W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2014

Re: Cross origin screensharing (was: What is missing for building "real" services?)

From: <piranna@gmail.com>
Date: Tue, 14 Jan 2014 16:46:48 +0100
Message-ID: <CAKfGGh0tA2X1tBCgv+BKOPHPEMBmEoYgp5XMYh6OOom7BRzURg@mail.gmail.com>
To: Dominique Hazael-Massieux <dom@w3.org>
Cc: Martin Thomson <martin.thomson@gmail.com>, Tim Panton new <thp@westhawk.co.uk>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Jan-Ivar Bruaroey <jib@mozilla.com>, public-webrtc <public-webrtc@w3.org>, Alexandre Gouaillard <agouaillard@gmail.com>, Randell Jesup <randell-ietf@jesup.org>
Makes sense... What about having several windows open with different
permisions, for example a bank (don't allow anybody) and a cinema
forum (allow everybody)? Show a black rectangle on the ones that
didn't give access permisions to that domain? You as user would be
interested on share it, at least for this session... Maybe going to
the restrictive one (the bank) and enable an option "share this tab
content for this session"? With some support by the OS, this could
also extend for third party app windows...

2014/1/14 Dominique Hazael-Massieux <dom@w3.org>:
> On lun., 2014-01-13 at 10:13 -0800, Martin Thomson wrote:
>> That's somewhat attractive, but I'm not sure that that is a good idea.
>>  We haven't proven unequivocally that http: pages don't contain
>> sensitive content.
>>
>> Sure, you can argue that there is nothing that an active attacker
>> can't already get, but that's a little different to what we're getting
>> here.
>
> How about tying this to CORS? If you already grant cross-origin access
> to your Web content via CORS, can it be inferred you're happy to share
> its content via screen sharing?
>
> Dom
>
>
>



-- 
"Si quieres viajar alrededor del mundo y ser invitado a hablar en un
monton de sitios diferentes, simplemente escribe un sistema operativo
Unix."
 Linus Tordvals, creador del sistema operativo Linux
Received on Tuesday, 14 January 2014 15:47:37 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:37 UTC