W3C home > Mailing lists > Public > public-html@w3.org > April 2011

RE: Systematic access to media/plugin metadata

From: Henri Sivonen <hsivonen@iki.fi>
Date: Wed, 20 Apr 2011 12:47:09 +0300
To: Leonard Rosenthol <lrosenth@adobe.com>
Cc: Danny Ayers <danny.ayers@gmail.com>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, "public-html@w3.org" <public-html@w3.org>
Message-ID: <1303292829.12278.142.camel@shuttle>
On Thu, 2011-04-14 at 07:17 -0700, Leonard Rosenthol wrote:
> Henri wrote:
> > In order to maintain the confidentiality properties that browsers now
> >provide, we can't allow metadata to be read cross-origin without *some*
> >participation of the server that serves the image.
> >
> If I can read the image, I should be able to read the metadata.  Why would you need to restrict the metadata access if you don't restrict the image itself?!?

Usually in cross-origin situations, you *can't* read the image (its
pixel data).

When you *are* allowed to read the pixel data, there's no security
reason not to let you read the metadata, too. Then it becomes a matter
of resource allocation in platform development: Is the use case
compelling enough relative to other potential features that limited
person-time available should be allocated to it instead of the other
potential features?

In the same-origin scenario, Web developers also have the option of
running a metadata extractor on the server side and arranging the
transfer of metadata between the server-side program and the
browser-side program that are both under their control.

The different-origin scenarios where pixel data reading is allowed and
where security-wise metadata reading could be allowed are so narrow that
to me personally they don't look like a compelling thing to allocate
limited developer time to.

Henri Sivonen
Received on Wednesday, 20 April 2011 09:47:44 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:16:12 UTC