- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 18 Sep 2012 19:26:33 -0700
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: public-webrtc@w3.org
On 18 September 2012 18:31, Harald Alvestrand <harald@alvestrand.no> wrote: > One reason it hasn't been done is probably that its use case was felt to be > not compelling. Um, what? That would be the use case that we've been discussing for as long as I've been involved in this. You and I use untrusted site to mediate a call between us, but want to ensure that the call is private. The pokerstars.net case, if that helps jog your memory. If you are able to do media from a remote peer securely, local loopback should be just the same. You just prevent reading from the rectangle that displays the video. Control extends solely to where the rectangle is shown. In practice, I imagine that implementation would be much like the security constraints on a cross domain iframe. And yes, blocking other uses like canvas, recording, sampling, etc... would be necessary. Without something like this, I can't really imagine why you would want all this added IdP machinery. The site could be shipping your media to anyone. All the IdP would then give you is knowledge of one of the media recipients. --Martin
Received on Wednesday, 19 September 2012 02:27:01 UTC