W3C

- DRAFT -

SV_MEETING_TITLE

04 Sep 2019

Attendees

Present
patrick_h_lauke, NavidZ
Regrets
Chair
patrick_h_lauke
Scribe
patrick_h_lauke

Contents

MeetingL PEWG

<scribe> Scribe: patrick_h_lauke

Navid: had a task to define pointer capture scope

<NavidZ_> https://github.com/w3c/pointerevents/pull/300

<NavidZ_> https://github.com/w3c/pointerevents/issues/16

limits only work on a document. there was an old issue about security risk if not restricted in iframes

maybe we should always limit to sandboxed iframes

recently we decided to just live with this and see if use cases come up, and that's what latest PR does

matches chrome behavior, and olli was ok with it as well

if inner iframe sends pointerID, can outer frame/parent capture it

<NavidZ_> https://github.com/w3c/pointerevents/issues/291

will send request on mailing list to see if we agree on resolution of latest pull request

<NavidZ_> Next topic:

<NavidZ_> https://github.com/w3c/pointerevents/issues/204

Daniel: this came out of research in platform stuff on windows. OS actually can do better job of rendering pointer trail etc, so provide metadata on what app has drawn and leave it up to OS to do rest

no concrete proposal, but wanted to get sense from cross-platform perspective

Navid: question also how much we can support this feature across platforms

also comes down to amount of metadata - e.g. do we pass on what pressure is, or what the line thickness/radius should be

Daniel: should be some kind of transform/radius of the size of the tip. OS can also match end of trail to more seamless ink stroke...

Navid: wonder if we can enough exposure so last piece of trail is not so far away from the coords that were globbed by the app itself (?)

Daniel: being able to determine support, apps can opt in/out

more like a graceful degradation approach. what would support look like on other platforms? does it match how other platforms support inking at OS level? early stages/ideas

you can see this with Windows native OneNote app, depending on which brushes are used

Navid: looking forward to something more concrete, but if you see reduced latency we may have interest

Daniel: will do more prototyping, hopefully something to share at TPAC

Navid: one update regarding an issue...

<NavidZ_> Next topic:

<NavidZ_> https://github.com/w3c/pointerevents/issues/100

prototyped something that can be tested behind flag

not fully compatible because coords are promoted from integer to float

landed a change behind a flag, going to discuss this with UIEvents/web apps WG at TPAC

Navid: regarding merging extension document merging: touch-action move done, still work to be done to more the coalesced/raw stuff

will work on those and send PR addressing most of those

one aspect to consider is privacy. raw/coalesced only to secure origins

security person in Google pointed out this exposes specific device capabilities/properties

can fingerprint device of the user (e.g. 1000 Hz mouse)

maybe not quite a permission model, but only to secure origin

are there any other APIs that follow this?

Daniel: think it makes sense

not sure if i've seen secure origin for privacy reasons

Navid: permission model may be too hard to specify, but at least secure origin mitigates man in the middle attacks etc

Daniel: i have seen it with paint worklet and animation worklet

Navid: will check if there's some wording or similar that we can use

Patrick: we already have some language in spec about user agents also allowing user to stop certain info from being exposed at the user's request. worth using same for this here too

I will check on our side what we have, and it's worth expanding to cover coalesced/raw even more strongly. And secure origin only is a mitigation, but won't help if you as user don't actually want a site to track you (secure origin or not)

[mention of calls, AOB, TPAC]

Patrick: we don't have an actual meeting planned for TPAC (as I also won't be able to make it this time), but if people who are already there and want to have a semi-formal skype call or something, let me/the list know

(as an aside, just checked PE spec, and we have wording around user agents MAY consider allowing users to turn things off in https://w3c.github.io/pointerevents/#security-and-privacy-considerations)

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/09/04 15:29:42 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: patrick_h_lauke NavidZ

WARNING: Fewer than 3 people found for Present list!

Found Scribe: patrick_h_lauke
Inferring ScribeNick: patrick_h_lauke

WARNING: No "Topic:" lines found.


WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]