RE: UI for enabling webcam use from untrusted content from Nick Lothian on 2009-12-14 (public-device-apis@w3.org from December 2009)

From: Nick Lothian <nlothian@educationau.edu.au>
Date: Mon, 14 Dec 2009 11:27:20 +1030
To: "public-device-apis@w3.org" <public-device-apis@w3.org>
Message-ID: <C61BBB9C527C5A49A8C9069ABC4B005F15C82DE2D6@eduau-mail.eduau.local>

> -----Original Message-----
> From: public-device-apis-request@w3.org [mailto:public-device-apis-
> request@w3.org] On Behalf Of Nick Lothian
> Sent: Monday, 14 December 2009 9:28 AM
> To: Ian Hickson; Kenton Varda
> Cc: public-device-apis@w3.org
> Subject: RE: UI for enabling webcam use from untrusted content
>
> > > >
> > > > I think once we've given a site access to the bits coming from
> the
> > > > camera, we've got no way of knowing what the site is doing with
> the
> > > > data, so we have to treat them as equivalent.
> > >
> > > Well, if there were a way for a script to be prohibited from
> > > communicating with anything (remote servers, other processes on the
> > > system, etc.), then you could safely give it access to the camera.
> > > This could be a useful security property it some cases, but
> probably
> > > isn't worth pursuing for the moment.  This relates to the
> > > (un-Googlably-named) "*-Property":
> > >
> > > http://en.wikipedia.org/wiki/Bell-La_Padula_model
> >
> > You'd also have to block access to the local storage and cookie
> stores,
> > and workers, and block access to other frames and windows, and
> prevent
> > new
> > CSS rules from being added, and prevent the user from clicking any
> > links
> > in the page. I'm not sure it'd be particularly useful.
> >
>
>
> Currently there are cross origin restrictions on access to video
> streams (In Firefox at least - but I assume it is specified like that).
>
> I think the specification for the video viewfinder for the camera will
> need to relax these restrictions (otherwise it will be impossible to do
> Javascript video processing on the stream).
>
> Nick
>
>

Sorry to reply to my own email.

The permission granted by the dialog should also permit Javascript from that host to access to the viewfinder video (which I would note doesn't appear in any proposed specification yet).

Nick

IMPORTANT: This e-mail, including any attachments, may contain private or confidential information. If you think you may not be the intended recipient, or if you have received this e-mail in error, please contact the sender immediately and delete all copies of this e-mail. If you are not the intended recipient, you must not reproduce any part of this e-mail or disclose its contents to any other party. This email represents the views of the individual sender, which do not necessarily reflect those of Education.au except where the sender expressly states otherwise. It is your responsibility to scan this email and any files transmitted with it for viruses or any other defects. education.au limited will not be liable for any loss, damage or consequence caused directly or indirectly by this email.

Received on Monday, 14 December 2009 00:58:01 UTC