W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2015

Re: New proposal: Adding WebRTC/MediaCapture permissions to the permissions model

From: Harald Alvestrand <harald@alvestrand.no>
Date: Fri, 11 Dec 2015 08:05:49 +0100
To: public-webappsec@w3.org
Message-ID: <566A75CD.3060705@alvestrand.no>
Den 11. des. 2015 01:46, skrev Chris Palmer:
> Regarding:
> 
>     “device­info” ­ permits getting names and capabilities of available
> input and output devices.
> 
> I'd rather that information not be generally available to web origins.
> The browser, and the person using the browser, can and should mediate
> access to the devices (via native browser chrome or other mechanisms
> outside or and unavailable to the web origin). Web origins might abuse
> the information they can access for e.g. supercookies, and in any case
> it doesn't seem strictly necessary.

If possible, I'd like to separate the discussion of what information is
exposed from the mechanism by which we say that the information is exposed.

The WebRTC WG's Media Capture TF has had a very long discussion about
what information is exposed about available devices, and who it is
exposed to. The result is captured here:

http://w3c.github.io/mediacapture-main/getusermedia.html#widl-MediaDevices-enumerateDevices-Promise-sequence-MediaDeviceInfo

The "deviceinfo" permission would represent the permission checked in
step 4 of the algorithm.

The TF's decision to expose this was based on the theory that exposing
the content of cameras and microphones was strictly more sensitive than
exposing the names of devices, so it did not make sense to protect the
names of devices more tightly.

If you want to revisit that discussion, please take it up in the Media
Capture TF.

> 
> 
> On Wed, Dec 9, 2015 at 1:09 PM, Harald Alvestrand <harald@alvestrand.no
> <mailto:harald@alvestrand.no>> wrote:
> 
>     Hello WebAppSec people!
> 
>     The topic of permissions has been much on the mind of the WebRTC WG and
>     the Media Capture task force.
>     One suggestion has been to use the WebAppSec "permissions" model to
>     manage our permissions - this seems attractive on the surface, but we're
>     not sure if we understand all the implications.
> 
>     In order to explore this further, I wrote up a sketch for how this could
>     be done based on my understanding of the permissions document. The
>     proposal is enclosed, and is also available as a GDoc on this link:
> 
>     https://docs.google.com/document/d/13c4hTlm2XgVYpxfGL1a8fcvI1CAUdIgd662DfElk_ow/edit?usp=sharing
> 
>     This seems to have had a reasonable reception in the Media Capture
>     group.
>     If it also meets favor (possibly after a rewrite based on advice) in
>     this group, it could be turned into a pull request against the
>     Permissions API document.
> 
>     Would that seem like a reasonable plan?
> 
>     Harald Alvestrand
>     speaking, in this case, as technical contributor to Media Capture
>     and WebRTC
> 
> 
Received on Friday, 11 December 2015 07:06:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:16 UTC