Re: User media constraint: peerIdentity

On 10/25/2012 01:20 AM, Martin Thomson wrote:
> On 24 October 2012 09:20, Li Li <Li.NJ.Li@huawei.com> wrote:
>> How about sending the tagged stream to a <video> element for self-view? Is it permitted?
> That should be OK.  As long as the <video> tag is tainted
> appropriately so that the app can't sample from that display area.
> The same applies to playback from authenticated peers anyhow.
>
>> Is it true that such constrained streams can only follow this path:
>>
>> camera/mic -> peer connection -> network
> Probably the following, recognizing that network (using
> RTCPeerConnection) requires a specific tie to identity:
>
> input -> display
>    or
> input -> network -> display

I think the input -> display path should always be possible, no matter 
what the taints are - just like the <video> tag can display any incoming 
stream on the screen, no matter how tainted (I believe).

However, if you like telecommuting in black & white, and go input -> JS 
decolorizer -> display, this would not work with tainted streams.
>
>> We can construct a peer connection object with peerIdentity:identity constraint, and use a new constraint "targetConnection: pc" in getUserMedia() to tie the stream to the peer connection object.
> That's a reasonable idea.  Specify to whom the connection should be
> established prior to connecting.  The second constraint could ensure
> that failures are faster and more obvious, though the opacity of
> RTCPeerConnection remains a problem in this regard - it may not
> provide any substantial benefit in this regard.
It may be simpler (and cleaner) to tie the two  to the same identity:

   getUserMedia( mandatory: {availableToIdentity: foo@bar} ) => stream
   pc = new RTCPeerConnection( mandatory: {connectedToIdentity: foo@bar } )
   pc.addStream(stream)

Either creation would fail if it wasn't possible to get a trustworthy 
way to verify the identity, and the addStream step woudl fail if it 
wasn't possible to verify that the two identities were the same.
>
>> With these constraints, the getUserMedia() success callback and pc.localStream will return null to prevent the page from accessing the stream other than sending it to a remote peer.
> Tighter integration between gUM and RTCPC makes implementation of this
> far more complex.  I'd rather use the tagging to ensure that the path
> is kept clean.  That means that every other aspect is largely the
> same.  pc.localStream[s] can just return the same tainted stream, just
> as the streams from the peer in pc.remoteStreams are tainted.  This
> keeps the usage model consistent.
>
> --Martin
>

Received on Thursday, 25 October 2012 08:25:25 UTC