Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix inconsistency: Informing the user and requiring user consent is always per-origin #314

Closed
ddorwin opened this issue Sep 7, 2016 · 1 comment
Closed

Fix inconsistency: Informing the user and requiring user consent is always per-origin #314

ddorwin opened this issue Sep 7, 2016 · 1 comment
Assignees
@ddorwin
Labels
needs implementation
Milestone
V1Editorial

Comments

@ddorwin
Copy link
Contributor

ddorwin commented Sep 7, 2016

When consent is required in the Get Consent Status algorithm, the UA is to "Request user consent to use accumulated configuration in the origin and wait for the user response" (emphasis added).

When that algorithm returns InformUser, the UA is to "Inform the user that accumulated configuration is in use in the origin..." (emphasis added).

https://w3c.github.io/encrypted-media/#security-prompts and https://w3c.github.io/encrypted-media/#privacy-prompts both say (emphasis added):

Such alerts and consent SHOULD be per origin to avoid valid uses enabling subsequent malicious access and MUST be per browsing profile.

That "SHOULD" should be "MUST" to be consistent with the algorithms.
@ddorwin ddorwin added this to the V1Editorial milestone Sep 7, 2016
@ddorwin ddorwin self-assigned this Sep 7, 2016
@ddorwin ddorwin mentioned this issue Sep 7, 2016
Closed
@mwatson2
Copy link
Contributor

mwatson2 commented Sep 7, 2016

I agree.

ddorwin added a commit to ddorwin/encrypted-media that referenced this issue Sep 8, 2016
@ddorwin
Fix w3c#314: Informing the user and requiring user consent is always …
2999c35 
…per-origin
@ddorwin ddorwin closed this as completed in 2fc33d8 Sep 8, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ddorwin ddorwin

Labels
needs implementation
Projects
None yet
Milestone
V1Editorial
Development

No branches or pull requests
2 participants
@mwatson2 @ddorwin