Re: User media constraint: peerIdentity from Martin Thomson on 2012-10-23 (public-webrtc@w3.org from October 2012)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 23 Oct 2012 14:49:31 -0700
To: Li Li <Li.NJ.Li@huawei.com>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <CABkgnnU6CuY1MksD6z_nnQead=275_HP64XECqHs9keH=hBLHA@mail.gmail.com>

On 23 October 2012 14:40, Li Li <Li.NJ.Li@huawei.com> wrote:
> This is an interesting idea. But I wonder how browsers can prevent a page from using any post-processing API [1] to access the constrained media stream.

It's fairly straightforward.  Tag the media stream, and refuse to
permit any operation on that media stream *except* sending to an
authenticated RTCPeerConnection.

> Do we require those APIs to be aware of peerIdentity and refuse any such constrained media streams?

Yes.  To the extent that failure is a possibility and reporting that
failure is probably necessary.  This would introduce a new failure
mode to each of those APIs.  Most of the awareness would be attached
to the stream itself.  Of course, the extent to which this is possible
depends on the details of the browser implementation.  I imagine that
this could be made very difficult to achieve.

Received on Tuesday, 23 October 2012 21:49:59 UTC