Re: [mediacapture-main] Reinstate strong language on permission ending when tracks stop, lost by editorial mistake from jan-ivar via GitHub on 2016-09-06 (public-media-capture-logs@w3.org from September 2016)

From: jan-ivar via GitHub <sysbot+gh@w3.org>
Date: Tue, 06 Sep 2016 17:13:25 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issue_comment.created-245021280-1473182003-sysbot+gh@w3.org>

> As to the original intent: I think we changed the language to say
that when you check whether you can open a device, you first check
whether it is already open, and if it is, you skip the check against
permission. This preserves the previous behavior,

@alvestrand It does not. Checking whether a device is already open
affects *overlapping* gUM requests only (i.e. the app requests gUM
again *before* calling stream.stop(), a case we agree on, but a
separate issue). It does not preserve the February behavior that
requesting gUM *after* stream.stop() MUST cause a prompt "unless there
is a stored permission" (stored by the user).

If this edit was a mistake, it should be undone. If it wasn't, then I
can't find the necessary group consensus that we meant to change this
required behavior.

@jyasskin Thanks for the link, but I disagree `http` vulnerability is
the spec's only concern here (the other being privacy). As I mention
in
https://github.com/w3c/mediacapture-main/issues/389#issuecomment-244282279,
the spec establishes privacy as a concern when it suggests users
should see a "device accessible" indicator (separate from "live
recording"), and introduces concepts to imbue such an indicator with
the necessary power, chiefly the "stored permission".

This is clearly echoed under [Best Practices: Stored
permissions](https://w3c.github.io/mediacapture-main/getusermedia.html#implementation-suggestions)
where it says "the choice [to store permission] needs to be apparent
to the user",

and

"When permission is not stored, permission will last only until such
time as all MediaStreamTracks sourced from that device have been
stopped."

Combined, this guarantees users that access cannot resume once the
"device accessible" indicator goes away, unless they've made an
"apparent" "choice" to allow such a thing.

This is consistent with the February language, but the edit is not.

--
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at
https://github.com/w3c/mediacapture-main/issues/387#issuecomment-245021280
using your GitHub account

Received on Tuesday, 6 September 2016 17:13:44 UTC