- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 4 Apr 2013 10:46:21 +0100
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
On Thu, Apr 4, 2013 at 10:25 AM, Harald Alvestrand <harald@alvestrand.no> wrote: > On 04/04/2013 09:56 AM, Anne van Kesteren wrote: >> The specification should make it clear that once a user clears >> cookies/cache for a particular origin the sourceIds generated for it >> need to be different from the last time so they cannot be used to >> reinstate the cookie. > > Would this be satisfied if getUserMedia managed a cookie per origin that it > hashed in with the system's camera ID to produce the user-visible camera ID? As long as that cookie is cleared too and then reinstated with a new one that results in the hash generating a different result, sure. You should probably additionally clarify that sourceIds are origin-scoped (rather than "application", that's not a security concept the platform has), unlike cookies which are publicsuffix.org-scoped (which is way worse, but legacy yadayada). > We wouldn't want to expose an extra cookie to the server - I'm trying to > verify that this would satisfy the requirement. Depends on the details :-) -- http://annevankesteren.nl/
Received on Thursday, 4 April 2013 09:46:53 UTC