W3C home > Mailing lists > Public > public-html-media@w3.org > September 2016

[encrypted-media] Add step to allow user agent to return InformUser for reasons other than use of Distinctive Identifiers

From: ddorwin via GitHub <sysbot+gh@w3.org>
Date: Wed, 07 Sep 2016 23:41:16 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-175632204-1473291675-sysbot+gh@w3.org>
ddorwin has just created a new issue for 
https://github.com/w3c/encrypted-media:

== Add step to allow user agent to return InformUser for reasons other
 than use of Distinctive Identifiers ==
The [Get Consent 
Status](https://w3c.github.io/encrypted-media/#get-consent-status) 
algorithm currently allows "The user agent [to require] explicit user 
consent for the _accumulated configuration_ for other reasons." (This 
was added for issue #96.) However, there is no such option for the 
user agent to return `InformUser` unless "the `distinctiveIdentifier` 
member of accumulated configuration is not "not-allowed"."

We should add a new step after the above text that says:
>If the user agent requires informing the user for the _accumulated 
configuration_ for other reasons, return `InformUser`.

This is consistent with the following statements from the Security 
section:
>If a user agent chooses to support a Key System implementation that 
cannot be sufficiently sandboxed or otherwise secured, the user agent 
SHOULD ensure that users are fully informed and/or give explicit 
consent before loading or invoking it.

<p/>
>User agents SHOULD ensure that users are fully informed and/or give 
explicit consent before a Key System that presents security concerns 
that are greater than other user agent features (e.g. DOM content) may
 be accessed by an origin.


Note: #312 could cause more conditions to be added to the existing 
step that requires returning `InformUser`. In that case (or even 
regardless), we could restructure the existing step to match the "If 
any of the following are true:" structure of the text added for #96.

Please view or discuss this issue at 
https://github.com/w3c/encrypted-media/issues/313 using your GitHub 
account
Received on Wednesday, 7 September 2016 23:41:24 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 September 2016 23:41:24 UTC