Re: noaccess / peerIdentity as constraints

On 10 July 2013 07:43, Stefan HÃ¥kansson LK
<stefan.lk.hakansson@ericsson.com> wrote:
> I agree, but I understood Martin's reply as saying the user should not
> be able to know whether the access was of type "noaccess" or not. And
> then it seems pretty useless to me.

There is a fairly subtle distinction between "noaccess" and the
absence of constraints.

The user who grants permission to a site to access media sources does
not need to be provided with any additional information about the
"noaccess" constraint, simply because from their perspective, no
special protection is afforded the stream.  After all, the stream is
not bound to a particular peer, so the browser can send the data
anywhere it chooses.  The *permission* that is granted doesn't attain
any special status.

However, the constraint is such that the browser ensures that it can
only be sent to an authenticated peer.  This ensures that the
*receiver* of a stream can make assertions.

It's also possible that once a stream is sent to a particular
destination, the browser could provide a user with information about
who is receiving the media, though it is not obligated to do so -
we're not in the business of making specific UI recommendations.

Received on Wednesday, 10 July 2013 16:43:27 UTC