W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > February 2022

Re: [mediacapture-region] What makes CropTarget special to require an asynchronous creation? (#17)

From: Elad Alon via GitHub <sysbot+gh@w3.org>
Date: Wed, 02 Feb 2022 11:25:26 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-1027843349-1643801125-sysbot+gh@w3.org>
I think it's easiest to answer with Chrome as the concrete example, thereby keeping the discussion simpler. This is generalizable to other browsers.

Chrome has a central "browser process," and documents are hosted in "render processes." (For simplicity, let's pretend every document has a dedicated render process.) Let's examine multiple documents embedded together in another document, and all living together in the same tab.

Against for simplicity, we'll call the document where the crop-target lives SLIDE, and the document which holds the track we'll call VC. This I find easier than talking about D1, D2 etc., as we can have a practical example in our mind's eye. If necessary, map (SLIDE, VC) to (D1, D2).

CropTarget is essentially a token. That token is produced in SLIDE and passed. It may be passed directly to VC or indirectly. A design that allows for it to be safely be passed through other documents is preferable, as it requires less care of developers. To be safely passed through other documents (and therefore processes), it should encode the minimum amount of information. This is mostly true for JS-exposed information, but non-JS-exposed information that lives in the render process that holds the token, is also theoretically accessible to malicious documents under certain conditions.

So, to keep the minimum amount of information, the token should not actually encode the information that it originates in SLIDE. Let's think of the token T as a UUID, where only the (trusted) browser process knows the T<->SLIDE mapping.

This mapping has to be recorded in the browser process, which requires IPC, which means that minting the token should be asynchronous.

To generalize away from Chrome, other UA-implementers will either run into similar implementation constraints, or else they can just return a pre-resolved Promise<CropTarget> and not worry about it.

GitHub Notification of comment by eladalon1983
Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/17#issuecomment-1027843349 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 2 February 2022 11:25:28 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:56 UTC