search

w3c / tvcontrol-api

TV Control API specification - https://w3c.github.io/tvcontrol-api/
10 stars 11 forks source link

Parental control PIN mechanism #23

Open tidoust opened 7 years ago

tidoust commented 7 years ago

Noted in the TAG review:

Some of the control surfaced looked like it could be a problem if curious uses cracked open developer tools to tweaked values in script, for example parental control pin info :-) https://github.com/w3ctag/spec-reviews/issues/111#issuecomment-257746605

chrisn commented 7 years ago

See #11 regarding parental control PIN.

stevem-tw commented 7 years ago

I think this is an example of a deeper question about the split between functionality that can be accessed via a web app and functionality which can only be accessed outside of the web app (e.g. via the device UI or automatically by other software running in the device). This covers not just PIN management, but channel scanning and (potentially) channel management functions such as re-ordering the channel list, as well as some of the functionality related to content encryption.

My personal view is that a lot of this type of functionality should not be exposed to the web app at the moment. We may change our minds on this later, but for now I would prefer to reduce the complexity of what we're trying to achieve and focus on the key use cases. Given this, in the area of PIN management, I would suggest a method which looks something like this:

Promise<void> unlock (DOMString pin, TVMediaStream stream);

This gives the app the ability to request that the parental control system unlocks presentation of a piece of content giving it any way to set the PIN. There is a debate here about what gets unlocked (one specific piece of content or all content for a fixed period, etc.) and which object should have this method, but for the moment I'm more interested in agreeing the overall principle.

chrisn commented 7 years ago

I think this is an example of a deeper question about the split between functionality that can be accessed via a web app and functionality which can only be accessed outside of the web app (e.g. via the device UI or automatically by other software running in the device). This covers not just PIN management, but channel scanning and (potentially) channel management functions such as re-ordering the channel list, as well as some of the functionality related to content encryption.

Yes. Francois has added a table to the wiki for us to summarise which functionality should be available to the various kinds of applications. I'd like to encourage all group participants to review this table, the results will help shape the API as well as document its intended use.

stevem-tw commented 7 years ago

I made a few edits to this earlier today, which prompted some questions on the privacy side that I will raise a new issue for.