[Actions] "Actions" model should be aligned with "mediasession actions"

[alvestrand]

We already have a model for media sessions that allow actions to be performed:

https://w3c.github.io/mediasession/#actions-model

We should carefully consider how the two models for "actions" can be aligned, and in particular we should introduce no more restrictions on any new actions model than what this particular interface implies. (I could also argue for fewer restrictions.)

[jan-ivar]

What do you mean by "align"? The security properties are wildly different:

• "A media session action is an action that the page can handle in order for the USER to interact with the MediaSession."

I.e. they come from users. In contrast, capture actions can come from malicious sites. So we need to apply more restrictions than mediaSession to prevent abuse.

[eladalon1983]

I think I remember some past interactions about this topic that could be illuminating:

• It has previously been claimed that the set of actions in MediaSession does not map completely onto the set of actions we'd want to support here. Both in terms of extraneous as well as missing actions. I do not recall a counter-argument to that.
• Youenn has said that an origin could be attached to actions, thereby allowing applications to distinguish actions coming from the user vs. ones coming from a capturing application. I do not recall a proposal to make such a mechanism backwards compatible, in the sense that existing applications should NOT accept actions from other origins without explicitly modifying their code. An allowlisting mechanism might do that, though.