- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Wed, 23 Apr 2014 13:51:07 +0200
- To: "public-media-capture@w3.org" <public-media-capture@w3.org>
- Message-ID: <5357A92B.8090402@alvestrand.no>
I've tried to draft a security considerations section for the media capture and streams document. I've been working from the idea that a security considerations section should not specify any new technology or features, but give an overview of the security issues that are involved in using the functionality, and mentioning the features that are particularly important in mitigating the risks involved. Here's my proposed text. Let's do a round of discussion on the list before I enter this into the buganizer and from there into the document. Security considerations This section is non-normative. * This document extends the Web platform with the ability to manage input devices for media - in this iteration, microphones and cameras. It also allows the manipulation of audio output devices (speakers and headphones). Without authorization (to the "drive-by web"), it offers the ability to tell how many devices there are of each class. The identifiers for the devices are designed to not be useful for a fingerprint that can track the user between origins, but the number of devices adds to the fingerprint surface. When authorization is given, this document describes how to get access to, and use, media data from the devices mentioned. This data may be sensitive; advice is given that indicators should be supplied to indicate that devices are in use, but both the nature of authorization and the indicators of in-use devices are platform decisions. A mechanism, PeerIdentity, is provided that gives Javascript the option of requesting media that the Javascript cannot access, but can only be sent to certain other entities. *
Received on Wednesday, 23 April 2014 11:51:38 UTC