W3C home > Mailing lists > Public > public-html-media@w3.org > June 2016

[encrypted-media] Add statement that all values exposed or inferable by the application must be per-origin

From: ddorwin via GitHub <sysbot+gh@w3.org>
Date: Fri, 10 Jun 2016 00:18:38 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-159536216-1465517917-sysbot+gh@w3.org>
ddorwin has just created a new issue for 
https://github.com/w3c/encrypted-media:

== Add statement that all values exposed or inferable by the 
application must be per-origin ==
We have a clear requirement that (most) [identifiers are 
per-origin](https://w3c.github.io/encrypted-media/#per-origin-identifiers)
 and that [persisted data must be 
clearable](https://w3c.github.io/encrypted-media/#allow-persistent-data-cleared),
 but I don't believe there is a single place that says most values 
(Permanent Identifiers being the obvious exception), both persisted 
and not, must be per-origin and not be accessible or inferable by 
other origins.

Some references to #per-origin-identifiers may not actually be related
 to identifiers and should instead point to such a requirement.

I believe there are some references in the `MediaKeys` and/or 
`MediaKeySessions` sections, and the web platform relies on origins, 
but it is still worth making a clear statement and having a reference 
target that is not specific to identifiers.

Please view or discuss this issue at 
https://github.com/w3c/encrypted-media/issues/242 using your GitHub 
account
Received on Friday, 10 June 2016 00:18:40 UTC

This archive was generated by hypermail 2.3.1 : Friday, 10 June 2016 00:18:40 UTC