W3C home > Mailing lists > Public > public-media-capture@w3.org > July 2013

Re: noaccess / peerIdentity as constraints

From: Harald Alvestrand <harald@alvestrand.no>
Date: Wed, 17 Jul 2013 13:37:14 +0200
Message-ID: <51E681EA.3030407@alvestrand.no>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>, Eric Rescorla <ekr@rtfm.com>
On 07/16/2013 06:39 PM, Martin Thomson wrote:
> On 16 July 2013 07:15, Harald Alvestrand <harald@alvestrand.no> wrote:
>> How does the information about whether or not the stream had the "noaccess"
>> constraint at the origin site get communicated to the receiver site, and
>> which component is going to be the guarantor of the authenticity of that
>> information?
> So, as I understand the proposal, the browser at the origin side
> applies the "noaccess" constraint and implicitly includes that in the
> identity assertion.
> That is, an identity assertion is only provided for protected streams.
>   The receiver can know from the fact that there is an identity
> assertion in the signaling that the stream was protected from
> modification and (for peerIdentity) eavesdropping.
> I don't know if we've discussed having these signals being explicit.
> That is also a possibility.
> (I too have no good idea about the right venue for this particular
> discussion.  It crosses boundaries.)
EKR, can you point to the whole proposal as it exists in your mind (and 
hopefully written down somewhere)?

It seems that one problem with the part that we inserted into the 
mediacapture spec is that we don't see the whole picture, which makes it 
hard to say whether the definitions are right or not.
Received on Wednesday, 17 July 2013 11:37:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:18 UTC