RE: Proposal for device "enumeration" from Martin Thomson on 2013-01-14 (public-media-capture@w3.org from January 2013)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 14 Jan 2013 00:24:07 +0000
To: Cullen Fluffy Jennings <fluffy@cisco.com>
Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <6833766700855123037@unknownmsgid>

For other forms of devices it would be necessary to define a new
HapticStream or SmellovisionStream object, as appropriate. I was under the
impression that there was no sting desire to add those, or any other type
at this time.

 *From:* Cullen Jennings (fluffy)
*Sent:* ‎January‎ ‎3‎, ‎2013 ‎1‎:‎12‎ ‎PM
*To:* Martin Thomson <martin.thomson@gmail.com>
*CC:* public-media-capture@w3.org
*Subject:* Re: Proposal for device "enumeration"


Looks good to me (as long as it has the hash stuff). But I also want an API
to get all the Sources including the ones that are not Audio and Video. I
think this limiting ourselves to audio and video is going to be a long term
mistake.

On Dec 6, 2012, at 10:57 AM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> As discussed on the call, and as no doubt Travis is already typing up,
> here is what I think we need for device enumeration:
>
> VideoStreamSource and AudioStreamSource each have a static method
> (invoked on the constructor, not an instance) that produces a sequence
> of device identifiers.
>
>  typedef DOMString DeviceId;
>  partial interface VideoStreamSource {
>    static sequence<DeviceId> getDeviceIds();
>  }
>  partial interface AudioStreamSource {
>    static sequence<DeviceId> getDeviceIds();
>  }
>
> MediaTrackConstraints has a new constraint called... "deviceId", which
> takes a DeviceId as its value.  This allows an application to select a
> specific device.
>
> We should *strongly* recommend that device identifiers are persistent
> for a given origin.  However, it MUST NOT be possible to correlate
> between different origins otherwise we may as well sign our own death
> warrants lest the anti-fingerprinting mafia wring our necks for
> wrecking all their efforts.
>
> This last requirement assumes that the identifier has a non-trivial
> amount of entropy, such as a GUID, which I believe to be the most
> practical method of implementation.  A potential method would be to
> take the stable OS-level identifier; a persistent, browser-generated
> secret; and the origin.  These would be combined and maybe run through
> one of them hashish algorithms [1].
>
> --Martin
>
> [1] I hear that's what the kids are all doing nowadays.  Travis lives
> in Washington, so he would have more information on that.
>

Received on Monday, 14 January 2013 00:25:55 UTC