- From: Li Li <Li.NJ.Li@huawei.com>
- Date: Tue, 23 Oct 2012 21:40:04 +0000
- To: Martin Thomson <martin.thomson@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Martin, This is an interesting idea. But I wonder how browsers can prevent a page from using any post-processing API [1] to access the constrained media stream. Do we require those APIs to be aware of peerIdentity and refuse any such constrained media streams? Thanks, Li [1] http://www.w3.org/TR/capture-scenarios/ -----Original Message----- From: Martin Thomson [mailto:martin.thomson@gmail.com] Sent: Monday, October 22, 2012 2:18 PM To: public-webrtc@w3.org Subject: User media constraint: peerIdentity ... A MediaStream that is acquired using a 'peerIdentity' constraint cannot be recorded, sampled or otherwise accessed by the current page. It can only be added to an RTCPeerConnection. That RTCPeerConnection instance MUST NOT send media originating from that MediaStream unless it successfully authenticates the peer with an identity that matches the 'peerIdentity' constraint. Matching is based on the rules defined in the IdP draft for "at" identifiers or RFCs 6125 & 5280 for "non-at" identifiers (yes this isn't strictly RFC 6125, but the basic rules are transferable). ... --Martin
Received on Tuesday, 23 October 2012 21:44:27 UTC