W3C home > Mailing lists > Public > public-html-media@w3.org > September 2016

[encrypted-media] Fix inconsistency: Informing the user and requiring user consent is always per-origin

From: ddorwin via GitHub <sysbot+gh@w3.org>
Date: Wed, 07 Sep 2016 23:42:52 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-175632396-1473291770-sysbot+gh@w3.org>
ddorwin has just created a new issue for 
https://github.com/w3c/encrypted-media:

== Fix inconsistency: Informing the user and requiring user consent is
 always per-origin ==
When consent is required in the [Get Consent 
Status](https://w3c.github.io/encrypted-media/#get-consent-status) 
algorithm, the UA is to "Request user consent to use accumulated 
configuration **in the origin** and wait for the user response" 
(emphasis added).

When that algorithm returns `InformUser`, the UA is to "Inform the 
user that accumulated configuration is in use **in the origin**..."  
(emphasis added).

https://w3c.github.io/encrypted-media/#security-prompts and 
https://w3c.github.io/encrypted-media/#privacy-prompts both say 
(emphasis added):
>Such alerts and consent **SHOULD** be per origin to avoid valid uses 
enabling subsequent malicious access and MUST be per browsing profile.

That "SHOULD" should be "MUST" to be consistent with the algorithms.


Please view or discuss this issue at 
https://github.com/w3c/encrypted-media/issues/314 using your GitHub 
account
Received on Wednesday, 7 September 2016 23:43:02 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 September 2016 23:43:02 UTC