- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Wed, 17 Jul 2013 13:37:14 +0200
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: "public-media-capture@w3.org" <public-media-capture@w3.org>, Eric Rescorla <ekr@rtfm.com>
On 07/16/2013 06:39 PM, Martin Thomson wrote: > On 16 July 2013 07:15, Harald Alvestrand <harald@alvestrand.no> wrote: >> How does the information about whether or not the stream had the "noaccess" >> constraint at the origin site get communicated to the receiver site, and >> which component is going to be the guarantor of the authenticity of that >> information? > So, as I understand the proposal, the browser at the origin side > applies the "noaccess" constraint and implicitly includes that in the > identity assertion. > > That is, an identity assertion is only provided for protected streams. > The receiver can know from the fact that there is an identity > assertion in the signaling that the stream was protected from > modification and (for peerIdentity) eavesdropping. > > I don't know if we've discussed having these signals being explicit. > That is also a possibility. > > (I too have no good idea about the right venue for this particular > discussion. It crosses boundaries.) EKR, can you point to the whole proposal as it exists in your mind (and hopefully written down somewhere)? It seems that one problem with the part that we inserted into the mediacapture spec is that we don't see the whole picture, which makes it hard to say whether the definitions are right or not.
Received on Wednesday, 17 July 2013 11:37:43 UTC