- From: Leandro Graciá Gil <leandrogracia@chromium.org>
- Date: Tue, 15 Feb 2011 16:48:24 +0000
Hi, Looking at the current state of the specification I see there is no mention about the expected lifetime of the stream objects, or to say it in another way, the period in which a page can access the selected device data. We would like to propose that the user can explicitly invalidate an existing stream so that any further access would require a new confirmation by the user. Here is one use case example. Consider a page featuring video chat where the user makes use of the device element to create a Stream. Later, the user finishes chatting and stops using the devices without leaving the page. At this point, we need to prevent a malicious Web application from accessing the device camera or microphone again without the user's consent. Given the above case, we don't think that the lifetime of the Stream objects should be controlled exclusively by the Web application. We think that the specification should state "the UA must allow the user to explicitly revoke access". The API should then be then extended with a way to handle gracefully the situation when access is revoked in the middle of a streaming session. All feedback will be greatly appreciated. Thanks, Leandro
Received on Tuesday, 15 February 2011 08:48:24 UTC