[rtcweb] Conditions for long-term permissions grants
Eric Rescorla <ekr@rtfm.com> Sat, 07 March 2015 20:45 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FA9E1A0381 for <rtcweb@ietfa.amsl.com>; Sat, 7 Mar 2015 12:45:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mZ2e8TZjconu for <rtcweb@ietfa.amsl.com>; Sat, 7 Mar 2015 12:44:58 -0800 (PST)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A2761A0372 for <rtcweb@ietf.org>; Sat, 7 Mar 2015 12:44:58 -0800 (PST)
Received: by wivr20 with SMTP id r20so11167220wiv.5 for <rtcweb@ietf.org>; Sat, 07 Mar 2015 12:44:57 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=twF63e6O+8YbgK1nmleft3R5hPp7CdlpoAHCbV04qeo=; b=MzBJlfj74f/WHDmYgPRwIywJ2Knxt/BRMLyPZcM+tsZ0QIpl8SnuCFVSjJGUKL7aBu adxwv9ijpWxgLG9A3i/UYojo5IN0KiE8Jl65QkW5eWg6CetfXYiXhnwp1Gx8XS7MYiTK LopjkdY4AnCMYDMWrjmkaqyiOVHoljwcMx7Sn56wi7A60ah3lX2zRQcXbh13aR1hyEEc KZPzI66VJlcVWacu0sMTu1Kb9NzRvBL81gP8ffZ0AadRoarLVGEa+WvGhXkZ8pV87Gjr UQU5HQieJqN4+WA/qMsHWRDWhrhtPpo9Kz36mIrY72/baeq8LyGBxL5TF2ll0q8BTgBd i69A==
X-Gm-Message-State: ALoCoQmrPABD2TPzfaTaTEJUymZqgwPaaA89IgMsholIFnpvRKOv/MIjfTDXBBz2YsiJGZyaRo2P
X-Received: by 10.194.216.34 with SMTP id on2mr43931633wjc.24.1425761096976; Sat, 07 Mar 2015 12:44:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.27.214.203 with HTTP; Sat, 7 Mar 2015 12:44:16 -0800 (PST)
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 07 Mar 2015 12:44:16 -0800
Message-ID: <CABcZeBP8g2FzGDLztq2ZucsTqvOJVaB4txc1b0uWA6nQWgppCQ@mail.gmail.com>
To: "public-webrtc@w3.org" <public-webrtc@w3.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="089e013d14c2b860740510b8df64"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/--8OaEHnv8KY0U04O54nTSwu2d0>
Subject: [rtcweb] Conditions for long-term permissions grants
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Mar 2015 20:45:00 -0000
https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-10#section-5.2 requires that JS be able to ask for short or long-term permissions grants: API Requirement: The API MUST provide a mechanism for the requesting JS to indicate which of these forms of permissions it is requesting. This allows the browser client to know what sort of user interface experience to provide to the user, including what permissions to request from the user and hence what to enforce later. For instance, browsers might display a non-invasive door hanger ("some features of this site may not work..." when asking for long-term permissions) but a more invasive UI ("here is your own video") for single-call permissions. The API MAY grant weaker permissions than the JS asked for if the user chooses to authorize only those permissions, but if it intends to grant stronger ones it SHOULD display the appropriate UI for those permissions and MUST clearly indicate what permissions are being requested. However, there's no such affordance in the API and neither Chrome nor Firefox comply with this. Currently: - Chrome grants short-term permissions for HTTP and long-term permissions for HTTPS. - Firefox by default grants short-term permissions but allows the user to select long-term permissions if the site is HTTPS. It seems like some consistency would be nice here. My personal view is that it would still be nice to require sites to ask for persistent permissions if they want them and that there should be a getUserMedia() flag to indicate that. If people agree with me, I'll file an issue on the media capture specification to add this affordance. However, if people think this is wrong, we should remove this requirement in the security architecture document. -Ekr
- [rtcweb] Conditions for long-term permissions gra… Eric Rescorla