Re: Why does screen sharing require a browser extension? from Justin Uberti on 2013-11-27 (public-webrtc@w3.org from November 2013)

From: Justin Uberti <juberti@google.com>
Date: Wed, 27 Nov 2013 09:10:13 -0800
To: Lorenzo Miniero <lorenzo@meetecho.com>
Cc: cowwoc <cowwoc@bbs.darktech.org>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <CAOJ7v-1DJpFO7Bt+MaPyPFGc-oS0jj6f99CxYBxAXjUfi=kbAw@mail.gmail.com>

On Wed, Nov 27, 2013 at 1:46 AM, Lorenzo Miniero <lorenzo@meetecho.com>wrote:

> Il giorno Wed, 27 Nov 2013 00:34:46 -0800
> Justin Uberti <juberti@google.com> ha scritto:
>
> > I disagree completely.
> >
> > Allowing the installation of apps that have unlimited access to the
> > system did cause the computing world to end, in a sense. We tried
> > that, and the result was systems plagued with spyware, and the
> > creation of the whole anti-virus industry. Thankfully, this
> > philosophy has now been discredited, and replaced with approaches
> > that through various mechanisms (ACLs, sandboxing, curation, etc) aim
> > to protect their users as a top priority. That is what Chrome
> > (amongst others) is doing, and will continue to do.
> >
> > I understand that having access to screen sharing is a highly desired
> > feature. But there are real issues here, and no amount of scary text
> > in the dialog box is going to make this safe for arbitrary pages on
> > the drive-by web.
> >
> > So we have made our decision for the initial rollout of this
> > functionality. In M33, the rules are as I describe - accessible only
> > via extensions or apps, and for window/desktop sharing, a user prompt
> > for all sharing requests. We'll ship this code, people will use it,
> > we'll get feedback - and we'll go from there.
> >
>
>
> I still don't have a clear opinion on this, as I'm trying to make my
> mind about this, and so I really don't have alternatives ready, but I
> have a question (well maybe two). Would this app/extension be
> associated with a specific domain? that is, would YourCompany publish
> such an app to allow window/desktop sharing when the page/javascript
> comes from yourcompany.com, or would it be in general a service
> provided to JavaScript developers that may make use of it? I guess it's
> the former, but in that case, can I use window/desktop sharing in
> localhost or on a LAN, e.g., for testing purposes? The proposed model
> seems to suggest I wouldn't be able to do so.
>

The publisher of the extension can control which domains can talk to it.
See
http://developer.chrome.com/extensions/manifest/externally_connectable.html.
This would allow you to make your extension available to yourcompany.com,
as well as development machines on *.corp.yourcompany.com. (Note that *.com
and other wide-reaching wildcards are not permitted.)

There is also the Chrome flag parameter to force on the screen-sharing
feature for testing purposes
(chrome://flags/#enable-usermedia-screen-capture).

Received on Wednesday, 27 November 2013 17:11:02 UTC