Privacy: Add statement that all values exposed or inferable by the application must be per-origin #242
Assignees
Milestone
Comments
ddorwin
changed the title
|
I see your comment about persisted or not, but is this concern not sufficiently addressed by Information Stored on User Devices for V1? |
ddorwin
added a commit
to ddorwin/encrypted-media
that referenced
this issue
Sep 12, 2016
|
PR #328. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have a clear requirement that (most) identifiers are per-origin and that persisted data must be clearable, but I don't believe there is a single place that says most values (Permanent Identifiers being the obvious exception), both persisted and not, must be per-origin and not be accessible or inferable by other origins.
Some references to
#per-origin-identifiers(now#per-origin-per-profile-identifiers) may not actually be related to identifiers and should instead point to such a requirement.I believe there are some references in the
MediaKeysand/orMediaKeySessionssections, and the web platform relies on origins, but it is still worth making a clear statement and having a reference target that is not specific to identifiers.The text was updated successfully, but these errors were encountered: