W3C home > Mailing lists > Public > public-webrtc@w3.org > March 2015

Conditions for long-term permissions grants

From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 7 Mar 2015 12:44:16 -0800
Message-ID: <CABcZeBP8g2FzGDLztq2ZucsTqvOJVaB4txc1b0uWA6nQWgppCQ@mail.gmail.com>
To: "public-webrtc@w3.org" <public-webrtc@w3.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-10#section-5.2
requires
that JS be able to ask for short or long-term permissions grants:



   API Requirement:  The API MUST provide a mechanism for the requesting
      JS to indicate which of these forms of permissions it is
      requesting.  This allows the browser client to know what sort of
      user interface experience to provide to the user, including what
      permissions to request from the user and hence what to enforce
      later.  For instance, browsers might display a non-invasive door
      hanger ("some features of this site may not work..." when asking
      for long-term permissions) but a more invasive UI ("here is your
      own video") for single-call permissions.  The API MAY grant weaker
      permissions than the JS asked for if the user chooses to authorize
      only those permissions, but if it intends to grant stronger ones
      it SHOULD display the appropriate UI for those permissions and
      MUST clearly indicate what permissions are being requested.


However, there's no such affordance in the API and neither Chrome nor Firefox

comply with this. Currently:


- Chrome grants short-term permissions for HTTP and long-term permissions for

  HTTPS.

- Firefox by default grants short-term permissions but allows the user to select

  long-term permissions if the site is HTTPS.


It seems like some consistency would be nice here.


My personal view is that it would still be nice to require sites to
ask for persistent

permissions if they want them and that there should be a getUserMedia()

flag to indicate that. If people agree with me, I'll file an issue on the media

capture specification to add this affordance. However, if people think this

is wrong, we should remove this requirement in the security architecture

document.


-Ekr
Received on Saturday, 7 March 2015 20:45:25 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:43 UTC