- From: Martin Thomson via GitHub <sysbot+gh@w3.org>
- Date: Fri, 10 Aug 2018 07:06:11 +0000
- To: public-media-capture-logs@w3.org
martinthomson has just created a new issue for https://github.com/w3c/mediacapture-main: == Origin isolation == I couldn't find anything in the specification regarding the origin that a track is attributed to. I suspect that all browsers have settled on a model that is sensible, but the spec should make a few things clear: 1. MediaStreamTrack objects are only readable by the origin that requested them, unless other constraints cause them to gain a different origin (the peerIdentity constraint for WebRTC does this). 2. MediaStreamTrack objects can be rendered if they belong to another origin, but only their size is known. 3. We need to decide what the rules are for constraints on cross origin tracks. I think that if the model for transferrance is that they are copied when transferred, then constraints can be both read and written, just as we permit a site to read and write constraints on peerIdentity-constrained tracks. 4. We need to consider what happens to synchronization of playback for mixed-origin MediaStreamTrack objects. Do we consider clock skew from a particular source to be something that we should protect? Whatever the decision, this is part of the set of things that we need to be very clear on. Work progresses on transferring tracks between origins, which I think is OK, but this is groundwork for that. The best text we have is in [the from-element spec](https://w3c.github.io/mediacapture-fromelement/#security-considerations), which is honestly a little on the light side. This came up in w3c/mediacapture-screen-share#53. Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/529 using your GitHub account
Received on Friday, 10 August 2018 07:06:15 UTC