crypto-ISSUE-18: Should it be possible to perform CryptoOperations as a 'streaming' operation with URI semantics? [Web Cryptography API] from Web Cryptography Working Group Issue Tracker on 2012-08-06 (public-webcrypto@w3.org from August 2012)

From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 06 Aug 2012 18:20:39 +0000
To: public-webcrypto@w3.org
Message-Id: <E1SyRux-0003bh-Oa@tibor.w3.org>

crypto-ISSUE-18: Should it be possible to perform CryptoOperations as a 'streaming' operation with URI semantics? [Web Cryptography API]

http://www.w3.org/2012/webcrypto/track/issues/18

Raised by: Ryan Sleevi
On product: Web Cryptography API

The File API [1] defines an extension to the URL API [2] that exposes methods URL.createObjectURL [3] and URL.revokeObjectURL [4].

These define a 'special' URL syntax that allows user agents to directly interpret the data represented within a Blob, for use with existing schemes that take a URL (for example, img.src or script.src).

The MediaStreams API [5] further extends URL.createObjectURL [6] to allow MediaStream objects to be passed to to createObjectURL. MediaStreams are not Blob types themselves, and may be of indeterminate length (unlike Blobs), but by exposing them as pseudo-URLs, they can be used with existing tags such as <audio> or <video>.

Similarly, proposed APIs for streaming exist as part of the Stream Processing Spec [7] and through the Streams API [8]. Notably, the Streams API proposes a generic extension for createObjectURL that allows creating a blob URI from Stream objects.

The question is whether or not the Web Cryptography API should also extend createObjectURL to allow the creation of a Blob URI from a CryptoOperation.

Possible semantics:
- For an decryption operation, the returned stream references the plaintext data
  - TBD: What to do for authenticated encryption data
- For an encryption operation, the returned stream references the encrypted data
  - TBD: What to do for authenticated encryption data
- For a verify operation, the returned stream will contain the verified (signed) data.

Possible downsides:
- Unlike MediaStream/Blob, for which the data source is inside the user agent itself, the CryptoOperation is dependent upon the user manually adding more data to be processed, via processData(). This is similar to the StreamBuilder API from [8]. Does createObjectURL make sense for this use case?
- It's not possible to specify a streaming /source/ of data

Possible enhancements:
- Should FormData [10] or XMLHttpRequest.send [11] be updated to take CryptoOperation/streams?

[1] http://www.w3.org/TR/FileAPI/
[2] http://www.w3.org/TR/url/
[3] http://www.w3.org/TR/FileAPI/#dfn-createObjectURL
[4] http://www.w3.org/TR/FileAPI/#dfn-revokeObjectURL
[5] http://www.w3.org/TR/mediacapture-streams/
[6] http://www.w3.org/TR/mediacapture-streams/#url
[7] https://dvcs.w3.org/hg/audio/raw-file/tip/streams/StreamProcessing.html
[8] http://dvcs.w3.org/hg/streams-api/raw-file/tip/Overview.htm
[9] http://dvcs.w3.org/hg/streams-api/raw-file/tip/Overview.htm#error-uris_for_streams
[10] http://www.w3.org/TR/2012/WD-XMLHttpRequest-20120117/#interface-formdata
[11] http://www.w3.org/TR/2012/WD-XMLHttpRequest-20120117/#the-send-method

Received on Monday, 6 August 2012 18:20:40 UTC