RE: User media constraint: peerIdentity

Martin,

This is an interesting idea. But I wonder how browsers can prevent a page from using any post-processing API [1] to access the constrained media stream.
Do we require those APIs to be aware of peerIdentity and refuse any such constrained media streams?

Thanks,
Li

[1] http://www.w3.org/TR/capture-scenarios/


-----Original Message-----
From: Martin Thomson [mailto:martin.thomson@gmail.com] 
Sent: Monday, October 22, 2012 2:18 PM
To: public-webrtc@w3.org
Subject: User media constraint: peerIdentity

...

A MediaStream that is acquired using a 'peerIdentity' constraint
cannot be recorded, sampled or otherwise accessed by the current page.
 It can only be added to an RTCPeerConnection.  That RTCPeerConnection
instance MUST NOT send media originating from that MediaStream unless
it successfully authenticates the peer with an identity that matches
the 'peerIdentity' constraint.  Matching is based on the rules defined
in the IdP draft for "at" identifiers or RFCs 6125 & 5280 for "non-at"
identifiers (yes this isn't strictly RFC 6125, but the basic rules are
transferable).

...

--Martin

Received on Tuesday, 23 October 2012 21:44:27 UTC