W3C home > Mailing lists > Public > public-webrtc@w3.org > September 2012

Re: IdP issues (was: Needs to be more clearly described)

From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 18 Sep 2012 20:30:20 -0700
Message-ID: <CABcZeBMRbY4nDbGRwHQHRc96-8ibci5GVYQvzM6MX=gHrhjj-Q@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Harald Alvestrand <harald@alvestrand.no>, public-webrtc@w3.org
On Tue, Sep 18, 2012 at 7:26 PM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> On 18 September 2012 18:31, Harald Alvestrand <harald@alvestrand.no> wrote:
>> One reason it hasn't been done is probably that its use case was felt to be
>> not compelling.
>
> Um, what?
>
> That would be the use case that we've been discussing for as long as
> I've been involved in this.  You and I use untrusted site to mediate a
> call between us, but want to ensure that the call is private.  The
> pokerstars.net case, if that helps jog your memory.
>
> If you are able to do media from a remote peer securely, local
> loopback should be just the same.  You just prevent reading from the
> rectangle that displays the video.  Control extends solely to where
> the rectangle is shown.  In practice, I imagine that implementation
> would be much like the security constraints on a cross domain iframe.
> And yes, blocking other uses like canvas, recording, sampling, etc...
> would be necessary.

I agree that this is a relevant use case. There is some discussion of
this in draft-ietf-rtcweb-security-arch S 5.2, which describes two mechanisms:

1. The ability for the JS to relinquish access to a given media stream and
have that enforced by the browser.
2. The ability to have permissions granted to send media to a given identity.
[Note that I had assumed that this would be enforced by the PC part
of the system, but we could discuss that.]

Put together, these allow you to have a system where media is
sent to a given identity and only to that identity.

As you say, the tainting isn't difficult and the browser already needs it
for any cross-origin/mashu-; type case.

-Ekr
Received on Wednesday, 19 September 2012 03:31:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 19 September 2012 03:31:30 GMT