Re: about high-level or low-level API (ISSUE-17)

On Thu, 16 Jun 2011 00:32:45 +0200, Russell Berkoff  
<r.berkoff@sisa.samsung.com> wrote:
> 1.  How does a "generic" discovery framework address the needs of
> existing ecosystems with existing and well established discovery and
> network protocols.
>

Isn't this problem similar to video (codec) and image format support in  
different browsers?
I don't think is technically an issue. Of course there are some  
challenges, and we will have to discuss them once we move into the  
technical discussion.
More the technical challenges, I expect we will have to discuss thread-off  
between what should be exposed to the application and what should be not  
exposed.

Furthermore industry groups may define profiles where they mandate support  
for one (or more) networking protocols even though we design an agnostic  
API.

> 2.  How does a UA support one (or more) of the existing HomeNetwork
> standards? I thought (an) objective of HTML5 was to eliminate the need
> for browser-specific plug-in modules?
>
The idea is not plugins but just platform support for a specific protocol.
Once again, I think the example of codecs for <video> is similar to what  
we are discussing here.


> 3.  How does a UA (in particular one that provides Device/File services)
> connect to platform devices and files? I suspect that the demands for
> metadata storage alone would greatly exceed what is anticipated in
> WebStorage.
>
I don't think WebStorage is the way to go for this kind of scenario.
Rather you could use some File API to access the file system, something  
like this
http://dev.opera.com/articles/view/file-i-o-api-for-widgets/
http://www.w3.org/TR/FileAPI/


> 4.  How would generic UA network access services to do discovery and
> commanding be secure? In theory any webpage/plugin code could "hijack" a
> UA causing security and privacy issues.
>
To (try to) solve this we need IMO minimize the information exposed to the  
application and leave some control to the browser.
I think discovery should be completely under the UA control, and also the  
information exposed should be filtered based on some security policy with  
the possibility for the UA to implement even stricter security policies if  
needed. Pairing will be probably needed before 2 devices can communicate  
(CORS[1] could alternatively be used to introduce some "automation"). This  
is an important topic, so needs for sure more thought, but I thin'k there  
is room for something that enables the most important usecases.


[1] http://www.w3.org/TR/cors/

/g

-- 
Giuseppe Pascale
TV & Connected Devices
Opera Software - Sweden

Received on Friday, 17 June 2011 13:12:13 UTC