Re: getUserMedia() and authenticated origins from Stefan Håkansson LK on 2014-09-10 (public-media-capture@w3.org from September 2014)

From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
Date: Wed, 10 Sep 2014 09:08:24 +0000
To: Anne van Kesteren <annevk@annevk.nl>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <1447FA0C20ED5147A1AA0EF02890A64B1D063B85@ESESSMB209.ericsson.se>

On 10/09/14 10:16, Anne van Kesteren wrote:
> On Wed, Sep 10, 2014 at 10:07 AM, Stefan Håkansson LK
> <stefan.lk.hakansson@ericsson.com> wrote:
>> On 08/09/14 19:25, Anne van Kesteren wrote:
>>> Is it true that the only reason we are not requiring an authenticated
>>> origin for getUserMedia() is that it might break tests or demos? Tests
>>> or demos do not usually influence design choices.
>>
>> No, I don't think that is true at all, in fact I do not remember that
>> tests were mentioned at all as a reason when the design was made.
>
> So it was because of demos?

No. Demo and test and test aspects where not specifically discussed as 
far as I remember.

It is a long time ago, and I can't recollect all details on why we did 
arrive on allowing http sites to access. I think it was a combination of

a) follow the geoLocation example
b) the expressed wish to allow for secure communication when the app is 
from untrusted sites (using PeerIdentity) - these perhaps temporary 
sites could deliver over http

Others may remember better, [1] and [2] is where the conclusions are 
documented.

>
>
>> Allowing plain http domains to ask for access to media devices is
>> discussed a lot in, including API and UI requirements. Specifically
>> it is said that
>>
>> "Implementations MAY also opt to refuse all permissions grants for HTTP
>> origins, but it is RECOMMENDED that currently they support one-time
>> camera/microphone access."
>
> Why is this not part of the API document? And why is this the
> recommendation? E.g. things like
> http://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-10#section-5.1
> would be much better if they were defined as part of the API in terms
> of https://w3c.github.io/webappsec/specs/mixedcontent/ terminology.

I agree. This has historical reasons - security was discussed and agreed 
across IETF and W3C, and for convenience documented at one place only 
([1] and [2]).

[1] 
http://datatracker.ietf.org/doc/draft-ietf-rtcweb-security-arch/?include_text=1
[2] 
http://datatracker.ietf.org/doc/draft-ietf-rtcweb-security/?include_text=1

>
>

Received on Wednesday, 10 September 2014 09:08:50 UTC