This section include references to related works (prototypes, draft APIs, etc.) that have been produced by IG participants and are related to the use cases outlined in this document. Note that this section is informative and that the Web and TV Interest Group do not endorse any of the works listed in this section. Nevertheless the Web and TV Interest Group thinks that these related works contain useful ideas that could be discussed and expanded by a working group writing specifications addressing requirements enumerated in this document.
8.2Opera
Opera proposed a low-level API to address some of the use cases outlined in this document and discussed by the Home Network Task Force of the Web and TV IG. This section contains an outline of the proposal as presented to the DAP WG.
8.2.1Problem
A number of devices connected within a local network today advertise service API endpoints to the network, the primary purpose of which is to allow other devices within the same local network to connect, control and interact with those services through the provided interfaces.
It is possible today to build native applications that can both discover and communicate with such local-networked services. There is currently no standard or, indeed, any particularly easy way to discover or interact with local devices and services from a web application without significant technical hackery on the part of the user (see 'current practice' below).
We need a way for a user agent, acting as a broker between a user and a web application to discover services via common discovery protocols (i.e. SSDP and DNS-SD) within the local network, allow web applications to request a particular service type (or class of service) that it wishes to interact with and then for a user to authorize that connectivity based on services found in their local network matching the requested service type. The solution should then enable communication to occur between the authorized web application and the local-networked service, bypassing or overriding the same-origin policy rule if necessary to allow for safe and secure cross-domain communication.
8.2.2Current Practice
Assuming the user is able to obtain a local-networked service's host and port information, which in itself is a hard task for both technical and non-technical users alike, the user must then provide that host and port information to the web application by entering such information in e.g. a web form and submitting said form. Having got this far the web application, despite having all the information required to communicate with a local-networked device/service, is then likely to encounter another issue, namely the same-origin policy rule which prevents a web application from communicating with a networked device that does not share the same host and port origin combination as itself.
As a solution to this, CORS has been developed to enable cross-origin messaging from web applications. Within the home network, if the target networked device happened to provide the HTTP headerAccess-Control-Allow-Origin: * then there is little problem with the browser now being able to communicate with the provided host and port.
However, the majority of local-networked services do not implement CORS and becauseAccess-Control-Allow-Origin: * is generally a bad idea to enable within a local network, it is not really the ideal future-facing solution within local networks to ensure access is granted only to web applications that a user has explicitly authorized access to.
In the vast majority of use cases communication from a web application to a local-networked service is blocked or inherently insecure today due to one or more of the issues above being present in modern web browsers.
The current practice therefore does not fulfill the requirements of the initial problem and so we began to consider alternative approaches.
8.2.3Proposed Solution
To counter the issues identified in the current practice above we developed a low-level API, produced incrementally over the course of the last few months, that allows a web application to request a particular service type (or class of service type) and for the user to then be able to authorize and connect a discovered matching service to the requesting web application. This enables a user-authorized web application to control, interact and synchronize content (and otherwise generally communicate) with home-networked services, negating the operational issues present in browsers today.
The proposed solution is available, see Networked Service Discovery and Messaging [DISCO-PROP].
A note on CORS: this API is intended to work with or without CORS support enabled in local-networked services. That is to say, CORS in combination with e.g. HTTP authentication schemes, assuming such a model is deployed widely in the future, may provide a good user authorization model for this API (perhaps even to the point of negating the need for any specialized Service Discovery user interfaces at all). As it stands, the proposed solution is intended to work with existing services deployed within local networks without shoe-horning all communications in to a future-only CORS model.
Disclaimer: This API proposal does not represent the consensus of any standards group and should not be referenced as anything other than an unofficial draft which is a work in progress.
8.2.4BBC
The BBC is non-profit, publicly funded broadcaster based in the UK that also engages in technical research. As part of its participation in the Home Network TF, the BBC has shared its own experimental API work that enables clients, including HTML user agents, to discover and communicate with television style devices within the home network.
This API defines a RESTful web service to be implemented by a television, set-top-box, or similar device. The data model represents programmes and sources of programmes in a relatively abstract way. The API in turn defines a uniform way to discover, identify, acquire (e.g. record) and control playback of programme content. There is also provision for starting and communicating with web or native applications running on the television. Applications using this API avoid having to deal with issues of codec, container format or transport protocol compatibility.
Documents providing background, an introductory overview and a draft specification of the API are available:
- Universal Control
- White Paper 193 : The Universal Control API version 0.6.0 - An Overview [BBC-WP193]
- White Paper 194 : The Universal Control API v.0.6.0 - Specification for the behaviour of a universal control server running on a set-top box, and the clients that connect to it [BBC-WP194]
The BBC has prototyped various remote control and second screen experiences that use this API. These include:
- The presentation of time-synchronised slideshows
- Near-lip-synced alternative audio
- A Mobile phone as a remote control with support for blind users
- Enhancement of websites with awareness of current TV viewing
The following documents briefly describe some of these applications:
8.4CEA-2014 Web-based Protocol and Framework for Remote User Interface - Overview
CEA-2014 [CEA-2014] describes web based Remote UI applications for CE devices. CEA-2014 is referenced by multiple Standards Development Organizations to provide ecosystem specific Remote UI solutions.
CEA-2014 leverages existing web technology standards including XHTML for screen layout and user interactions; and ECMAScript for interactive application support. In addition, CEA-2014 provides additional standardized interfaces addressing the following areas:
- Remote UI Application Listing
- Client Capabilities Matching
- Standardized Audio-Video Player
- Digital Rights Management Framework
- Content Download Management Framework
- UPnP / DLNA Home Network Framework
- SVG (Scalable Vector Graphics) integration with XHTML
- Server to Client Notification Framework
- Remote UI Save and Restore Framework
8.4.1Remote UI Application Listing
CEA-2014 defines a mechanism for a Remote UI server to list available applications. This mechanism is based on an XML schema (XML UI Listing) which provides application descriptive metadata. In addition, a CEA-2014 server may include metadata for multiple versions of the same Remote UI application with differing client capability requirements. A Remote UI client system may then choose a version of a Remote UI application which best matches its capabilities. See Client Capability Matching in the following section
8.4.2Client Capabilities Matching
CEA-2014 defines XML metadata describing the capabilities of a connecting Remote UI client system. These capabilities include Input Support (Remote Control, Keyboard, etc.), AV Player Capabilities, Client Display Capabilities (resolution, color space) and Digital Rights Management capabilities. When a Remote UI client connects to a server, it will first examine the capability requirements of the Remote UI applications offered and will connect to a version that best matches its capabilities. During connection, the Remote UI Client provides its capabilities to the server. The server may modify the web-page provided to better match the connecting client's capabilities or may reject the connection if it cannot tailor the page to support the client's capabilities.
8.4.3Standardized Audio-Video Player
CEA-2014 defines a standardized Audio-Video Player object. The AV Player object provides methods for control of AV playback (Play, Stop, Pause, Seek and Loop). In addition the AV player provides a "lock-out" mechanism disables end-users from skipping "required content". AV player callbacks are defined to notify web-pages of various playback related state-changes. The CEA specification defines a state-machine for the AV player so web-pages can rely on predictable AV player state transition behavior.
8.4.4Digital Rights Management Framework
CEA-2014 defines a framework to allow a Remote UI application (web-page) to communicate with DRM Agent(s) installed on a Remote UI client. This DRM framework allows generic messaging between the web-page and DRM Agents installed on the Remote UI client.
Note: CEA-2014 does not define the specifics of any particular DRM system beyond listing of available Digital Rights systems in Remote UI client capabilities.
8.4.5Content Download Management Framework
CEA-2014 defines a framework for Remote UI applications to initiate the download of content. Once the download process is started the Remote UI client can switch to other Remote UI applications. In addition to providing status of download operations, CEA-2014 defines a Content Access Descriptor XML schema to describe content to be downloaded. Since Content Access Descriptors are XML documents they may be associated with URLs and embedded into Remote UI applications.
8.4.6UPnP / DLNA Home Network Framework
CEA-2014 defines a UPnP / DLNA binding so that web-pages can discover and control home network devices. The binding allows Remote UI applications discover, manage events and command UPnP and DLNA devices. In conjunction with the UPnP / DLNA Home Network Framework the Standardized AV Player is required to comply with DLNA media transport requirements. The combination makes CEA-2014 Remote UI clients suitable to support both UPnP and DLNA applications.
The ability for Remote UI applications (originating from outside the home) to access home network devices presents significant security and privacy concerns. CEA-2014 requires implementation of a variety of security mechanisms to protect end-users Remote UI applications performing unauthorized access to Home Network devices.
8.4.7SVG (Scalable Vector Graphics) integration with XHTML
CEA-2014 supports the embedding of SVG markup within XHTML pages and vice versa. CEA-2014 addresses some issues with regard to differing DOM models and event handling between SVG and XHTML resulting from the combination of SVG and XHTML content on the same web-page.
8.4.8Server to Client Notification Framework
CEA-2014 provides the capability for servers to request Remote UI clients display web-pages. An "event" mechanism is defined so that Remote UI clients and servers can classify these Notification messages. In addition CEA-2014 clients may recover previously sent notifications that may have been missed while the Remote UI client was not present on the network.
8.4.9Remote UI Save and Restore Framework
CEA-2014 provides a framework for a Remote UI application to save its state and POST it to a Remote UI server. The saved information consists of a reference to the original Remote UI application URL and metadata describing the saved state of the application. The save state may be restored by a different device effectively allowing the application to be moved to a different Remote UI client. The save-restore process may be triggered by the Remote UI application itself or by a request initiated external to the Remote UI client.
8.5Universal Plug'n Play (UPnP) Reference
8.5.1Introduction
This section discusses devices compliant to UPnP (Universal Plug'n Play) architecture. This architecture has been developed over +10 years by member companies of the UPnP Forum. Although this section focuses on UPnP device models defined for AV (Audio-Visual) devices, UPnP defines a number of other standard device models for Home Network Gateways, Telephony, Remote Access, and Home Automation applications.
Further information concerning membership in the UPnP Forum may be obtained onUPnP Web site.
8.5.2UPnP AV Architecture
UPnP AV (Audio-Visual) Architecture [UPNP-AVARCH2] provides an informative overview of the UPnP model for media serving and media rendering devices. It is a good starting point for readers becoming familiar with UPnP architecture related to audio-video device support.
8.5.3UPnP Device Architecture
UPnP Device Architecture [UPNP-DEVICEARCH] provides the basic mechanisms for discovering, advertising, and commanding of UPnP devices. All UPnP Devices implement and comply with the requirements in this specification.
8.5.4UPnP Media Renderer Device
The UPnP MediaRenderer specification [UPNP-MR3] defines the required and optional services of a standard UPnP MediaRenderer device.
The following references define the required and optional services provided by a standard UPnP MediaRenderer device:
- UPnP Rendering Control Service
The UPnP RenderingControl specification [UPNP-RC3] defines actions and variables which control presentation of content on a standard UPnP MediaRenderer device. Examples may include: controlling display brightness, audio volume, soundtrack selection, display pan/zoom, etc. - UPnP AVTransport Service
The UPnP AVTransport specification [UPNP-AVT3] defines actions and variables which control connection to and playback of AV content on a standard UPnP MediaRenderer device. Examples may include: setting a playback URL, issuing Play, Stop, Seek, and Pause operations and determining the current state of a rendering device (Playing, Stopped, Paused, etc). - UPnP Connection Manager
The UPnP ConnectionManager service [UPNP-CM3] defines actions and variables to allocate and control multiple sessions on a standard UPnP MediaRenderer device. Examples may include allocating a Picture-in-Picture window on a rendering device, or allocating an additional audio player instance on a rendering device.
8.5.5UPnP Media Server Device
The UPnP MediaServer device specification [UPNP-MS4] defines the required and optional services of a standard UPnP MediaServer device.
The following references define services provided by a standard UPnP MediaServer device:
- UPnP Content Directory Service
The UPnP ContentDirectory service [UPNP-CD4] publishes metadata for stored content, broadcast content, channel lineup(s) and electronic programming guide(s). A UPnP MediaServer device may optionally serve content described by ContentDirectory service metadata or the ContentDirectory service may provide metadata referring to content residing on other home network servers. - UPnP Connection Manager Service
The UPnP ConnectionManager service [UPNP-CM3] defines actions and variables controlling multiple sessions allocated on a standard UPnP server device. The ConnectionManager service runs on both standard UPnP MediaRender and UPnP MediaServer devices. - UPnP Device Protection Service
The UPnP DeviceProtection service specification [UPNP-DP1] provides secure communication to UPnP devices. For a UPnP MediaServer, the UPnP DeviceProtection service controls access to the UPnP MediaServer device services. - UPnP Scheduled Recording Service
The UPnP ScheduledRecording service [UPNP-SR2] defines actions and variables which control creating and tracking of recording requests for a recording device. Examples may include: creating a recording request based time or electronic programming guide metadata, displaying programs already recorded and displaying and controlling pending recording activities. The ScheduledRecording service supports recording from both network (URLs) and non-network sources (such as analog and digital tuners).
8.6Ericsson Labs
Ericsson Labs is the part of Ericsson Research that focuses on iterative open innovation and experiments with new technologies, services and business models. The purpose of Ericsson Labs is to support Ericsson’s vision of the Networked Society by working with partners including technology providers and third-party developers.
Ericsson Labs provides access to experimental APIs in their infancy so that developers can create new, innovative services. "Web Technologies" is one of the major categories of experimental APIs and the category contains API named "Web Device Connectivity".
The Web Device Connectivity API enables you to connect end users’ devices to the Web. It provides end users with new experiences of devices in their home networks being a part of the Web and web sites can seamlessly make use of those home devices. For example, an web site or a blog can access the viewer's DLNA enabled TV and let the viewer choose his/her DLNA enabled TV to play the contents on the web site.
Web Device Connectivity platform consists of a software running inside each end users' home network and interacting with home devices, in-cloud servers aggregating device information and enforcing security policy, and a Javascript library providing API for web sites. Developers can create web sites, by including the Javascript library, which accesses devices in end users' home networks through the Ericsson Labs Web Device Connectivity platform.
