W3C home > Mailing lists > Public > public-media-capture@w3.org > September 2014

Re: getUserMedia() and authenticated origins

From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
Date: Wed, 10 Sep 2014 08:07:09 +0000
To: Anne van Kesteren <annevk@annevk.nl>, "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <1447FA0C20ED5147A1AA0EF02890A64B1D063A3C@ESESSMB209.ericsson.se>
On 08/09/14 19:25, Anne van Kesteren wrote:
> Is it true that the only reason we are not requiring an authenticated
> origin for getUserMedia() is that it might break tests or demos? Tests
> or demos do not usually influence design choices.

No, I don't think that is true at all, in fact I do not remember that 
tests were mentioned at all as a reason when the design was made.

Allowing plain http domains to ask for access to media devices is 
discussed a lot in [1], including API and UI requirements. Specifically 
it is said that

"Implementations MAY also opt to refuse all permissions grants for HTTP 
origins, but it is RECOMMENDED that currently they support one-time 
camera/microphone access."

Stefan


[1] 
http://datatracker.ietf.org/doc/draft-ietf-rtcweb-security-arch/?include_text=1

>
>


Received on Wednesday, 10 September 2014 08:07:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:30 UTC