Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11

"Karl Stahl" <> Tue, 24 September 2013 20:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C4A5521F9C99 for <>; Tue, 24 Sep 2013 13:08:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.158
X-Spam-Status: No, score=-2.158 tagged_above=-999 required=5 tests=[AWL=0.192, BAYES_00=-2.599, GB_I_INVITATION=-2, J_CHICKENPOX_44=0.6, J_CHICKENPOX_62=0.6, J_CHICKENPOX_93=0.6, MSGID_MULTIPLE_AT=1.449, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FhJWIHc4asrx for <>; Tue, 24 Sep 2013 13:08:48 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 633A721F9BFA for <>; Tue, 24 Sep 2013 13:08:41 -0700 (PDT)
Received: from ([]) by (Telecom3 SMTP service) with ASMTP id 201309242208383356; Tue, 24 Sep 2013 22:08:38 +0200
From: Karl Stahl <>
To: "'Chenxin (Xin)'" <>,,
References: <> <> <> <07a601ceb64e$5caaba00$16002e00$> <07b001ceb65f$ce3f0cf0$6abd26d0$> <> <09d801ceb8f4$3b50dfd0$b1f29f70$> <>
In-Reply-To: <>
Date: Tue, 24 Sep 2013 22:08:38 +0200
Message-ID: <0b5b01ceb961$db8cff20$92a6fd60$@stahl>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AQHOtl/hYQwJQvwb8keiBCP8AmFFOZnUHYEwgABdJ7CAAEbaMIAAkEbg
Content-Language: sv
Subject: Re: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 24 Sep 2013 20:08:57 -0000

-----Ursprungligt meddelande-----
Från: Chenxin (Xin) [] 
Skickat: den 24 september 2013 13:56
Till: Karl Stahl;;
Ämne: RE: [rtcweb] WGLC of draft-ietf-rtcweb-use-cases-and-requirements-11

Hi Karl,
>>While reading the draft-ietf-rtcweb-use-cases-and-requirements-11, 
>>here are a few "telephony related" WebRTC things I think should be 
>>clarified in the use cases.
>>3.2.1.  Simple Video Communication Service  Description ...
>>The invited user might accept or reject the session.
>>[Suggest adding] The invited user might accept only audio, rejecting 
>>video (even if a camera is enabled). A user may also select to 
>>initiate an audio session, without video.
>>And in API requirements:
>>   ----------------------------------------------------------------
>>   A1      The Web API must provide means for the application to ask the
>>browser for permission to use cameras and microphones, individually as 
>>input devices. (One must be able to answer with voice only - declining
>>   ----------------------------------------------------------------
>>Same under
>>6.2.  Browser Considerations
>>The browser is expected to provide mechanisms for users to revise and 
>>even completely revoke consent to use device resources such as camera 
>>and microphone. [Suggest adding] Specifically, a user must be given 
>>the opportunity to only accept audio in a video call invitation.
>[Xin] it is a common use case to accept only audio call and reject the 
>video and quite useful. But I am doubt that this function should be 
>mixed with video or audio device access permission . Do I misunderstand
your proposal?
>I think we could just disable the video stream when signaling. So we 
>could make video call with one and reject it with other in the same 
>web-service. I think the audio and video device access permission is 
>not for each call(peer connection).
>   Xin
>[Karl] Try using a WebRTC application with Chrome and you will see: The 
>Permission/Allowance to use Camera and Microphone comes up at a bar at 
>the top of the browser window and is the actual answering of a call.

[Xin] yes, it come up because invoking the getUserMedia API. When we write
the webrtc app, we could call getUserMedia API just once and use the same
mediaStream later. The webrtc app could decide to send the video stream to
the other side or not by configure the signaling(SDP or other).  It is
trivial to click the Permission bar at the top every time when I get a call,
even terrible when join a p2p conference. 
That is the reason I think the use case you mentioned should not mix with
permission, which should be a signaling configuration problem. Now in
Chrome,we could control it by using creatOffer or createAnswer and setting
the OfferToReceiveVideo constraint. 

[Karl] If you permit the Browser to use the camera, then later "answer with
only audio in the application" (as I understand you suggest) - Can we trust
that the application isn't sending our video anyway - not even informing us?

I don't think we can trust any video WebRTC application, but will learn to
only trust well known browsers not to view us, when we don't want to be

Isn't this a necessary security thing?