Immersive Web Working Group TPAC2022 Friday

16 September 2022


ada, bajones, bialpio, bkardell_, cabanier, igarashi, Klaus_Weidner, klausw, Laszlo_Gombos, Leonard, polx, Will_C, yonet
bkardell_, cabanier, Will_C

Meeting minutes

<atsushi> zaim, clear agenda

<polx> Does anyone have the passcode for the zoom call?

<atsushi> polx, see calendar at https://www.w3.org/events/meetings/8c799fc5-0c2c-4797-997d-7e0540fa20be

<polx> (right, it was no preconfigured on the box, so it was long)

<alcooper_> Day 2 zoom: https://www.google.com/url?q=https://us02web.zoom.us/j/9051227671?pwd%3DdG8zZ0dzYVdDZHQ2QXVQaFhqSWw4UT09&sa=D&source=calendar&ust=1663721004441789&usg=AOvVaw3eFU7MQf0H8KoHX6KZ0BJi

<ada> https://docs.google.com/presentation/d/1typ1VnQ9uzjKK0S_-lM430i6w99e1DfQCD-NPOY5OLg/edit?usp=sharing

<ada> This is the link to the unconference slides feel free to add items to it

Open github issues

Display and manipulate third party content while blocking third party scripting #16

<dom> Brady: epub is essentially a Web site in a zip file

Will: Scribing

Ada: The topic is DOM layers from unconf
… Initially just going to be me asking Rick if we could talk about it would be pretty neat if you could display the browser window into the immersive environment
… You could do interesting things with that

bkardell_: I just had a simple clarifying question
… Is the idea to project the page content somehow or to have the ability to bind dom elements into the scene

Ada: There is another API that's extremely early called "Attached elements"
… The idea is that you can break an element out of the page
… You could pop an item out of the page into a 2D rectangle

bajones: This would be a CSS property

Ada: If you had this and an XR session going, you could do interesting things by knowing where they are, and place them in your 3D scene with CSS

Ada: It would always be on top, so no occlusion, but it could be an interesting way to improve our track record with accessibility

bajones: I have thoughts. Having an API that would allow elements to be given a depth
… I'm a little hesitant to extend that idea out to allowing them to be placed anywhere in space
… You have to make individiual meshes for everything that might be on the page, which doesn't mesh with how browser do things right now
… This is based on what I know of how a web browser works, and how the firefox reality system works
… To avoid a state where you have to reimplement a huge chunk of the browser CSS rendering system you would do something where you might be able to push things in an out
… But they have to stay within the bounds of a rectangle
… Its' a technical issue and I don't know if we really have an answer to that but I know the rendering systems of browsers are complex enough that we don't want browser vendors to reimplement a huge chunk of that
… I don't know if that's a realistic path forward
… The other thing was going back to the conversation we had before we started minuting
… We talked about for a long time the ability to have a page that says "this header points to a cubemap"
… Cubemaps probably don't work very well in the modern era of hardware with 6dof but the ability to say "hey I want to give my page a custom environment"
… and having an XR session worklet that lets you do some rendering that surrounds the page
… It would be stereo, not occlude the page, and be similar to an XR session
… You would have a slightly different set of restrictions on it. It would be nice to have interactivity
… I think that you would want to have some basic restrictions, maybe the controllers remain rendered by the OS
… Just the idea that it would be cool to allow the page to say "I have a custom environment"
… The main content can still be what's on the webpage, they've just added a magical extension to it
… This would be a better approach than browser window in custom scene

cabanier: As brandon was talking about where the detached elements go, I agree, and the model elment will have the same issue
… As for the browser window, there should be an API to bring the whole window into your immsersive scene
… And an API to hide the browser window
… Maybe without a URL bar

<cabanier> dom layers proposal: https://github.com/cabanier/layers/commit/c5e5bcb4bb77bc93d182b3c9404e5a5e9723118f

cabanier: There's also the DOM proposal I made two years ago, I'll post a link
… Which basically lets you create new layers which point to a same-origin URL
… Those layers return a window object and you can manipulate that object as you please
… Probably needs to be an API, brandon has a proposal to potentially make it automatic
… I think for us just showing the browser window would be fairly easy

Ada: I kind of like both of those ideas
… Especially if you're rendering content with the user's creating in the 2D space
… They could both work quite nicely

cabaneir: Maybe that solves some of the permissions issues as well
… Experiences have to ask for permission first, which is clunky

Ada: One thing I've been thinking about is that how you would use this to steal someone's bank account
… I keep thinking that in order to bring your DOM window back you rpbobably don't want it to be a virtual button
… otherwise you could use the same method to choose instead to show a fake browser window that has the same URL you're expecting
… If you navigate you'll lose everything anyway, we could always do something like load up your bank in an iframe
… Even some other sensitive things, maybe not a bank

bajones: It depends on the approach you go with. If you go with "oh I'm just rendering an environment around the webpage" then you'd expect a certain continuity but the page isn't going away
… in that scenario you' dwant the guarantee that the page is never going away
… I worry that we're going to overload on special gestures. Most of the controllers do have a large number of buttons but also we need to expect that hands are going to be a thing and we don't want to users to think too hard about moving their hands
… If the page is more in control of when the page shows up and disappears I would hope that the browser themselves can show enough clues that its legit
… You're probably going to be in a scenario where some dominant browsers can be mocked
… You're going to have tabs that they can't predict though, and profile icons, so hopefully there's potential clues

bialpio: Going back to the bank example it doesn't really matter if the bank prevents itself from being an iframe, but if the user thinks they navigated to the bank
… Can we do anything there? It's an entirely controlled experience by the site

ada: I guess as long as the URL bar is always visible

bialpio: How can we show the user not to trust anything?


bajones: This is like fullscreen
… A fake page could drop down their own URL bar
… This is a scenario where we reach out to an existing team for the 2D web and ask for the guidelines
… The URL bar is the most important security feature, being able to communicate to the user what domain they're on
… Chrome has a huge document of guidelines on this

Rick: People have a webxr browser running in the cloud, when you an XR session you're trusting that the XR session isn't going to steal your information

bajones: There's always going to be some gesture to pop yourself up the stack

bajones: That's not too fundamentally different from having browsers like Opera that do all rendering server-side
… We have had modes like that in the past, not sure if any are still working

yonet: Thinking about different interaction options, when head control is available eye control is also available
… What happens when you just look at the page and that's taken as a click?
… User might not be aware of that

bajones: That sounds like something that should be in control of by the browser

yonet: This is an accesibility feature

ada: It's an awkward situation

Will_C: question: what is stopping an experience to embed a browser

ada: you wouldn't be able to fetch youtube for instance
… but as cabanier said you can embed a cloud-based browser

<Will_C> willc: What about if the page embeds their own browser engine

<Will_C> Ada: CORS will prevent them from requesting anything sensitive

ACTION: Brandon and Rik make Propsals repo issues for Bringing browser window into Session and XRWorklets

<Will_C> Rick: I made a short slideshow, but I did it with my meta account

cabanier: [presents in the room about persistent anchors idea/proposal]

cabanier: if you exit and return the anchor is gone. We want to do more in the meta browsers, and we want ot be able to place anchors and if they come back to the same environment, they resore a pose in the world across sessions

[some room discussion about which systems can do this and what the limits are]a

cabanier: these are local anchors, not cloud or shared anchors

cabanier: basically add one method on XRAnchor `requestPersistentHandle` which returns a Promise<DOMString>

cabanier: unique per origin, cleaned up when deleting history, numbe limited per origin... no problems with private browsing

cabanier: maybe possible addition to return a list of known anchors and maybe a convenience to delete all anchors, but I think these are just convenience

yonet: I think of it like a sticky note - if I put it there I want it to be there when I come back

cabanier: if I take my coffee cup and place it, maybe I do and maybe I don't

cabanier: deleting only deletes its perisstence, it doesn't delete the anchor

cabanier: regular anchors, when the session is done, they disappear

bialpio: Do we want to autodelete persistent anchors that haven't been restored in some time period

cabanier: right now it's like local storage, it's not like cache4

cabanier: right now it's like local storage, it's not like cache

<ada> bkardell_: there are guides for how when to cleanup and what actions to take, under memory pressure all browsers will evict your origin, there is question over how often that happens.

<ada> bkardell_: more on low end devices

polx: I have the impression you wouldn't clear it when you clear history

polx: you used the word history, when I clear browser data - there is site data, where clearing history is about your browsing history --- just wanted to be clear

cabanier: Yeah, not browsing history...

ada: When you move your physical location - you use it in the bedroom and the livingroom and the office -- is there a way to restore them appropriately?

cabanier: if you are in a different room where the anchor was not defined, - you can restore it but you can't place it

ada: is it something you'd want to be in the space - the limit?

cabanier: I' not sure. I do think there should be a limit, because someone would just exhaust all of the anchors

cabanier: I'm still talking to the team

ada: it would be interesting if it was limited per origin, but also per area - if I am in my livingroom, the anchors in my office are irrelevant to me

bajones: You mentioned putting limits on this to prevent tracking cookies - but What if I want to track a literal cookie (grins)

bajones: Do you envision that you have to delete the saved anchors manually - I think that might be too restrictive. Maybe I'm an origin that just collects 1000 flash games underneath it that are all on the same origin

bajones: now you hit the limit quickly... if the limit is 8, you are going to hit that fast. Maybe it should be a LRU thing

bajones: that might not be appropriate for every site ...

bajones: I'm not sure what the right answer here is but LRU comes to mind. Is there an expectation that only certain types of anchors can be saved? You can place them manually... you can do a hit test and get the anchor - if we have image tracking, you'd maybe get one... so, for example, the image from that seems unlikely to be useful, maybe we could say "sorry, that doesn't make sense"

ada: maybe image tracking isn't anchor it's just a pose

bajones: It *feels* like that should be an anchor

bajones: maybe its as simple as adding a boolean on anchors that say whether they are saveable or cachable or something

cabanier: we can see how openxr is doing this - I think they kind of harmonized all the anchors... I don't know that image tracking is in openxr... we can see if it is and how these are handled there, it might be helpful

ada: maybe if we have a function you can call that makes an anchor persistable? You go into a room, there are a bunch of qr codes...

cabanier: we would I think need to have two categories - cachable and uncacheable... a framework needs to know

bialpio: Let's start with this multitenant thing --- whatever limit we set, a popular site will exceed it quickly. That means you can't count on it and that means you have to assume it is not there - and that means i'm not sure how useful it is

ada: it is like cookies and login a bit I guess

ack +

bialpio: If we want to be able to restore persitent anchors created from image tracking, we will have to spin up all of the image tracking infrastructure in that session... But why do we need to do that if the site can just do it itself, you can see the image tracking database -- you already sort of have this available to you

ada: when it persists it's no longer an image anchor, it's just an anchor in space

bialpio: do we expect it to be updated if it has moved

ada: no

bialpio: depending on the space you try to create it off of - it will either assume the anchor needs to be created in the space at the time of where they are now - and not where they were a second ago... so there is this concept of dynamic vs static spaces - I would assume that images are more like dynamic

cabanier: I think xr session under the hood has a concept of the current, you get the predicted I think

bialpio: I think the distinction I am trying to make clear is whether something is in a different space because they moved, or because our understanding of the world has changed

bialpio: has the controller moved, or has the environment changed - we already have to make this distinction

cabanier: there probably needs to be some spec text in there about saying it needs to be relevant to the local floor

<ada> bkardell_: I was curious about if you can't count on it maybe it's not useful, but on the web you can't count on anything. The question is more how often can you count on it

<ada> ... never is not useful but even some of the time is valuable

bajones: the example I was thinking of was the quest guardian system -- it is kind of flaky, I find that I need to reset it like 1/4 of the time... but it is also really useful despite that... this is kind of very useful as an optimization that makes it much more pleasant than having to do that every time

bialpio: 'useless' is probably too strong -- maybe we should say 'don't count on it too much' or something...

ada: in that situation, if it really is the core functionality of your company - put that thing on a separate domain

yonet: the most common cases are like on the manufacturing floor - then I give it to someone else... If I lost that, it is a lot of work

bialpio: as long as we set the expectations, it's fine

cabanier: maybe there are some ways around that - it is much like a conviencce

<Zakim> ada, you wanted to talk about zappar use case

ada: something like zappar - they would probably like to make use of QR

cabanier: I did a PR to the anchors repo - its not ready yet, but... can it be merged or is it too early?

ada: it's a CG, you can do it

bialpio: I think you are saying that you are going to add more - it might be easier to make changes you already know so that it is one PR it is easy to review

bajones: For a long time, nel and I would mark areas of the spec we felt were still very under discussion with an unstable tag... Maybe we could also do that

ada: oh - it's the same document -- no please keep it in a PR


<bajones> Unstable styles from the WebXR spec: https://github.com/immersive-web/webxr/blob/main/index.bs#L128

<yonet_> We are going to run the meeting on aria irc.

<ada> We're in #aria

<yonet_> Please join there

<ada> ANd physically in Junior B

<atsushi> s/Brandon Jones: /bajones: /g

Summary of action items

  1. Brandon and Rik make Propsals repo issues for Bringing browser window into Session and XRWorklets
Minutes manually created (not a transcript), formatted by scribe.perl version 192 (Tue Jun 28 16:55:30 2022 UTC).


Succeeded: s/atsushi/yonet

Succeeded: s/polx/bialpio

Succeeded: s/Brandon Jones: /bajones: /

Failed: s/Brandon Jones: /bajones: /g

Maybe present: cabaneir, Rick, Will