- From: jan-ivar via GitHub <sysbot+gh@w3.org>
- Date: Tue, 06 Sep 2016 17:13:25 +0000
- To: public-media-capture-logs@w3.org
> As to the original intent: I think we changed the language to say that when you check whether you can open a device, you first check whether it is already open, and if it is, you skip the check against permission. This preserves the previous behavior, @alvestrand It does not. Checking whether a device is already open affects *overlapping* gUM requests only (i.e. the app requests gUM again *before* calling stream.stop(), a case we agree on, but a separate issue). It does not preserve the February behavior that requesting gUM *after* stream.stop() MUST cause a prompt "unless there is a stored permission" (stored by the user). If this edit was a mistake, it should be undone. If it wasn't, then I can't find the necessary group consensus that we meant to change this required behavior. @jyasskin Thanks for the link, but I disagree `http` vulnerability is the spec's only concern here (the other being privacy). As I mention in https://github.com/w3c/mediacapture-main/issues/389#issuecomment-244282279, the spec establishes privacy as a concern when it suggests users should see a "device accessible" indicator (separate from "live recording"), and introduces concepts to imbue such an indicator with the necessary power, chiefly the "stored permission". This is clearly echoed under [Best Practices: Stored permissions](https://w3c.github.io/mediacapture-main/getusermedia.html#implementation-suggestions) where it says "the choice [to store permission] needs to be apparent to the user", and "When permission is not stored, permission will last only until such time as all MediaStreamTracks sourced from that device have been stopped." Combined, this guarantees users that access cannot resume once the "device accessible" indicator goes away, unless they've made an "apparent" "choice" to allow such a thing. This is consistent with the February language, but the edit is not. -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/387#issuecomment-245021280 using your GitHub account
Received on Tuesday, 6 September 2016 17:13:44 UTC