Re: Screensharing: Bootstrapping Collaboration between Capturer and Capturee

On 16/06/2021 14:31, Elad Alon wrote:
>>
>> Considering both exist in the same browser instance, that is a
>> mind-bogglingly unnecessary detour.
> 
> 
> You were right *up to that point*, then took a detour. :-)
> There is nothing here that *assumes* a shared cloud-infrastructure. That's
> just *one* example of how you could use this.
> You can perfectly well use the token to establish communication over
> BroadcastChannel with a same-origin application. A token is still necessary
> because you'd not know which of several tabs you're capturing.
> Collaboration with cross-origin applications is also possible using this
> method if you embed a frame from the same cross-origin and ask it to relay
> messages on your behalf.

I see your point that it is possible but I'm not convinced that jumping
through the extra hoop of an iframe and fiddling with cross-origin
policies is the better approach over an upfront MessageChannel.
The former involves an arguably significant setup cost plus
understanding the protocol while the latter "only" requires to
understand the protocol.

More importantly however is that the MessageChannel approach would allow
us to remove the controversial *permittedOrigins* constraint because a
bidirectional communication channel allows you (Google) to create a tiny
protocol with an authentication challenge, if you so desire. This is
preferable as it likely reduces the amount of hard in-house-barriers
(term stolen from Tim).
In other words: It is easier to implement a protocol than to convince
you (Google) to include my app in your list of *permittedOrigins*. You
can still lock me out if you really wanted to, though.

Regards
Lennart

Received on Wednesday, 16 June 2021 13:01:09 UTC