- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Thu, 30 Aug 2012 11:01:49 +0200
- To: Paul Neave <paul.neave@gmail.com>
- CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 08/29/2012 06:51 PM, Paul Neave wrote: > On Wednesday, 29 August 2012 at 17:29, Harald Alvestrand wrote: >> I found this note in the WebRTC WG archive from May 2012, so it's a >> while ago.... thanks for bringing it back! > Glad to bring attention back to this again! > >> I have created [ACTION-9] to track this issue, and provisionally >> assigned it to me. >> >> The concern I've seen raised before with detailed error messages is that >> it allows probing to identify the user (you probe for a camera that he >> might or might not have), but information about whether the user or the >> system rejected the call is easily visible from timing anyway, so >> returning an error might be good for the Good Guys while not giving >> anything new to the Bad Guys. > Yep, I can see that we don't want to give too much away if it can be helped. > >> So I make it >> >> "permission denied" - user said no >> "not available" - there is a device, but it is doing something else >> "not supported" - no device satisfies the constraints > This sounds right, nice and simple. A discussion on the Chromium project came to similar conclusions: > > http://code.google.com/p/chromium/issues/detail?id=132812 > > Similarly: > 1) "permission denied" - User pressed deny > 2) "not available" - Mandatory devices not found or exclusively opened elsewhere > 3) "not supported" - If a web browser wants to implement the API for compatibility reasons but not implement it > > > There was also a suggestion for another constant: > 4) "not allowed" - For example calling getUserMedia from a HTML file on the local file system > > Although here I think 4) is not completely necessary as 3) would probably suffice. > One could also argue that "permission denied" is appropriate when it's denied by policy - I run my test chromium with --allow-file-access-from-file, which makes this particular denial go away....
Received on Thursday, 30 August 2012 09:02:23 UTC