Re: IdP issues (was: Needs to be more clearly described)

On 18 September 2012 18:31, Harald Alvestrand <harald@alvestrand.no> wrote:
> One reason it hasn't been done is probably that its use case was felt to be
> not compelling.

Um, what?

That would be the use case that we've been discussing for as long as
I've been involved in this.  You and I use untrusted site to mediate a
call between us, but want to ensure that the call is private.  The
pokerstars.net case, if that helps jog your memory.

If you are able to do media from a remote peer securely, local
loopback should be just the same.  You just prevent reading from the
rectangle that displays the video.  Control extends solely to where
the rectangle is shown.  In practice, I imagine that implementation
would be much like the security constraints on a cross domain iframe.
And yes, blocking other uses like canvas, recording, sampling, etc...
would be necessary.

Without something like this, I can't really imagine why you would want
all this added IdP machinery.  The site could be shipping your media
to anyone.  All the IdP would then give you is knowledge of one of the
media recipients.

--Martin

Received on Wednesday, 19 September 2012 02:27:01 UTC