Re: [mediacapture-region] Should we support strings in addition or in lieu of opaque identifiers? (#46) from Tim Panton via GitHub on 2022-06-24 (public-webrtc-logs@w3.org from June 2022)

From: Tim Panton via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Jun 2022 10:18:57 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-1165429295-1656065935-sysbot+gh@w3.org>

I can't tell if it is more or less trust worthy - that's the point - but 
there are many more ways that a uuid could arrive in my app and be manipulated/tracked on the way. An opaque token ensures that it was minted in this user agent, for this user, in this session and gives you a bunch of origin info too. It can't be tracked or correlated, this makes it much easier to reason about security or lack thereof.


-- 
GitHub Notification of comment by steely-glint
Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/46#issuecomment-1165429295 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 24 June 2022 10:18:58 UTC