See also: IRC log
<christine> Hi all. We'll just wait a couple of minutes before starting.
<scribe> scribenick: npdoty
christine: small group this week, might be getting into holiday schedule
welcome!
<christine> http://www.w3.org/TR/presentation-api/
http://www.w3.org/TR/presentation-api/#security-and-privacy-considerations
christine: helpful when you joined our call last time. but it sounds like you had group conversations on privacy/security while at TPAC
mfoltzgoogle: will give estimate
of current status of several privacy issues
... how do we ensure that the context that renders the
presentation, which is rendered onto a shared device
potentially, what is the browsing context?
... don't want to leak information to other browsing contexts
or other presentations
... feedback from the TAG was that there isn't any well-defined
context for this already
... we want an empty local storage, cookie jar, permissions
set, etc. (like a private browsing mode)
... should this interact with the Permissions API?
... currently investigating the ability to see whether a
presentation screen is available already or not
... how should the spec interact with mixed content?
... how should the API interact with nested browsing contexts?
does the top-level browsing context control how iframes have
the ability to request presentations?
... okay to allow this by default, because risks are just
annoying the user
... but top-level contexts will have the ability to blacklist
or prevent its frames from using presentation
... if the controlling context is on a different device than
the presentation, how do we secure the channel for
messages?
... defining that protocol is out of scope, but a Community
Group will define a network-level protocol for presentations,
including one way to secure presentations
christine: very busy as a
group
... any questions?
npdoty: questions about the cleared local state context
mfoltzgoogle: can send
authentication tokens across messaging
... want to avoid leakage, but also want to ensure that this
will work in the cross-device situation
<mfoltzgoogle> FYI: Our pull request that defines the empty browsing context: https://github.com/w3c/presentation-api/pull/219
tidoust: not just audio/video streaming, particularly in the cross-device case
gnorcie: more concerned about the privacy risks to the user, and streaming audio/video from the user is potentially very sensitive
tidoust: use case is video rendered from the page, not the user's microphone/camera
gnorcie: but seeing what is on my screen is also very sensitive (like documents open on the screen)
tidoust: that matches how we
thought about the issue
... if there are issues we haven't addressed yet, please let us
know
... don't want to miss any strong concerns
christine: so happy that your group is taking privacy/security so seriously
wseltzer: Presentation API gives
a good use case for standardizing some private browsing mode,
what is the minimal and safe context that can be
established
... can get a standard description of that sandboxed context
that works across browsers
<tidoust> [I note that the TAG discussed Private Browsing Mode in relation with the Presentation API yesterday, see draft minutes at: https://pad.w3ctag.org/p/02-12-2015-minutes.md ]
christine: is the goal that when we have another spec with this kind of scenario, then we can suggest using this text?
wseltzer: start collecting these use cases and the approach, possibly into a Note, or could possibly charter a group if there's some more complicated set of use cases about that private mode
christine: could help coordinate discussion with webappsec as well
wseltzer: PING could be helpful, particularly in setting requirements that can be used by security engineers
<wseltzer> npdoty: a few different specs raise security considerations around fullscreen
<wseltzer> ... because user might not know origin of content
<wseltzer> ... could be spoofing risk
<wseltzer> ... does presentation API consider this?
<gnorcie> can someone put me in the queue to discuss privacy questionaire?
<gnorcie> I need to leave at 1 so i want to make sure we discuss
mfoltzgoogle: UX focused on
making the user know which origin is being displayed, and
origin being accessible after the fact
... phishing more awkward in this scenario because the user has
to grant permission for displaying on that presenter display
each time
tidoust: could open a issue for
notes to add there
... is there any screen that the second screen could be used by
another user
... could a user be tricked into thinking that they're just
doing regular browsing on the separate device
npdoty: yeah, seems like there are multiple users by definition
mfoltzgoogle: maybe have an issue about multi-user, like a second user controlling the presentation without the user's knowledge
christine: will send out email summary, to note for people who want to raise issues that now is a good time
the academic paper, http://arxiv.org/pdf/1502.07373v2.pdf
http://www.w3.org/TR/hr-time-2/
christine: request in from
phillippe, note some privacy/security concerns
... the spec recommends a minimum resolution to protect against
cache attacks which could identify the user
npdoty: would have to read the paper in more detail, not sure which attacks are protected by the 5 microsecond resolution change
christine: can ask phillippe if they want to come and talk to us, might explain how useful the mitigation is
npdoty: can also ask whether the academic community has provided specific review
yay, that Interest Group Draft Note published
<wseltzer> npdoty: now we have a reasonably stable doc we can ask people to review
<wseltzer> ... and we can invite people to add to github issues list, provide proposed resolution
<wseltzer> christine: should I solicit input from chairs?
<wseltzer> npdoty: yes
gnorcie: sent out email in things
we can send as specific pull requests to the TAG for the
security questionnaire
... privacy things would just be the very simple things (did
you think about privacy?)
... and if you want to dive deep, including edge cases that
won't be applicable for every standard
npdoty: +1, matches the TAG discussion at TPAC, where they wanted a very simple version for most, and then a drill-down
gnorcie: want to make this collaborative, rather than just my own thoughts
npdoty: I know what you mean :) yes, take that as a reminder
christine: maybe we can split up,
focus on one small question at a time, looking at different
documents
... even when we have best intentions, many collaborators are
going to be doing this in the spare time during their day
jobs
... mailing list does best with snippet discussions on
particular topic
<tara> Hullo all! Sorry to join late.
christine: will schedule a time to talk with greg
npdoty: some things will need a full document review, but when we have a specific attack or a specific news item, should have that small discussion and ask whether we have general guidance about it
January 28
[adjourned]
This is scribe.perl Revision: 1.144 of Date: 2015/11/17 08:39:34 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found ScribeNick: npdoty Inferring Scribes: npdoty Present: npdoty christine gnorcie tidoust mfoltzgoogle tara wseltzer Found Date: 03 Dec 2015 Guessing minutes URL: http://www.w3.org/2015/12/03-privacy-minutes.html People with action items:[End of scribe.perl diagnostic output]