- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 23 Oct 2012 14:49:31 -0700
- To: Li Li <Li.NJ.Li@huawei.com>
- Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 23 October 2012 14:40, Li Li <Li.NJ.Li@huawei.com> wrote: > This is an interesting idea. But I wonder how browsers can prevent a page from using any post-processing API [1] to access the constrained media stream. It's fairly straightforward. Tag the media stream, and refuse to permit any operation on that media stream *except* sending to an authenticated RTCPeerConnection. > Do we require those APIs to be aware of peerIdentity and refuse any such constrained media streams? Yes. To the extent that failure is a possibility and reporting that failure is probably necessary. This would introduce a new failure mode to each of those APIs. Most of the awareness would be attached to the stream itself. Of course, the extent to which this is possible depends on the details of the browser implementation. I imagine that this could be made very difficult to achieve.
Received on Tuesday, 23 October 2012 21:49:59 UTC