generate minutes
15:34:05 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/05/04-dap-minutes.html fjh
15:38:12 [fjh]
s/minor ones/minor issues/
15:39:29 [fjh]
s/+1 to publish/anssik: +1 to publish/
15:40:39 [fjh]
s/ conjunction with workshop/ conjunction with workshop?/
15:41:08 [fjh]
s/suggests not planning on TPAC/suggests not planning on TPAC, also Tobie noted he cannot attend TPAC/
15:41:26 [fjh]
rrsagent, generate minutes
15:41:26 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/05/04-dap-minutes.html fjh
16:11:56 [zkis]
zkis has joined #dap
17:00:59 [Zakim]
Zakim has left #dap
17:18:49 [zkis]
zkis has joined #dap
17:32:27 [zkis]
zkis has joined #dap