- From: Rottsches, Dominik <dominik.rottsches@intel.com>
- Date: Thu, 6 Feb 2014 16:21:55 +0000
- To: "public-webscreens@w3.org" <public-webscreens@w3.org>
- CC: Anton Vayvod <avayvod@google.com>, "Kostiainen, Anssi" <anssi.kostiainen@intel.com>
Hi Anton,
> On 06 Feb 2014, at 17:53, Kostiainen, Anssi <anssi.kostiainen@intel.com> wrote:
>
>> On 06 Feb 2014, at 17:23, Anton Vayvod <avayvod@google.com> wrote:
>>
>>> Hi Anssi,
>>>
>>> yes, I meant the selection dialog that the UA shows to the user.
>>
>> This would be problematic as it would enable spoofing attacks.
>
> Could you describe the attack you have in mind, please?
What I think he means here is that the page could inject device names that would be or trying to match the the ones you physically have at home and potentially try to trick the user into redirecting the stream elsewhere.
Generally, allowing data originating from JS or the content into the Browser chrome is risky, since there are different concepts of the user's trust in what happens on the page level and what happens on the Browser UI level.
On 06 Feb 2014, at 17:23, Anton Vayvod <avayvod@google.com> wrote:
> var extraPresentationScreens = [ 'Extra Screen 1', 'Extra Screen 2' ]; // the site was paired with these devices in some proprietary way so it manages the list and the way to connect to the devices separately from the presentation API
>
> // the site subscribes to the discovery event, toggling the 'Button' button on/off depending on when the device is available;
> // with the extra devices being available, the button will always be toggled on
> var discovery = navigator.presentation.discoverScreens("http://example.com/player.html");
> discovery.ondiscovered(screensAreAvailable) {
> if (screensAreAvailable)
> // show the UI to start presenting, like enable or add a button
> else
> // hide the UI to start presenting, like hide or disable the button
> }
>
> // when the user clicks/taps the present button
> var presentationPromise = present.requestShow('http://example.com/player.html', extraPresentationScreens); // extraPresentationScreens is an optional parameter
> presentationPromise.then(
> function (session) {
> if (session.isExtraDevice) // or lookup session.screenName in extraPresentationScreens
Thanks for the code example and clarifications. Much clearer now.
In my opinion such an approach would not be a clean solution from an API design point of view. Piping the additional screens through the discovery process is problematic in terms of API semantics: We're not technically discovering those additional screens, in fact we know they exist already. And later checking whether they were actually passed in, does not seem very clean to me.
Wouldn’t you perhaps agree that the enumeration and a page-side selection would be the cleaner, more straight-forward approach?
Are there concerns from your side allowing discovery and enumeration by name with regards to privacy or permissions handling?
If we would define the permission that the UA requests from the user as a dialog requesting:
“The page is requesting access to the following screens: [ ] Living Room [ ] Kitchen … “
Then we could return an enumeration including names without privacy concerns and avoiding bothering the user with a two-stage permission dialog: One for discovery, one for access.
Regards,
Dominik
Received on Thursday, 6 February 2014 16:23:16 UTC