See also: IRC log
<trackbot> Date: 22 July 2014
<paulc> Good morning.
<davide> good afternoon
<joesteele> Scribe: joesteele
<paulc> Agenda: http://lists.w3.org/Archives/Public/public-html-media/2014Jul/0014.html
Previous minutes -- http://lists.w3.org/Archives/Public/public-html-media/2014Jun/0072.html
<paulc> who is aacc?
<paulc> Agenda: http://lists.w3.org/Archives/Public/public-html-media/2014Jul/0014.html
<paulc> Joe: Cannot hear you.
hold on -- looks like I got disconnected
<ddorwin> the call went quiet for at least 3 of us
<ddorwin> paulc, do you hear other people?
<paulc> trackbot, start meeting
<trackbot> Meeting: HTML Media Task Force Teleconference
<trackbot> Date: 22 July 2014
<ddorwin> Jerry, Joe, and David are in our own conference apparently.
<scribe> Scribe: joesteele
<scribe> Chair: paulc
<paulc> Can anyone hear me?
<ddorwin> no
<BobLund> No
<ddorwin> you probably need to rejoin
<paulc> Editor's draft: http://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html
paulc: Editors draft has had 2-3
drafts since last mtg
... few new bugs
<paulc> http://tinyurl.com/7tfambo
paulc: this is the list of
bugs
... 22 bugs total
<paulc> https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/initdata-format-registry.html
pauc: that is the registry --
need to make sure editors are aware this is referenced in
editors draft
... although no "references" list in the editors draft
<paulc> See bug https://www.w3.org/Bugs/Public/show_bug.cgi?id=25733
pauc: normally there would be a
list of references
... this bug was discussing the registry for in-band source
tracks
... Director has said we are ok with having pointers to
informative registries even when they use normative
language
... we can add a "references" section and point to this
registry
ddorwin: will add as part of the refactoring
<ddorwin> ReSpec
ddorwin: using ReSpec
<ddorwin> Tracking bug for ReSpec: https://www.w3.org/Bugs/Public/show_bug.cgi?id=25506
paulc: anyone working on this bug knows about this also -- moot now because MSE heartbeat was published
<paulc> https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332
paulc: David do you want to say anything?
ddorwin: chances are that CDMs
are exposing IDs that are not well protected, we should protect
them with secure origin
... this is a common theme on the Internet
paulc: several commenters I don't
usually see
... is it clear what changes we would make?
... is comment 5 the only change proposed?
<paulc> See comment five: https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#c5
ddorwin: this is still open to provide guidance, needs to be normative
paulc: Adrian or Jerry have a comment?
jdsmith: I wonder if this is a strong countermeasure - would need a license server on the other end to exploit the ID
joesteele: I am in favor of this because it provides protection for the application vendor, but not so much worried about the privacy implications. I believe the protections are already described for the IDs
markw: I support the comments about the identifiers, we have text about protecting that already. The problem with having the origin as HTTPS is that all the content has to be downloaded over HTTPS -- don't support for that reason
ddorwin: not meant to be
offensive, there is no normative text about protecting the
identifier.
... only thing we can do is relate to the origin
... no obvious to me how the ID is protected - each CDM has to
be checked by the UA to make sure it is not leaking these
IDs
jdsmith: my question is -- do we
want to be stringently requiring HTTPS when there are valid use
cases for HTTP.
... there is an implication that CDMs need to protect their
data exchanges
... this might be a strong counter-measure for sites that could
use HTTP
paulc: some people were not aware
of this bug - so folks should add their comments in the
bug
... let's go broad and continue with the other new bugs
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26313
paulc: Jerry you created, David commented right after, have you seen Davids response?
<paulc> See David's response: https://www.w3.org/Bugs/Public/show_bug.cgi?id=26313#c1
jdsmith: had not seen this yet
paulc: we could move forward
then, you can respond in the bug
... editors might be able to just resolve
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26401
<paulc> Example 2 at https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html#examples
joesteele: this was added just to add in support for destinationURL since it will be required for some CDMs
<ddorwin> Related bug: https://www.w3.org/Bugs/Public/show_bug.cgi?id=25920
ddorwin: resolution of the bug
was to remove this until we have a way to do this in a safe
way
... defaultURL is now NULL in the text
<ddorwin> step 7.8 of https://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html#dom-createsession
<paulc> Joe is concerned about code in function handleKeyNeeded(event)
joesteele: I am not in favor of removing destinationURL -- was hoping that was not the outcome of previous bug
<ddorwin> handleKeyNeeded() is a handler for needkey, which does not have a destinationURL
<ddorwin> Probably want handleMessage() in 8.4.
<paulc> Actually Joe is pointing to function licenseRequestReady(event)
ddorwin: the function you
refereded to is not the right one -- think you mean
licenseRequestReady()
... need to talk about what the language should actually be --
currently specified as NULL in the initial message
... in the createSession algorithm
<ddorwin> https://dvcs.w3.org/hg/html-media/raw-file/default/encrypted-media/encrypted-media.html#dom-update sets destinationURL in step 4.6
ddorwin: the initial one is
currently specified as NULL
... I will update the bug with pointers
joesteele: I will update the bug
from there
... provide some example code that I think should work
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26207
<joesteele_> scribe: joesteele_
paulc: maybe I missed it --
several folks have responded
... maybe you can just let us know how you want this bug
processed
... Jerry to look at the bug and repsonses
<paulc> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25896#c12
paulc: proposal made to
close
... anyone objecting should respond in the bug
jdsmith: with this change we lose the numeric capability in the error
ddorwin: I propose closing this
bug and opening a new one to add this capability back as
needed
... removed the MediaKeyErrors because things have changed --
commented out with issue statements
... should explore Jerrys use case separately
... Joe had a question about getting systemCodes back from
Promise rejection
paulc: has the other bug been opened?
jdsmith: I will take the action to open that bug
https://www.w3.org/wiki/HTML/Media_Task_Force/EME_Use_Cases
paulc: Joe can summarize his update and call for more comments
<ddorwin> The error bug I was referring to is https://www.w3.org/Bugs/Public/show_bug.cgi?id=26372. Please take a look since errors are up in the air.
<paulc> Mark's feedback: http://lists.w3.org/Archives/Public/public-html-media/2014Jul/0016.html
<paulc> Joe: Use cases on the Wiki should all be supported today
<paulc> ... keyrelease and downscaling might not be supported by some CDMs
<paulc> ... seems to be general agreement that this is good set of use cases
<paulc> ... Joe wanted to get agreement before fleshing them out more
<paulc> ... and Joe has not yet added (to a separate section) future use cases
<paulc> Joe thinks he agrees with Mark's comments and Joe will reflect this back into the Wiki
<paulc> David has done some editing
<paulc> Bob Lund commented positively
ddorwin: there is a new bug on
errors -- that was what I wanted to say
... last conversation
... no comments on the wiki
markw: I noticed that there may
be confusion about system sessions and license - which seem to
be separate things
... can have session that persists when license does not
... not sure how we resolve this - text in the specification
talks about both things
<paulc> Joe: Not sure that the Wiki uses case motivate the need for loadSession capability
<paulc> ... some need for handling persistence but not sure of the need for saving a session
<paulc> Joe will send an email or file a bug on Mark's point and agrees there is confusion there
ddorwin: have had some discussion
around this -- it was added as a way to manage offline and
support the secure proof of key release model
... existing normative text should support both of those
models
... may be different from how some keys model key
persistence
... need to have a common way to model this
... we could think about another session type but not sure that
makes sense
<paulc> Joe: My impression of the loadSession feature is that it was designed by implementers that don't support persistence and without discussion with CDM implementations that do support persistence
<paulc> ... I agree there should be a common model but it may not be this one
<paulc> ... I don't have a new model to propose yet
<paulc> Joe offered to send an email about this and get more discussion going
joesteele: not clear who will use
this feature as defined today
... I will send an email about this as noted
jdsmith: just wanted to say we are having similar problems with the loadSession model -- might need some reconsideration
markw: we are talking about
system licenses I would agree with many of the comments made,
but when talking about session and secure key release need a
way to find those previous sessions
... assumed loadSession would be used for that
paulc: comment about more
advanced use cases -- I would discourage that until we deal
with the existing use cases
... will put on the top of the agenda for next week
joesteele: ok
rrsagent: generate minutes
<ddorwin> loadSession(), etc. were designed to have a consistent model that supports multiple use cases and that could be broadly supported across implementations (possibly with "wrapping" to match the spec). This was discussed with app developers, so there is a desire for this consistent model.
rrsagent: generate minutes
rrsagent: generate minutes
s/ CDMs are exposing IDs/ CDMs are exposing IDs/
rrsagent: generate minutes
rrsagent: generate minutes
rrsagent: generate minutes
rrsagent: generate minutes
rrsagent: generate minutes
rrsagent: generate minutes
rrsagent: generate minutes
rrsagent: generate minutes
rrsagent: generate minutes
This is scribe.perl Revision: 1.138 of Date: 2013-04-25 13:59:11 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/protecting the application/protecting the identifier/ Succeeded: s/4.6/step 4.6/ Succeeded: s/thr/the/ Succeeded: s/references list/"references" list/ Succeeded: s/had said/has said/ FAILED: s/ CDMs are exposing IDs/ CDMs are exposing IDs/ Succeeded: s/commet/comment/ Succeeded: s/application vendor not so/application vendor, but not so/ Succeeded: s/EME exposing IDs/CDMs are exposing IDs/ Succeeded: s/abke/able/g Succeeded: s/repsond/respond/g Succeeded: s/might not be supported/might not be supported by some CDMs/ Succeeded: s/Joe wants to/Joe wanted to/ Found Scribe: joesteele Inferring ScribeNick: joesteele Found Scribe: joesteele Inferring ScribeNick: joesteele Found Scribe: joesteele_ Inferring ScribeNick: joesteele_ Scribes: joesteele, joesteele_ ScribeNicks: joesteele, joesteele_ Default Present: paulc, +1.415.832.aaaa, davide, +1.408.536.aabb, +1.425.868.aacc, joesteele, geguchi, markw, ddorwin, adrianba, ReimundoGarcia, jdsmith, BobLund, glenn Present: paulc +1.415.832.aaaa davide +1.408.536.aabb +1.425.868.aacc joesteele geguchi markw ddorwin adrianba ReimundoGarcia jdsmith BobLund glenn Agenda: http://lists.w3.org/Archives/Public/public-html-media/2014Jul/0014.html Found Date: 22 Jul 2014 Guessing minutes URL: http://www.w3.org/2014/07/22-html-media-minutes.html People with action items:[End of scribe.perl diagnostic output]