On 04/02/2014 07:52 PM, Ian Hickson wrote:
On Mon, 3 Mar 2014, Ami Fischman wrote:
Looks like we're back in business:

Latest editor's draft:

As a user, this scares me a lot. Why isn't it up to me to control this? I
don't understand the security model here at all. I don't want random Web
pages to know that they can pipe audio to the remote speakers in my
bedroom from my laptop, but if we just expose all the audio output
devices, that's exactly what will be possible.

Without a much clearer security model, I don't think it's a good idea to
add any APIs.

Would it make sense to group the access to sinks in with access to sources - that is, "this page wants access to your cameras, microphones and audio output devices"?

(either on a per-device basis or as an all-or-nothing prompting)

Reply via email to