Max: I looked at explainer and spec - how do we protect the user's machine learning model - not leak it outside the browser. In the explainer they have some disucssion but no solution yet. Is this a big concern?

Dan: what data is at risk? The model based on the training?

Max: part of web machine learning spec - proposed to prpovide an API to load the machine learning model... the ML model is - like tensorflow - a matrix - mutli-dimensional data set. In this API they propose to load the ML data model... from URL... They also have a little discussion how to protect the data model. For some companies the ML model itself is considered as intellectual property...

Dan: analagous to issues around DRM?

Max: in their security considerations section... theur short answer use DRM like solution...? They don't have such considerations...

Dan: I'd express not happy feelings about extending DRM to other realms. I think we should be trying to push back on that and saying why does .. we already know DRM on the web is problematic in that it introduces elements to the web security model that are black boxes - we have spoken on this issue before. There needs to be a real serious need and big support for this, otherwise it's my sense that we should not be adding DRM for machine learning models.

Hadley: I agree - otherwise hard to run local data through a model without having access to the model.

Amy: are they proposing a DRM like thing... Or have they not considered how to protect it and we want to make sure they don't end up in that route?

Dan: In the explainer they use the phrase "DRM-like solution". Write only.. that's different from DRM. They should not be saying DRM if what they mean is a special type of browser storage. DRM has other type of things.. we could write something about this..

Hadley: we can say we appreciate this being an issue - if and when they tackle it we'd love to discuss because there's a lot of nuance about how DRM works that doesn't seem to pertain to this, and a bunch of potential pitfalls with the web's security model.. leave a marker that this is messy and complicated but let's not have the conversation now unless we have to

Hi @wacky6 we're just reviewing today and one thing that came up was your mention of the idea of a "DRM-like solution". We appreciate that you're seeing this might be an issue - protecting models - however if you're going to seriously work on this we'd appreciate being involved because there are a lot of issues and complications with DRM, the differences between its use case and this one, and the web's security model. We suggest to leaving this for future work.

Max: I think they got the point about the DRM issue... Maybe we can provide a suggestion...?

Sangwhan: I think the DRM discussion is moot - because there's no hardware support that could make this possible at the moment. You'd need to have an EME-like thing... that the user cannot access. No support for this at the moment. No tech solution...

Dan: we could resolve 'satisfied' but with caveat that we don't think DRM for models is a good idea.

Sangwhan: what about other things that have IP protection like VR models...

Hadley: this represents my views - we don't want to be endorsing DRM... rest of it seems largely fine. Recording our intentions in reolsoving as not endorsing DRM is important...

Sangwhan: API surface I'm Ok with it. There is a question of why tensor has to be created as a factory rather than a construcor. I will leave feedback. It goes against our design principle.

Dan: still Ok to resolve satisfied?

Sangwhan: satisfied with concerns and pointing to reference to the design principle.

Sangwhan to close and leave closing comment - resolution satisfied with concerns