Re: Request for feedback: Media Capture and Streams Last Call from Jan-Ivar Bruaroey on 2015-07-08 (public-media-capture@w3.org from July 2015)

From: Jan-Ivar Bruaroey <jib@mozilla.com>
Date: Tue, 07 Jul 2015 21:14:32 -0400
To: Mathieu Hofman <Mathieu.Hofman@citrix.com>, Harald Alvestrand <harald@alvestrand.no>, "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <559C7978.2090308@mozilla.com>

On 7/7/15 7:12 PM, Mathieu Hofman wrote:
> Just to sum up the logic:
>
> enumerateDevices()
> If deviceId stored (persistent or in-session), reuse
> If deviceId not stored, generate new one.
>    If permanent permissions were already granted, store deviceId in a sort of "hidden" persistent cookie.
>    If permanent permissions are not granted, store deviceId in "hidden" session cookie
>
> gUM()
> If deviceId stored (persistent or in-session), reuse
> If deviceId not stored, generate new one, store in session cookie
>   If user grants permission (temporary or permanent), store deviceId in "hidden" persistent cookie.
>
> Clear cookies: Remove session & persistent deviceId.

That sounds about right. It's perhaps clearer with one cookie with a 
persist-flag:

enumerateDevices()
   If deviceIds in hidden cookie, reuse
   If deviceIds not in hidden cookie, generate new hidden cookie with 
fresh deviceIds.
     If permanent permissions were already granted, set 
cookie.persist=true, else false.

gUM()
   call internal version of enumerateDevices() to get deviceIds for this 
origin.
   If user grants permission (temporary or permanent), and 
cookie.persist == false, set to true.

Clear cookies: Remove hidden cookies

> I think we should not remove stored deviceId if user changes persistent permission type, as that introduce a weird dependency.
> It can also create a confusing case for the site:
> enumerateDevices() => { device: id = 12345 type = videoinput }
> getUserMedia({video: { deviceId: { exact: 12345 } }, user allows and persist permission ("always") => success, app stores deviceId to localStorage
> User revokes persistent permissions, which would remove stored deviceId

No, it would persist here, because revoking is different from 
permanently denying. In any case...

> User visits site again, which has deviceId still saved in localStorage:
> getUserMedia({video: { deviceId: { exact: 12345 } } => no we have a problem since device 12345 no longer exists.
>
> So to revisit your questions:
>> Q: I change site X's persistent permission from "Always Allow" back to
>> the default ("Always ask").
>> A: deviceId persists.
>>
>> Q: I change site X's persistent permission from "Always Allow" to
>> "Always Deny".
>> A: Should we clear deviceId in this case, or is it unrelated at this point?
> A: It's unrelated. deviceId persists. The site might have stored it (or other "unique" info) in cookie/localStorage.

I think I agree.

> Mathieu

.: Jan-Ivar :.

Received on Wednesday, 8 July 2015 01:15:11 UTC