New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Isolated Media Streams requires modification on permission algorithms in GUM and Permissions specs #28
Comments
Comment by @alvestrand is this the best way to solve this problem? |
Comment by @aboba @soareschen Can you produce a PR? |
Comment by @alvestrand This seems to be a refinement of GUM's permission done by the WebRTC spec, and will have to be documented as such, methinks. |
Comment by @alvestrand The attack scenario is this:
|
Comment by @soareschen The consensus in TPAC is that I will submit PR to modify mediacapture-main and permissions to accept additional peerIdentity parameter when requesting permission, then modify webrtc-pc to pass the on the peerIdentiy attribute. |
Comment by @jan-ivar We also need to exclude isolated tracks in the following sentence (e.g.): "..., request permission for use of the devices, while considering all devices attached to a live non-isolated MediaStreamTrack in the current browsing context to have permission status "granted"" |
Comment by @jan-ivar @dontcallmedom Was there a conclusion? |
Comment by @jan-ivar I've moved my concern in w3c/webrtc-pc#1646 (comment) to w3c/mediacapture-main#534, so I'm good. |
Comment by @dontcallmedom it was supposed to have been copied over to https://github.com/w3c/webrtc-identity/issues but hasn't, so re-opening for now while investigating it |
Initially raised by @soareschen at w3c/webrtc-pc#1646
Section 10.4 Isolated Media Streams introduces a new
peerIdentity
field inMediaStreamConstraints
, which may affect user interaction with the permission prompt:The statement above seems to be optional, but implementing it could affect the algorithms in mediacapture-main and w3c/permissions. Here are few examples:
A new field for
peerIdentity
needs to be added toDevicePermissionDescriptor
.Permission query/request algorithms need to take into account
peerIdentity
.In statement 6.6 of
getUserMedia()
, call to request permission requires proper construction of aDevicePermissionDescriptor
object.The statement "considering all devices attached to a live MediaStreamTrack in the current browsing context to have permission status "granted"" no longer applies, since permission for a device may be granted to specific peerIdentity only.
The text was updated successfully, but these errors were encountered: