SlideShare une entreprise Scribd logo

WebRTC: User Security & Privacy

Anant Narayanan
Anant Narayanan

A review of the security and privacy concerns for WebRTC implementors.

TechnologieActualités & Politique
1  sur  10
Télécharger pour lire hors ligne
WebRTC: User Security & Privacy W3C TPAC Anant Narayanan, Mozilla October 31, 2011 Tuesday, November 1, 11
Overview ✤ Placement in standard ✤ Behavior on getUserMedia() ✤ Immediate & long-term permissions ✤ Permissions & user model ✤ User privacy indicators ✤ Summary Tuesday, November 1, 11
Placement in Standard ✤ We currently do not specify what happens when getUserMedia is called with regards to asking user permission ✤ Such a specification may not fit in the standard as user agents vary wildly ✤ We can, however, come up with a set of “recommended guidelines” for major browser vendors to adopt (a specific type of a user agent) ✤ Open question: Is the W3C spec the right place to put this? Tuesday, November 1, 11
User Permission ✤ getUserMedia() is asynchronous to allow the UA to ask the user permission, and choose exactly what media gets shared: ✤ ✤ Audio from microphone(s) ✤ ✤ Video from webcam(s) Transmit A/V from local media files Give user complete control over what is transmitted, irrespective of what the web application asked for Tuesday, November 1, 11
Early Mockup Tuesday, November 1, 11
Details... ✤ Firefox “Doorhanger”, distinguishes a browser request from regular web content and is a trusted space ✤ ✤ If application asked for both audio and video, default to both but allow user override (not depicted) ✤ ✤ Somewhat harder to spoof than an infobar (not really, just 2px!) Front/Back camera preferences better handled as “hints”? A list of granted permissions is always available and revocable from a “preferences” pane Tuesday, November 1, 11
Immediate & long-term ✤ What is the time period for which the user grants access? ✤ Default is immediate (one-time only), user may explicitly choose “Always allow example.org to access A/V” ✤ Should the web-application be able to specify what type of access it needs? ✤ How are these permissions persisted? Tuesday, November 1, 11
Permissions & Sessions ✤ Initial proposal was to tie a permission grant to a time-frame and domain name ✤ Feedback from web developers: ✤ Permissions should actually be tied to a user session, not just domain. Until everyone uses BrowserID, this means cookie jar? ✤ More realistically, we could allow the application itself to “revoke” a granted permission if it detects a change in user session? Tuesday, November 1, 11
After permission is granted... Tuesday, November 1, 11
Summary ✤ Mostly a set of UI and interaction guidelines, may not be applicable to all user agents (or to varying degrees) ✤ Where do we write this stuff down? ✤ Other open questions: ✤ What happens if devices are already in use by another application? ✤ What is the interaction for an incoming call? Tuesday, November 1, 11

Recommandé

Android M - Runtime Permissions | Getting ready for Marshmallow
Android M - Runtime Permissions | Getting ready for MarshmallowAndroid M - Runtime Permissions | Getting ready for Marshmallow
Android M - Runtime Permissions | Getting ready for Marshmallow
Umair Vatao
 
e-government services for the blind
e-government services for the blinde-government services for the blind
e-government services for the blind
David Sugar
 
XML And Web Services Security Standards
XML And Web Services Security StandardsXML And Web Services Security Standards
XML And Web Services Security Standards
guest68465b
 
CSHALS 2010 W3C Semanic Web Tutorial
CSHALS 2010 W3C Semanic Web TutorialCSHALS 2010 W3C Semanic Web Tutorial
CSHALS 2010 W3C Semanic Web Tutorial
LeeFeigenbaum
 
Web Standards
Web StandardsWeb Standards
Web Standards
ChrisF1502010
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
vinyas87
 
Srs template ieee-movie recommender
Srs template ieee-movie recommenderSrs template ieee-movie recommender
Srs template ieee-movie recommender
429SAYAKTRIPATHY
 
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...
IEEEGLOBALSOFTSTUDENTPROJECTS
 

Recommandé

Android M - Runtime Permissions | Getting ready for Marshmallow
Android M - Runtime Permissions | Getting ready for MarshmallowAndroid M - Runtime Permissions | Getting ready for Marshmallow
Android M - Runtime Permissions | Getting ready for Marshmallow
Umair Vatao
 
e-government services for the blind
e-government services for the blinde-government services for the blind
e-government services for the blind
David Sugar
 
XML And Web Services Security Standards
XML And Web Services Security StandardsXML And Web Services Security Standards
XML And Web Services Security Standards
guest68465b
 
CSHALS 2010 W3C Semanic Web Tutorial
CSHALS 2010 W3C Semanic Web TutorialCSHALS 2010 W3C Semanic Web Tutorial
CSHALS 2010 W3C Semanic Web Tutorial
LeeFeigenbaum
 
Web Standards
Web StandardsWeb Standards
Web Standards
ChrisF1502010
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
vinyas87
 
Srs template ieee-movie recommender
Srs template ieee-movie recommenderSrs template ieee-movie recommender
Srs template ieee-movie recommender
429SAYAKTRIPATHY
 
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...
IEEE 2014 JAVA CLOUD COMPUTING PROJECTS Cloud based mobile multimedia recomme...
IEEEGLOBALSOFTSTUDENTPROJECTS
 
DZone-RUM
DZone-RUMDZone-RUM
DZone-RUM
Dan Boutin
 
538210-rc220-rum
538210-rc220-rum538210-rc220-rum
538210-rc220-rum
Dan Boutin
 
538210 rc220-rum
538210 rc220-rum538210 rc220-rum
538210 rc220-rum
Liouane Youssef
 
The Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordThe Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome Sword
Alex Marsh
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applications
Supreme O
 
10th heuristic evaluation
10th heuristic evaluation10th heuristic evaluation
10th heuristic evaluation
Tenia Wahyuningrum
 
Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0
Roger Hudson
 
Browser Based Performance Testing and Tuning
Browser Based Performance Testing and TuningBrowser Based Performance Testing and Tuning
Browser Based Performance Testing and Tuning
Bala Murali Krishna Kanchukambala
 
Troubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx PresentationTroubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx Presentation
Uniface
 
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 WorldAccessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
Nina McHale
 
Continuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYCContinuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYC
Mike Brittain
 
Web Browser Privacy and Security
Web Browser Privacy and SecurityWeb Browser Privacy and Security
Web Browser Privacy and Security
DaVidSilenceKawlni
 
070308-simmons.ppt
070308-simmons.ppt070308-simmons.ppt
070308-simmons.ppt
ssuserec53e73
 
OAuth Base Camp
OAuth Base CampOAuth Base Camp
OAuth Base Camp
Oliver Pfaff
 
Skyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSkyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal Effort
Sarah Elson
 
MediaMosa and webservices
MediaMosa and webservicesMediaMosa and webservices
MediaMosa and webservices
herman van dompseler
 
T7L4.doc.doc
T7L4.doc.docT7L4.doc.doc
T7L4.doc.doc
Videoguy
 
Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)
Oleksii Prohonnyi
 
Android Trainning Session 2
Android Trainning Session 2Android Trainning Session 2
Android Trainning Session 2
Shanmugapriya D
 
Sphereshield for Webex - Presentation
Sphereshield for Webex - PresentationSphereshield for Webex - Presentation
Sphereshield for Webex - Presentation
AGATSoftware
 
Enterprise Scale Knowledge Graphs
Enterprise Scale Knowledge GraphsEnterprise Scale Knowledge Graphs
Enterprise Scale Knowledge Graphs
Anant Narayanan
 
Building an Intelligent Assistant
Building an Intelligent AssistantBuilding an Intelligent Assistant
Building an Intelligent Assistant
Anant Narayanan
 

Contenu connexe

Similaire à WebRTC: User Security & Privacy

538210-rc220-rum
538210-rc220-rum538210-rc220-rum
538210-rc220-rum
Dan Boutin
 
The Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordThe Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome Sword
Alex Marsh
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applications
Supreme O
 
Skyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSkyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal Effort
Sarah Elson
 
T7L4.doc.doc
T7L4.doc.docT7L4.doc.doc
T7L4.doc.doc
Videoguy
 

Similaire à WebRTC: User Security & Privacy (20)

DZone-RUM
DZone-RUMDZone-RUM
DZone-RUM
 
538210-rc220-rum
538210-rc220-rum538210-rc220-rum
538210-rc220-rum
 
538210 rc220-rum
538210 rc220-rum538210 rc220-rum
538210 rc220-rum
 
The Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordThe Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome Sword
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applications
 
10th heuristic evaluation
10th heuristic evaluation10th heuristic evaluation
10th heuristic evaluation
 
Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0
 
Browser Based Performance Testing and Tuning
Browser Based Performance Testing and TuningBrowser Based Performance Testing and Tuning
Browser Based Performance Testing and Tuning
 
Troubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx PresentationTroubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx Presentation
 
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 WorldAccessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
 
Continuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYCContinuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYC
 
Web Browser Privacy and Security
Web Browser Privacy and SecurityWeb Browser Privacy and Security
Web Browser Privacy and Security
 
070308-simmons.ppt
070308-simmons.ppt070308-simmons.ppt
070308-simmons.ppt
 
OAuth Base Camp
OAuth Base CampOAuth Base Camp
OAuth Base Camp
 
Skyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSkyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal Effort
 
MediaMosa and webservices
MediaMosa and webservicesMediaMosa and webservices
MediaMosa and webservices
 
T7L4.doc.doc
T7L4.doc.docT7L4.doc.doc
T7L4.doc.doc
 
Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)
 
Android Trainning Session 2
Android Trainning Session 2Android Trainning Session 2
Android Trainning Session 2
 
Sphereshield for Webex - Presentation
Sphereshield for Webex - PresentationSphereshield for Webex - Presentation
Sphereshield for Webex - Presentation
 

Plus de Anant Narayanan

Plus de Anant Narayanan (20)

Enterprise Scale Knowledge Graphs
Enterprise Scale Knowledge GraphsEnterprise Scale Knowledge Graphs
Enterprise Scale Knowledge Graphs
 
Building an Intelligent Assistant
Building an Intelligent AssistantBuilding an Intelligent Assistant
Building an Intelligent Assistant
 
WebRTC: A Practical Introduction
WebRTC: A Practical IntroductionWebRTC: A Practical Introduction
WebRTC: A Practical Introduction
 
Message Passing vs. Data Synchronization
Message Passing vs. Data SynchronizationMessage Passing vs. Data Synchronization
Message Passing vs. Data Synchronization
 
Firebase: Tales from the Trenches
Firebase: Tales from the TrenchesFirebase: Tales from the Trenches
Firebase: Tales from the Trenches
 
WebRTC: An Overview
WebRTC: An OverviewWebRTC: An Overview
WebRTC: An Overview
 
Error Handling in WebRTC
Error Handling in WebRTCError Handling in WebRTC
Error Handling in WebRTC
 
WebRTC Demystified
WebRTC DemystifiedWebRTC Demystified
WebRTC Demystified
 
Firefox Architecture Overview
Firefox Architecture OverviewFirefox Architecture Overview
Firefox Architecture Overview
 
πP
πPπP
πP
 
Next Generation Browser Add-Ons
Next Generation Browser Add-OnsNext Generation Browser Add-Ons
Next Generation Browser Add-Ons
 
An Overview of Distributed Debugging
An Overview of Distributed DebuggingAn Overview of Distributed Debugging
An Overview of Distributed Debugging
 
A Brief Incursion into Botnet Detection
A Brief Incursion into Botnet DetectionA Brief Incursion into Botnet Detection
A Brief Incursion into Botnet Detection
 
Mozilla Weave: Integrating Services into the Browser
Mozilla Weave: Integrating Services into the BrowserMozilla Weave: Integrating Services into the Browser
Mozilla Weave: Integrating Services into the Browser
 
about:labs
about:labsabout:labs
about:labs
 
Distributed File Systems: An Overview
Distributed File Systems: An OverviewDistributed File Systems: An Overview
Distributed File Systems: An Overview
 
Innovating with Mozilla Labs
Innovating with Mozilla LabsInnovating with Mozilla Labs
Innovating with Mozilla Labs
 
Glendix: The Why and the How
Glendix: The Why and the HowGlendix: The Why and the How
Glendix: The Why and the How
 
Mozilla Prism
Mozilla PrismMozilla Prism
Mozilla Prism
 
Making Gentoo Tick
Making Gentoo TickMaking Gentoo Tick
Making Gentoo Tick
 

Dernier

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

WebRTC: User Security & Privacy

  • 1. WebRTC: User Security & Privacy W3C TPAC Anant Narayanan, Mozilla October 31, 2011 Tuesday, November 1, 11
  • 2. Overview ✤ Placement in standard ✤ Behavior on getUserMedia() ✤ Immediate & long-term permissions ✤ Permissions & user model ✤ User privacy indicators ✤ Summary Tuesday, November 1, 11
  • 3. Placement in Standard ✤ We currently do not specify what happens when getUserMedia is called with regards to asking user permission ✤ Such a specification may not fit in the standard as user agents vary wildly ✤ We can, however, come up with a set of “recommended guidelines” for major browser vendors to adopt (a specific type of a user agent) ✤ Open question: Is the W3C spec the right place to put this? Tuesday, November 1, 11
  • 4. User Permission ✤ getUserMedia() is asynchronous to allow the UA to ask the user permission, and choose exactly what media gets shared: ✤ ✤ Audio from microphone(s) ✤ ✤ Video from webcam(s) Transmit A/V from local media files Give user complete control over what is transmitted, irrespective of what the web application asked for Tuesday, November 1, 11
  • 6. Details... ✤ Firefox “Doorhanger”, distinguishes a browser request from regular web content and is a trusted space ✤ ✤ If application asked for both audio and video, default to both but allow user override (not depicted) ✤ ✤ Somewhat harder to spoof than an infobar (not really, just 2px!) Front/Back camera preferences better handled as “hints”? A list of granted permissions is always available and revocable from a “preferences” pane Tuesday, November 1, 11
  • 7. Immediate & long-term ✤ What is the time period for which the user grants access? ✤ Default is immediate (one-time only), user may explicitly choose “Always allow example.org to access A/V” ✤ Should the web-application be able to specify what type of access it needs? ✤ How are these permissions persisted? Tuesday, November 1, 11
  • 8. Permissions & Sessions ✤ Initial proposal was to tie a permission grant to a time-frame and domain name ✤ Feedback from web developers: ✤ Permissions should actually be tied to a user session, not just domain. Until everyone uses BrowserID, this means cookie jar? ✤ More realistically, we could allow the application itself to “revoke” a granted permission if it detects a change in user session? Tuesday, November 1, 11
  • 9. After permission is granted... Tuesday, November 1, 11
  • 10. Summary ✤ Mostly a set of UI and interaction guidelines, may not be applicable to all user agents (or to varying degrees) ✤ Where do we write this stuff down? ✤ Other open questions: ✤ What happens if devices are already in use by another application? ✤ What is the interaction for an incoming call? Tuesday, November 1, 11