- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Thu, 31 May 2018 10:01:38 +0200
- To: public-webrtc@w3.org
Den 30. mai 2018 20:06, skrev Peter Thatcher: > You're advocating, then, for a high-level API. On the flip side, an > app should be allowed to do many non-standard or custom things as well. > And that requires a low-level API. And that's the root of the tension > between high- and low-level APIs: if you can control more, you have to > do more. > > What objection do you have in these things being provided by libraries > instead of being baked in the browser? We're getting at an important point here - probably best thought of as "security considerations". If an app can do something, and can do it right or wrong, the overall conformance of the system to a specification depends on the browser doing it right AND the app doing it right. If we take away the power of the app to do it wrong, overall conformance of the system depends only on the browser doing it right. There are cases where that matters (especially if you're selling into places where certifications are taken seriously); there are cases where it doesn't. Security is one of the areas where it matters; congestion management is another. The more the browser is supposed to guarantee, the more things need to be kept away from the application. And vice versa - if we find that things can't cause too much harm, the value of keeping them away from the application becomes lower.
Received on Thursday, 31 May 2018 08:02:09 UTC