Re: IdP issues (was: Needs to be more clearly described)

On 18 September 2012 10:03, Jim Barnett <Jim.Barnett@genesyslab.com> wrote:
> Martin,
>   I'm trying to understand how the restrictions you mention below are enforced (e.g. "The media can only be added to an RtcPeerConnection where the remote end presents a domain certificate for "example.net".)  getUserMedia doesn't know anything about the PeerConnection object, and in general doesn't know how the MediaStream it returns will be used.  Could the information be added to the MediaStream object?  In your example a, the MediaSteam would be marked for unrestricted local use.  In b, it would be marked 'send to example.net' only, and in c 'send to authenticated user@example.net' only.
>
> We would need a language to express these restrictions inside MediaStream, and some way for the MediaStream's consumers (which could include any number of objects other than PeerConnection) to signal that they respect the restrictions.
>
> I'm not saying that this can't be done, just that it hasn't been...

You are right, this hasn't been done.  A concrete proposal is probably needed.

In my view it is not necessary to have any specific exposure for these
usage restriction, MediaStreams could use private attributes to track
this.  Though I would hope that some visibility is provided, lest
there be inexplicable errors for users.  Perhaps "readonly DOMString
peerRestriction" (which would be unset by default, though
'example.net' for b, 'user@example.net' in c) would help.

Received on Tuesday, 18 September 2012 18:15:43 UTC