14:39:51 RRSAgent has joined #pointerevents 14:39:51 logging to https://www.w3.org/2019/09/04-pointerevents-irc 14:40:18 MeetingL PEWG 14:40:34 Chair: patrick_h_lauke 14:40:41 Scribe: patrick_h_lauke 14:41:39 rrsagent, set logs world-visible 14:57:06 present+ patrick_h_lauke 15:01:40 present+ NavidZ 15:06:05 Navid: had a task to define pointer capture scope 15:06:07 https://github.com/w3c/pointerevents/pull/300 15:06:24 https://github.com/w3c/pointerevents/issues/16 15:06:39 limits only work on a document. there was an old issue about security risk if not restricted in iframes 15:06:49 maybe we should always limit to sandboxed iframes 15:07:14 recently we decided to just live with this and see if use cases come up, and that's what latest PR does 15:07:30 matches chrome behavior, and olli was ok with it as well 15:07:58 if inner iframe sends pointerID, can outer frame/parent capture it 15:08:30 https://github.com/w3c/pointerevents/issues/291 15:08:58 will send request on mailing list to see if we agree on resolution of latest pull request 15:09:32 rrsagent, action: ask on mailing list for resolution on PR 300 15:09:44 Next topic: 15:09:45 https://github.com/w3c/pointerevents/issues/204 15:10:40 Daniel: this came out of research in platform stuff on windows. OS actually can do better job of rendering pointer trail etc, so provide metadata on what app has drawn and leave it up to OS to do rest 15:11:16 no concrete proposal, but wanted to get sense from cross-platform perspective 15:11:28 Navid: question also how much we can support this feature across platforms 15:12:11 also comes down to amount of metadata - e.g. do we pass on what pressure is, or what the line thickness/radius should be 15:12:44 Daniel: should be some kind of transform/radius of the size of the tip. OS can also match end of trail to more seamless ink stroke... 15:13:36 Navid: wonder if we can enough exposure so last piece of trail is not so far away from the coords that were globbed by the app itself (?) 15:14:12 Daniel: being able to determine support, apps can opt in/out 15:14:50 more like a graceful degradation approach. what would support look like on other platforms? does it match how other platforms support inking at OS level? early stages/ideas 15:15:27 you can see this with Windows native OneNote app, depending on which brushes are used 15:15:48 Navid: looking forward to something more concrete, but if you see reduced latency we may have interest 15:16:00 Daniel: will do more prototyping, hopefully something to share at TPAC 15:16:16 Navid: one update regarding an issue... 15:16:23 Next topic: 15:16:24 https://github.com/w3c/pointerevents/issues/100 15:17:33 prototyped something that can be tested behind flag 15:17:52 not fully compatible because coords are promoted from integer to float 15:18:17 landed a change behind a flag, going to discuss this with UIEvents/web apps WG at TPAC 15:19:07 Navid: regarding merging extension document merging: touch-action move done, still work to be done to more the coalesced/raw stuff 15:19:29 will work on those and send PR addressing most of those 15:19:48 one aspect to consider is privacy. raw/coalesced only to secure origins 15:20:13 security person in Google pointed out this exposes specific device capabilities/properties 15:20:25 can fingerprint device of the user (e.g. 1000 Hz mouse) 15:20:41 maybe not quite a permission model, but only to secure origin 15:20:58 are there any other APIs that follow this? 15:21:05 Daniel: think it makes sense 15:21:22 not sure if i've seen secure origin for privacy reasons 15:21:45 Navid: permission model may be too hard to specify, but at least secure origin mitigates man in the middle attacks etc 15:22:05 Daniel: i have seen it with paint worklet and animation worklet 15:22:33 Navid: will check if there's some wording or similar that we can use 15:24:33 Patrick: we already have some language in spec about user agents also allowing user to stop certain info from being exposed at the user's request. worth using same for this here too 15:27:10 I will check on our side what we have, and it's worth expanding to cover coalesced/raw even more strongly. And secure origin only is a mitigation, but won't help if you as user don't actually want a site to track you (secure origin or not) 15:27:27 [mention of calls, AOB, TPAC] 15:28:10 Patrick: we don't have an actual meeting planned for TPAC (as I also won't be able to make it this time), but if people who are already there and want to have a semi-formal skype call or something, let me/the list know 15:29:29 (as an aside, just checked PE spec, and we have wording around user agents MAY consider allowing users to turn things off in https://w3c.github.io/pointerevents/#security-and-privacy-considerations) 15:29:37 rrsagent, create minutes 15:29:37 I have made the request to generate https://www.w3.org/2019/09/04-pointerevents-minutes.html patrick_h_lauke 15:30:04 rrsagent, set logs world-visible 15:30:17 rrsagent, bye 15:30:17 I see 1 open action item saved in https://www.w3.org/2019/09/04-pointerevents-actions.rdf : 15:30:17 ACTION: ask on mailing list for resolution on PR 300 [1] 15:30:17 recorded in https://www.w3.org/2019/09/04-pointerevents-irc#T15-09-32