RE: noaccess / peerIdentity as constraints

Wouldn't a no-access constraint keep the application from recording the media or taking photos?  In that case, there is a difference between no-access and no constraints.  On the other hand, if we say that no-access does allow recording and photos, then 'no-access' is probably the wrong term.

- Jim

-----Original Message-----
From: Martin Thomson [mailto:martin.thomson@gmail.com] 
Sent: Wednesday, July 10, 2013 12:43 PM
To: Stefan Håkansson LK
Cc: Jim Barnett; Dominique Hazael-Massieux; public-media-capture@w3.org
Subject: Re: noaccess / peerIdentity as constraints

On 10 July 2013 07:43, Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com> wrote:
> I agree, but I understood Martin's reply as saying the user should not 
> be able to know whether the access was of type "noaccess" or not. And 
> then it seems pretty useless to me.

There is a fairly subtle distinction between "noaccess" and the absence of constraints.

The user who grants permission to a site to access media sources does not need to be provided with any additional information about the "noaccess" constraint, simply because from their perspective, no special protection is afforded the stream.  After all, the stream is not bound to a particular peer, so the browser can send the data anywhere it chooses.  The *permission* that is granted doesn't attain any special status.

However, the constraint is such that the browser ensures that it can only be sent to an authenticated peer.  This ensures that the
*receiver* of a stream can make assertions.

It's also possible that once a stream is sent to a particular destination, the browser could provide a user with information about who is receiving the media, though it is not obligated to do so - we're not in the business of making specific UI recommendations.

Received on Wednesday, 10 July 2013 18:10:28 UTC