Re: [mediacapture-screen-share] Add getCurrentBrowsingContextMedia (#148)

Thanks @eladalon1983 for the summary.

> We've agreed that a capture-this-tab API would be useful, and that we should proceed in our efforts to define that.

To clarify: I recognize capture of the visible top-level viewport has desirable security properties (no oversharing), and, due to CSS, seems simpler to specify than what capturing an embedded iframe or even full document might mean. It's ultimately up to the WG to choose though, so I look forward to your presentation. Btw, I think we should call it `getTabMedia` again, with a `"tab-capture"` permissions policy.

> Question - are there any figures available on the adoption of COEP by web-developers?

I prefer to think of [COEP](https://web.dev/coop-coep/) as _enabling technology_, a solution to security problems allowing web-developers to have things they want, like `sharedArrayBuffer` and `performance.measureMemory()`. I have no doubt `getTabMedia` will be similarly desirable. I plan to present [slides](https://docs.google.com/presentation/d/17Z_vR4pOXn-9wthiqbM9GC7JE7vfbdNffEedBPqj1Mw/edit#slide=id.gaec44d0fdd_2_24) on COEP for capture, which means some more specification work for sure, but at least it wouldn't require COOP.

> I think that it's reasonable that the capture-ability of videos and images is controlled by the document that embeds them. Jan-Ivar, could you explain again why you don't think that would be enough?

A history of security bugs documents the importance of cross-origin image protections ($4000 in Chrome, $3500 in Firefox):
- WebGL https://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
- WebRTC https://bugs.chromium.org/p/chromium/issues/detail?id=761622
- SVG https://bugzilla.mozilla.org/show_bug.cgi?id=1559715
- fillText https://bugzilla.mozilla.org/show_bug.cgi?id=1540221

-- 
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/pull/148#issuecomment-738512873 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 4 December 2020 02:15:42 UTC