16:59:43 <RRSAgent> RRSAgent has joined #audio
16:59:43 <RRSAgent> logging to http://www.w3.org/2013/01/10-audio-irc
16:59:45 <trackbot> RRSAgent, make logs world
16:59:45 <Zakim> Zakim has joined #audio
16:59:47 <trackbot> Zakim, this will be 28346
16:59:47 <Zakim> ok, trackbot; I see RWC_Audio()12:00PM scheduled to start in 1 minute
16:59:48 <trackbot> Meeting: Audio Working Group Teleconference
16:59:48 <trackbot> Date: 10 January 2013
17:01:26 <ehsan> ehsan has joined #audio
17:01:47 <joe> joe has joined #audio
17:03:03 <tmichel> tmichel has joined #audio
17:04:20 <cwilso> cwilso has joined #audio
17:05:40 <Marcos> agenda: http://lists.w3.org/Archives/Public/public-audio/2013JanMar/0029.html
17:05:59 <cwilso> zakim, who is here?
17:05:59 <Zakim> RWC_Audio()12:00PM has not yet started, cwilso
17:06:00 <Zakim> On IRC I see cwilso, tmichel, joe, ehsan, Zakim, RRSAgent, chris, jussi, rtoyg, Marcos, paul___irish, chrislowis, ack, trackbot, heath, shepazu, mdjp
17:06:12 <olivier> olivier has joined #audio
17:06:12 <Marcos> TOPIC: 3) MIDI security Model
17:06:28 <olivier> Agenda?
17:06:32 <ack> i'm also on the call, muted due to cold
17:06:38 <olivier> Agenda: http://lists.w3.org/Archives/Public/public-audio/2013JanMar/0029.html
17:06:46 <olivier> zakim, code?
17:06:46 <Zakim> the conference code is 28346 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), olivier
17:06:55 <shepazu> Zakim, pick a victim
17:06:55 <Zakim> sorry, shepazu, I don't know what conference this is
17:07:09 <shepazu> Zakim, this is audio
17:07:09 <Zakim> ok, shepazu; that matches RWC_Audio()12:00PM
17:07:16 <shepazu> Zakim, pick a victim
17:07:16 <Zakim> Not knowing who is chairing or who scribed recently, I propose [Mozilla]
17:07:29 <Zakim> +[IPcaller.a]
17:07:39 <olivier> zakim, [IPcaller.a] is me
17:07:39 <Zakim> +olivier; got it
17:08:02 <olivier> Chair: olivier
17:08:08 <olivier> Scribe: olivier
17:08:55 <olivier> Agenda+ Midi Security Model
17:09:00 <olivier> zakim, take up agendum 1
17:09:00 <Zakim> agendum 1. "Midi Security Model" taken up [from olivier]
17:09:04 <olivier> zakim, who is here?
17:09:04 <Zakim> On the phone I see Doug_Schepers, +1.510.334.aaaa, ??P20, +1.617.600.aabb, [Mozilla], [IPcaller], ??P34, [GVoice], +1.206.395.aacc, olivier
17:09:06 <Zakim> On IRC I see olivier, cwilso, tmichel, joe, ehsan, Zakim, RRSAgent, chris, jussi, rtoyg, Marcos, paul___irish, chrislowis, ack, trackbot, heath, shepazu, mdjp
17:09:35 <cwilso> zakim, [GVoice] is me
17:09:35 <Zakim> +cwilso; got it
17:09:43 <shepazu> Zakim, who's noisy?
17:09:45 <olivier> https://www.w3.org/Bugs/Public/show_bug.cgi?id=17417
17:09:53 <Zakim> shepazu, listening for 10 seconds I heard sound from the following: olivier (69%), +1.206.395.aacc (30%)
17:10:19 <olivier> cwilso: long standing issue
17:10:38 <olivier> … not sure how concerning the security/privacy issue is wrt midi access
17:11:12 <olivier> … current model is asynchronous. midi system can mask but if user or user agent approves, then midi access exposes your devices
17:11:22 <olivier> … earlier spec version said you MUST prompt for access
17:11:27 <olivier> … currently says MAY
17:11:33 <olivier> … less tedious
17:11:46 <olivier> … popup asking each time would be very distracting
17:11:58 <olivier> … Marcos asked how we could tweak model to mask some
17:12:02 <olivier> … more flexible
17:12:13 <olivier> Marcos: trying to get back to fundamental assumption
17:12:27 <olivier> … of having midi access object does request, then gives you access to inputs and outputs
17:12:45 <olivier> … model kind of weird
17:13:03 <olivier> … fundamental difference with midi api is that permissioning is done on per-script basis
17:13:15 <olivier> … rather than per site basis
17:13:46 <olivier> Cwilso: you are pressuming that every script would ask for permission
17:14:28 <olivier> Cwilso: not detailed in the spec how permission works
17:14:40 <olivier> … in some cases you may not care
17:14:48 <Marcos> https://gist.github.com/4384745
17:15:06 <olivier> Marcos: example case I was considering (see link above)
17:15:12 <olivier> … was trying to access system default port
17:15:24 <olivier> … shouldn't need to request access for that, is like playing an audio file
17:15:33 <olivier> Cwilso: not necessarily true though
17:15:42 <olivier> … you could send commands that would erase settings etc
17:16:00 <olivier> … you could actually expose input access without asking
17:16:06 <olivier> … there is still the fingerprinting issue
17:16:33 <olivier> Joe: that is a valid concern
17:16:54 <olivier> Marcos: getting back to gaming use case
17:17:06 <olivier> … assuming something malicious happens
17:17:20 <olivier> … what could I send that could cause issues
17:17:28 <olivier> … just using the system port
17:17:44 <olivier> CWilso: not sure there is much you could do. Not sure they even have sysex support
17:17:50 <olivier> … would only be making noise
17:17:59 <olivier> … this is a very minor scenario though
17:18:17 <olivier> … best you can do with midi in this scenario is to play with general midi
17:18:32 <olivier> … simpler to just play audio sound from disk
17:18:49 <olivier> Joe: don't think that game devs are all likely to use MIDI at all
17:19:04 <olivier> … our use case is more people working with music production
17:19:11 <olivier> … rather than apps needing generic sound output
17:19:18 <olivier> … and wouldn't be using generic port
17:19:37 <olivier> … those would be at risk, offering sysex  support
17:19:47 <olivier> CWilso: agree with that
17:20:06 <olivier> Marcos: understand my use case is not very valid then
17:20:43 <olivier> … second case, the model is correct to give UA a way to take away access
17:21:02 <olivier> … other question is being about to hot swap / hot plug
17:21:18 <olivier> CWilso: that becomes a problem primarily if you have specific devices you give access to
17:21:29 <olivier> … we had at some point specific events for that
17:21:35 <olivier> … hard to implement on some systems
17:21:44 <olivier> … you just don't get notification for such events
17:23:42 <olivier> Olivier: asks for clarification
17:23:48 <olivier> Joe: similar as file storage
17:24:04 <olivier> CWilso: we really don't know how big of an issue this is
17:24:33 <olivier> … question is whether you need to give granularity on what you are giving access to
17:24:58 <olivier> … scenarios where you want fine granularity are few
17:25:51 <olivier> … in essence: would complexify the model
17:26:01 <olivier> … better to let them choose
17:26:33 <olivier> q+
17:26:53 <olivier> Cwilso: similarly, in iOS you can't get access to web audio without user interaction
17:27:16 <olivier> Joe: tradeoff between simplicity and granularity. In my opinion granularity should be coarse
17:27:30 <olivier> … don't think it will happen casually as you visit web pages
17:27:35 <olivier> … limited to applications
17:27:38 <cwilso> Incidentally, Marcos:  the "request an object, then act just on that" model is very similar to Web Audio.  (WA doesn't use it as a security point, though)
17:27:48 <olivier> … skew the model towards blanket conditions
17:27:53 <olivier> Doug: agree with joe
17:28:39 <olivier> Olivier: agree with fairly coarse
17:28:51 <olivier> … and see if scenarios require something finer
17:29:02 <olivier> Marcos: [missed]
17:29:13 <olivier> CWilso: yes, UA could give that option
17:29:29 <olivier> … but most users don't ever touch that level of granularity
17:29:57 <olivier> Marcos: makes sense in my experiments to have fine-grained access
17:30:20 <olivier> … but apart from that it makes sense if everything is set up to have coarse control
17:30:33 <olivier> CWilso: seem to have general agreement
17:30:50 <cwilso> s/CWilso/Marcos?
17:31:06 <olivier> Olivier: does current spec reflect current agreement
17:31:27 <olivier> Cwilso: I think so
17:31:56 <olivier> Marcos: still concerned about how the current prose is translated into API
17:32:23 <olivier> … instead of using navigator.midi.requestinput (or output) it uses requestaccess
17:32:37 <Marcos> https://gist.github.com/4384745
17:32:39 <olivier> … wondering if we could have navigator.midi object which could be used to make requests
17:32:44 <olivier> … need to prototype it
17:33:16 <olivier> … e.g. https://gist.github.com/4384745
17:34:01 <olivier> Joe: it's a case of trying to get something and if you don't get it, ask permission
17:34:34 <olivier> Cwilso: could we just expose what you have access to
17:35:09 <olivier> … this design ends up having state of whether you have access, but you don't have a way to query it
17:35:19 <olivier> [general agreement]
17:35:59 <olivier> Cwilso: goal is to have asynchronous call to check if you have access
17:36:07 <olivier> Marcos: gets us back to where we are with current API
17:36:23 <olivier> CWilso: have to think about how we can restructure to have synchronous/asynchronous report
17:36:41 <olivier> … would be better to go that route, especially if we don't care too much about granularity
17:37:01 <olivier> Marcos: agree that current model works, no big deal with it
17:37:15 <olivier> … the model is just a little bit strange, just a bit uncomfortable
17:37:17 <olivier> … but it works
17:38:12 <olivier> Cwilso: best thing may be to think about how would structure more granular system
17:38:34 <olivier> … and see what that's like before closing this issue
17:38:42 <olivier> … necessary to take a closer look at it
17:39:12 <olivier> Marcos: onmessage could be used
17:39:27 <olivier> Joe: quota request mechanism for file storage takes a callback
17:39:37 <olivier> … callback invoked immediately if you have previously requested
17:39:48 <olivier> … may be wise to assume that something like that may be necessary
17:40:17 <olivier> zakim, who is speaking?
17:40:26 <joe> https://developers.google.com/chrome/whitepapers/storage#managing_quota
17:40:28 <Zakim> olivier, listening for 10 seconds I heard sound from the following: olivier (14%), +1.510.334.aaaa (4%), +1.617.600.aabb (4%), ??P20 (9%), [IPcaller] (22%), +1.206.395.aacc (4%)
17:41:22 <olivier> Jussi: don't really see value in having asynchronous OR synchronous
17:41:34 <olivier> … better to be always asynchronous
17:41:37 <olivier> Joe: agree
17:41:42 <olivier> Marcos: agree on request part
17:41:58 <olivier> … not necessarily agree with asynchronous when you are just getting ports themselves
17:42:23 <olivier> CWilso: currently you don't have asynchronous way to get port
17:42:30 <olivier> … only asynchronous to get midi object
17:42:37 <shepazu> q+
17:42:39 <Marcos> out = midi.outputs();
17:42:47 <Marcos> midi.request("outputs", success, fail);
17:42:47 <olivier> Marcos: I was thinking you could do the check first
17:42:50 <olivier> q- olivier
17:42:55 <olivier> Joe: don't see the advantage of that
17:43:10 <olivier> ack shep
17:43:26 <olivier> Doug: some of this could be discussed on list
17:44:34 <olivier> ACTION: CWilso to document options re security model (asynchronous, synchronous, granularity) onto bugzilla
17:44:34 <trackbot> Error finding 'CWilso'. You can review and register nicknames at <http://www.w3.org/2011/audio/track/users>.
17:44:40 <olivier> ACTION: CWilson to document options re security model (asynchronous, synchronous, granularity) onto bugzilla
17:44:40 <trackbot> Error finding 'CWilson'. You can review and register nicknames at <http://www.w3.org/2011/audio/track/users>.
17:44:46 <olivier> ACTION: ChrisWilson to document options re security model (asynchronous, synchronous, granularity) onto bugzilla
17:44:47 <trackbot> Created ACTION-54 - Document options re security model (asynchronous, synchronous, granularity) onto bugzilla [on Chris Wilson - due 2013-01-17].
17:45:53 <olivier> Agenda+ github
17:45:58 <olivier> zakim, take up agendum 2
17:45:59 <Zakim> agendum 2. "github" taken up [from olivier]
17:46:23 <olivier> Marcos: at the moment we have a number of version of specs
17:46:39 <olivier> … some on w3c server, some on github (living in master branch)
17:47:07 <olivier> … Tobie from FB has document on how you can only have a gh-pages branch which is then always available as latest/greatest snapshot
17:47:14 <olivier> … could represent the latest editor's draft
17:47:32 <olivier> … gets rid of the problem of having to maintain 2 branches
17:47:42 <olivier> … dvcs.w3.org version can then be redirected
17:48:19 <olivier> … advantage is that we'd have all versioning on GH, ability to pull in issues etc
17:48:42 <olivier> … official snapshots can still be published on w3.org
17:48:53 <olivier> … nice thing is the usability that people get
17:49:00 <olivier> … more user friendly
17:50:20 <olivier> Olivier: as chair I can live with either
17:50:24 <olivier> … how about editors?
17:50:47 <olivier> Marcos: easier for me to to pull request
17:50:56 <olivier> … nice way to see changes in the request
17:51:02 <olivier> … easier code review
17:51:16 <olivier> … definitely easier for contributions
17:52:33 <olivier> CRogers: comfortable sticking with mercurial. I occasionally get a diff but don't get patches very often
17:52:56 <olivier> … mercurial not significantly inferior to git
17:53:56 <olivier> Olivier: notes we don't have to migrate both
17:54:18 <olivier> CWilso: not sure you can redirect the raw-tip from dvcs
17:54:36 <olivier> … absolutely agree with Chris that toolwise git and hg are equivalent
17:54:48 <olivier> … github has great community
17:55:05 <olivier> … would be happy to move midi space to github
17:55:10 <olivier> … would work well
17:55:16 <olivier> … leave webaudio stuff where it is
17:55:42 <olivier> Jussi: would be happy to move specs and issues
17:58:28 <olivier> ACTION: Thierry to ask systeam about dvcs -> github redirect
17:58:28 <trackbot> Created ACTION-55 - Ask systeam about dvcs -> github redirect [on Thierry Michel - due 2013-01-17].
17:59:41 <olivier> Jussi: I have tool to migrate issues to GH
18:00:12 <olivier> ACTION: Jussi to migrate issues to bugzilla
18:00:12 <trackbot> Created ACTION-56 - Migrate issues to bugzilla [on Jussi Kalliokoski - due 2013-01-17].
18:00:25 <olivier> ACTION: Jussi to update midi draft to mention issues to be sent to github
18:00:25 <trackbot> Created ACTION-57 - Update midi draft to mention issues to be sent to github [on Jussi Kalliokoski - due 2013-01-17].
18:00:56 <olivier> ACTION: Olivier to clean up midi actions on bugzilla once they have been migrated
18:00:56 <trackbot> Created ACTION-58 - Clean up midi actions on bugzilla once they have been migrated [on Olivier Thereaux - due 2013-01-17].
18:02:02 <Zakim> -cwilso
18:03:14 <Zakim> -olivier
18:03:15 <Zakim> -[IPcaller]
18:03:17 <Zakim> -[Mozilla]
18:03:18 <olivier> rrsagent, draft minutes
18:03:18 <RRSAgent> I have made the request to generate http://www.w3.org/2013/01/10-audio-minutes.html olivier
18:03:19 <Zakim> - +1.617.600.aabb
18:03:20 <Zakim> -??P20
18:03:23 <Zakim> - +1.206.395.aacc
18:03:25 <Zakim> - +1.510.334.aaaa
18:03:31 <Zakim> -Doug_Schepers
18:03:33 <olivier> rrsagent, make logs public
18:03:35 <olivier> rrsagent, draft minutes
18:03:35 <RRSAgent> I have made the request to generate http://www.w3.org/2013/01/10-audio-minutes.html olivier
18:04:28 <ehsan> ehsan has joined #audio
18:06:30 <colinbdclark> colinbdclark has joined #audio
18:21:41 <colinbdclark> colinbdclark has joined #audio
18:35:00 <Zakim> disconnecting the lone participant, ??P34, in RWC_Audio()12:00PM
18:35:02 <Zakim> RWC_Audio()12:00PM has ended
18:35:02 <Zakim> Attendees were Doug_Schepers, +1.510.334.aaaa, +1.617.600.aabb, [Mozilla], [IPcaller], +1.206.395.aacc, olivier, cwilso
19:01:38 <ehsan_> ehsan_ has joined #audio
19:12:41 <heath> heath has joined #audio
19:17:46 <colinbdclark> colinbdclark has joined #audio
19:19:53 <colinbdclark_> colinbdclark_ has joined #audio
21:04:00 <ehsan> ehsan has joined #audio
21:31:28 <colinbdclark> colinbdclark has joined #audio
22:57:58 <tmichel> tmichel has joined #audio