On Mon, 7 Apr 2014, Harald Alvestrand wrote:
> On 04/02/2014 07:52 PM, Ian Hickson wrote:
> > On Mon, 3 Mar 2014, Ami Fischman wrote:
> > > Looks like we're back in business:
> > > 
> > > Latest editor's draft: 
> > > http://dev.w3.org/2011/webrtc/editor/getusermedia.html
> > 
> > As a user, this scares me a lot. Why isn't it up to me to control 
> > this? I don't understand the security model here at all. I don't want 
> > random Web pages to know that they can pipe audio to the remote 
> > speakers in my bedroom from my laptop, but if we just expose all the 
> > audio output devices, that's exactly what will be possible.
> > 
> > Without a much clearer security model, I don't think it's a good idea 
> > to add any APIs.
> Would it make sense to group the access to sinks in with access to 
> sources - that is, "this page wants access to your cameras, microphones 
> and audio output devices"?
> (either on a per-device basis or as an all-or-nothing prompting)

Wouldn't that be an implementation detail?

When I was first desigining the API for WebRTC (years ago, before it got 
rather unceremoniously forked by the W3C), the security design I had come 
up with was basically that the UA would show a panel of devices, and the 
user would drag-and-drop them into the page to give the page access to 
them. (Or equivalent UI, e.g. tapping on the relevant device icons to 
activate them for the page.)

This would let me, as a user, specify that on my laptop YouTube can play 
video on my TV (assuming we extend this stuff to support video over 
Miracast/AirPlay/WiDi/DIAL/Chromecast/DLNA) while not allowing it to send 
audio to my bedroom, while simultaneously having Amazon's Cloud Player 
sending its music to my bedroom, but not allowing it to use my microphone.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Reply via email to