Security considerations section - a proposal

I've tried to draft a security considerations section for the media 
capture and streams document.
I've been working from the idea that a security considerations section 
should not specify any new technology or features, but give an overview 
of the security issues that are involved in using the functionality, and 
mentioning the features that are particularly important in mitigating 
the risks involved.

Here's my proposed text. Let's do a round of discussion on the list 
before I enter this into the buganizer and from there into the document.


Security considerations

This section is non-normative.

*

This document extends the Web platform with the ability to manage input 
devices for media - in this iteration, microphones and cameras.

It also allows the manipulation of audio output devices (speakers and 
headphones).


Without authorization (to the "drive-by web"), it offers the ability to 
tell how many devices there are of each class. The identifiers for the 
devices are designed to not be useful for a fingerprint that can track 
the user between origins, but the number of devices adds to the 
fingerprint surface.


When authorization is given, this document describes how to get access 
to, and use, media data from the devices mentioned. This data may be 
sensitive; advice is given that indicators should be supplied to 
indicate that devices are in use, but both the nature of authorization 
and the indicators of in-use devices are platform decisions.


A mechanism, PeerIdentity, is provided that gives Javascript the option 
of requesting media that the Javascript cannot access, but can only be 
sent to certain other entities.

*

Received on Wednesday, 23 April 2014 11:51:38 UTC