W3C

- DRAFT -

HTML Media Task Force Teleconference

02 Dec 2014

See also: IRC log

Attendees

Present
BobLund, ddorwin, jdsmith, joesteele, markw, pal, twirl
Regrets
paulc
Chair
joesteele
Scribe
joesteele

Contents


<trackbot> Date: 02 December 2014

<scribe> scribe: joesteele

<scribe> agenda: discussion with Sergei re: 27055

Bug 27055: Surfacing License to the User

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27055

Surfacing License to the User

twirl: someone times the license is not exposed to the end user
... many times this is about caching
... many possible states of the cache
... other topics like that --
... changing aspect ratio of screen might cause a problem -- CDM might prohibit
... There is a Kinect patent: count a number of people in a room and could prohibit based on that
... an ability to read and verify the license would be useful to let the user know what restrictions there are
... and what they can do with this content
... e.g. caching is prohibited, can't store encrypted frames
... can imagine an attack against the user because they can't play this content
... in our opinion -- profitable for all terms to somehow be standardized and presented to the user and UA
... we don't want to provide the solution, see our role as asking questions

markw: ... reiterate the points I made in the thread
... there are technical restrictions in the license that are not the same as what the user expects
... may be more restrictive than what the product does overall
... for example to allow you to have preview licenses
... example to allow short amounts of content to be viewed before license is acquired
... not sure how this could be displayed usefully

twirl: yes we discussed that in the bug
... there are product and technical restrictions
... they could be different
... but things that annoy the user the most are things hardware could do but are prohibited from doing so
... this needs some solution
... e.g. you have one hour life
... for example what the user can do to extend the content
... as a consumer it is worst thing to be done
... e.g. when terms changed and leds to misunderstatdning
... those restrictions must be presented to user

markw: as an example if the page provided 100 preview license, what would be the behavior?

twirl: we could present that to the user

markw: what about 100?

twirl: that seems like a weird example
... could be solved by correct UI

markw: that is an actual example
... I think the problem of the services telling the users what restrictions are applied is a real problem, but not sure how it could be technically enforced
... don't think that would fly as a technical solution

twirl: I think would be up to the user agent how deal with that
... the history of DRM is very concrete here

joesteele: I think one issue being raised is that for this to be enforced it would require the UA to understand all the same restrictions as the CDM
... essentially working in parallel

pal: today there is a lot of commercially protected content for which vendors provide information about the restrictions on the content
... no merchant wants the user to be disappointed e.g. by not being able to watch content on a plane
... merchant is driven commercially to want to display the right information to the user
... not sure why the standard should include this mechanism

twirl: we are bringing DRM into the web where everyone can use it. we will have many more implementations, many of which will not follow the regular commercial pattern
... don't think the example of the existing large providers works for this

pal: a system that does display that information to the user would not be successful so why would they do it

twirl: I don't agree with that

pal: HTML std does not prevent folks from putting all page content in the H1 header, but folks don't do it becuase it is a bad experience
... strong incentive to commuicate to the user

twirl: fraud is a possible use case and concern

pal: I don't see a big change from what is possible today

twirl: that is partly true, there is no means to control content other than plugins
... this would be a big change
... the history of DRM has many examples of where customers are deceived by companies
... trying to find a way to solve that problem
... users devices being controlled, users licenses being removed

<markw> s/perceicved/deceived/

joesteele: is your concern mainly about fraud? or the possibility of a company making a choice which is not apparent to the user?

twirl: both actually -- this is being opened dramatically so that everyone can protect content, this will mean this will happen a lot more
... might just be a misunderstanding, but the result is still that a large number of people being disappointed
... the problem is generally that the content provider has a very large scope of rights, but people never thought that content providers has these rights -- e.g. purge content from cache
... if they had realized, this would have caused an issue

markw: I just wanted to refute the idea that this is new functionality, this is just a new way of exposing this functionality just making it more standarized via the video tag

twirl: that is our greatest concern, we don't want another <object> tag
... we don't like DRM but we want it to be "webby"

markw: I think what a number of the browsers are doing makes this more clear and the object tag is less related to this bug

twirl: any step forward is good but could step farther ...

joesteele: I don't think that this will get worse because folks will still need to have business relationships with companies providing the DRM engines

twirl: you said in the bug that anyone could make their own MediaKeys -- so we will have this.
... that is one of our greatest concerns that there will be a closed market

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27166

joesteele: this is an example of what I am talking about
... would text like this be useful?

markw: wanted to correct the point about anyone creating their own CDM, it is the intention that each browser integrates with its own CDM. None of the browsers are designing a system where the site can provide its own CDM.
... don't think that a site-downloadable CDM could be in compliance
... so it is not the case that there will be arbitrary CDMs

twirl: in that bug everyone is saying that nothing in the spec prevents that
... if nothing prevents creating new MediaKeys systems I am expecting that there will be

joesteele: any opinions on how we should proceed?

twirl: I can provide a list of use cases that are problematic in the bug -- most have been discussed already

joesteele: two options for moving forward I see:
... 1) text restricting how the CDM can behave
... 2) A standard set of restrictions on the license and a way to provide those to the UA
... twirl will provide the list of use cases he is concerned about to address #2

jdsmith: if I understandand the conversation correctly this is about the transparency of the transaction
... the license is opaque and the user does not know what they are getting
... much like many transactions on the web
... I am a little concerned that the license would be very complex and difficult
... example of privacy standards P3P being something not useful in the end
... there will be a collection of licenses, maybe many, and some browser UI to present them
... this feels like a very difficult solution to this problem
... think I understand the transparency concern. think I agree with Mark that this is on the site to provide before the purchase
... but where you really want to solve this is on the site itself
... before the purchase, not after

twirl: this is true, but there is a difference between DRM content and others, the blackbox on the users device prevents them from seeing this
... 1?? don't think this could be fair if you present it that way
... this is already done by every CDM

<markw> +1 to Jerry's comments

twirl: task is just to make it open nothing more

pal: just trying to level expectations here, don't think there is a problem to solve here
... the task of providing the range of possible rights is an enormous problem
... don't think the next step should be just document one or two cases
... if the next step is to document all the possible rights this is a problem

twirl: this is not all, just the existing CDMs

pal: that can't just be summarized by two parameters

twirl: don't feel that it is infinite
... expect it is really just a few

pal: there does not seem to be any action this group can take till this is in wide use
... don't want to prevetn people from doing business

<ddorwin> EME and DRM add another way to restrict access, but websites also have many other ways, including just no longer providing the content. Codifying the policies of the license can’t explain all that the user can do.

<ddorwin> In contrast, DRM may be entirely responsible for enforcing user capabilities when, for example, the user has a physical disc.

ddorwin: wanted to make the point that EME is only part of the restrictions that the website can place, such as restricting the set of titles you can see
... even without DRM
... in the past with offline content, the disk was preventing you from doing things, now we are moving to the server model where the server can prevent you from doing things

twirl: we have a new model, not entirely clear but the CDM is on the device and needs standardization
... if we have a just client and server, then why have a CDM at all? but it is for something, so lets say for what

joesteele: any other points to raise? any actions we can take?

twirl: putting text in the spec would be better than nothing

jdsmith: do you think language in the spec that constrained the CDM to practices that are ethical and do not deceive the end user would be a possible resolution?

twirl: would prefer a guarantee, but is up to the HTML WG to decide whether it can be resolved
... I am not trying to do your job, just raising concerns

joesteele: when is next scheudled meeting?

jdsmith: meetings scheduled for the 9th and 16th, but Paul is out

joesteele: I will be available for the 9th but not after

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2014/12/02 17:08:52 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/Surfacinb/Surfacing/
Succeeded: s/Beta from Microsoft counts folks in room/There is a Kinect patent: count a number of people in a room/
FAILED: s/perceicved/deceived/
Succeeded: s/perceived/deceived/
Succeeded: s/their will/there will/
Succeeded: s/their will/there will/
Succeeded: s/prevents/prevents creating new MediaKeys systems/
Succeeded: s/concered/concerned/
Succeeded: s/clean server/just client and server/
Succeeded: s/you job/your job/
Succeeded: s/other topics like that --/twirl: other topics like that --/
Succeeded: s/here here/here/
Succeeded: s/enforce all/understand all/
Succeeded: s/essentially in parallel/essentially working in parallel/
Succeeded: s/content which/content for which/
Succeeded: s/succefully/successful/
Succeeded: s/becuase/because/
Succeeded: s/concervation/conversation/
Succeeded: s/is in use/is in wide use/
Succeeded: s/Bug 27055/Bug 27055: Surfacing License to the User/
Found Scribe: joesteele
Inferring ScribeNick: joesteele
Present: BobLund ddorwin jdsmith joesteele markw pal twirl
Regrets: paulc
Found Date: 02 Dec 2014
Guessing minutes URL: http://www.w3.org/2014/12/02-html-media-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]