Fwd: [rtcweb] Conditions for long-term permissions grants from Stefan Håkansson LK on 2015-03-10 (public-media-capture@w3.org from March 2015)

From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
Date: Tue, 10 Mar 2015 15:16:10 +0000
To: "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <1447FA0C20ED5147A1AA0EF02890A64B1D1AD1EF@ESESSMB209.ericsson.se>

I think this question is for the TF.


-------- Forwarded Message --------
Subject: 	[rtcweb] Conditions for long-term permissions grants
Date: 	07/03/15 21:45
From: 	Eric Rescorla <ekr@rtfm.com>
To: 	public-webrtc@w3.org <public-webrtc@w3.org>, rtcweb@ietf.org
<rtcweb@ietf.org>



https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-10#section-5.2
requires
that JS be able to ask for short or long-term permissions grants:



     API Requirement:  The API MUST provide a mechanism for the requesting
        JS to indicate which of these forms of permissions it is
        requesting.  This allows the browser client to know what sort of
        user interface experience to provide to the user, including what
        permissions to request from the user and hence what to enforce
        later.  For instance, browsers might display a non-invasive door
        hanger ("some features of this site may not work..." when asking
        for long-term permissions) but a more invasive UI ("here is your
        own video") for single-call permissions.  The API MAY grant weaker
        permissions than the JS asked for if the user chooses to authorize
        only those permissions, but if it intends to grant stronger ones
        it SHOULD display the appropriate UI for those permissions and
        MUST clearly indicate what permissions are being requested.


However, there's no such affordance in the API and neither Chrome nor 
Firefox

comply with this. Currently:


- Chrome grants short-term permissions for HTTP and long-term 
permissions for

    HTTPS.

- Firefox by default grants short-term permissions but allows the user 
to select

    long-term permissions if the site is HTTPS.


It seems like some consistency would be nice here.


My personal view is that it would still be nice to require sites to ask 
for persistent

permissions if they want them and that there should be a getUserMedia()

flag to indicate that. If people agree with me, I'll file an issue on 
the media

capture specification to add this affordance. However, if people think this

is wrong, we should remove this requirement in the security architecture

document.


-Ekr

Attachments

text/plain attachment: ATT00001.txt

Received on Tuesday, 10 March 2015 15:16:35 UTC