SlideShare a Scribd company logo
1 of 10
Download to read offline
WebRTC: User Security & Privacy

W3C TPAC
Anant Narayanan, Mozilla
October 31, 2011

Tuesday, November 1, 11
Overview
✤

Placement in standard

✤

Behavior on getUserMedia()

✤

Immediate & long-term permissions

✤

Permissions & user model

✤

User privacy indicators

✤

Summary

Tuesday, November 1, 11
Placement in Standard
✤

We currently do not specify what happens when getUserMedia is
called with regards to asking user permission

✤

Such a specification may not fit in the standard as user agents vary
wildly

✤

We can, however, come up with a set of “recommended guidelines”
for major browser vendors to adopt (a specific type of a user agent)

✤

Open question: Is the W3C spec the right place to put this?

Tuesday, November 1, 11
User Permission
✤

getUserMedia() is asynchronous to allow the UA to ask the user
permission, and choose exactly what media gets shared:
✤

✤

Audio from microphone(s)

✤

✤

Video from webcam(s)

Transmit A/V from local media files

Give user complete control over what is transmitted, irrespective of
what the web application asked for

Tuesday, November 1, 11
Early Mockup

Tuesday, November 1, 11
Details...
✤

Firefox “Doorhanger”, distinguishes a browser request from regular
web content and is a trusted space
✤

✤

If application asked for both audio and video, default to both but
allow user override (not depicted)
✤

✤

Somewhat harder to spoof than an infobar (not really, just 2px!)

Front/Back camera preferences better handled as “hints”?

A list of granted permissions is always available and revocable from a
“preferences” pane

Tuesday, November 1, 11
Immediate & long-term

✤

What is the time period for which the user grants access?
✤

Default is immediate (one-time only), user may explicitly choose
“Always allow example.org to access A/V”

✤

Should the web-application be able to specify what type of access it
needs?

✤

How are these permissions persisted?

Tuesday, November 1, 11
Permissions & Sessions
✤

Initial proposal was to tie a permission grant to a time-frame and
domain name

✤

Feedback from web developers:
✤

Permissions should actually be tied to a user session, not just
domain. Until everyone uses BrowserID, this means cookie jar?

✤

More realistically, we could allow the application itself to “revoke”
a granted permission if it detects a change in user session?

Tuesday, November 1, 11
After permission is granted...

Tuesday, November 1, 11
Summary
✤

Mostly a set of UI and interaction guidelines, may not be applicable to
all user agents (or to varying degrees)

✤

Where do we write this stuff down?

✤

Other open questions:
✤

What happens if devices are already in use by another application?

✤

What is the interaction for an incoming call?

Tuesday, November 1, 11

More Related Content

Similar to WebRTC: User Security & Privacy

538210-rc220-rum
538210-rc220-rum538210-rc220-rum
538210-rc220-rumDan Boutin
 
The Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordThe Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordAlex Marsh
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applicationsSupreme O
 
Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0Roger Hudson
 
Troubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx PresentationTroubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx PresentationUniface
 
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 WorldAccessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 WorldNina McHale
 
Continuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYCContinuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYCMike Brittain
 
Web Browser Privacy and Security
Web Browser Privacy and SecurityWeb Browser Privacy and Security
Web Browser Privacy and SecurityDaVidSilenceKawlni
 
Skyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSkyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSarah Elson
 
T7L4.doc.doc
T7L4.doc.docT7L4.doc.doc
T7L4.doc.docVideoguy
 
Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)Oleksii Prohonnyi
 
Android Trainning Session 2
Android Trainning  Session 2Android Trainning  Session 2
Android Trainning Session 2Shanmugapriya D
 
Sphereshield for Webex - Presentation
Sphereshield for Webex - PresentationSphereshield for Webex - Presentation
Sphereshield for Webex - PresentationAGATSoftware
 

Similar to WebRTC: User Security & Privacy (20)

538210-rc220-rum
538210-rc220-rum538210-rc220-rum
538210-rc220-rum
 
DZone-RUM
DZone-RUMDZone-RUM
DZone-RUM
 
538210 rc220-rum
538210 rc220-rum538210 rc220-rum
538210 rc220-rum
 
The Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome SwordThe Browser Wars and Google's Chrome Sword
The Browser Wars and Google's Chrome Sword
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applications
 
10th heuristic evaluation
10th heuristic evaluation10th heuristic evaluation
10th heuristic evaluation
 
Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0Wipa Seminar WCAG 2.0
Wipa Seminar WCAG 2.0
 
Browser Based Performance Testing and Tuning
Browser Based Performance Testing and TuningBrowser Based Performance Testing and Tuning
Browser Based Performance Testing and Tuning
 
Troubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx PresentationTroubleshooting Urouter Problems: WebEx Presentation
Troubleshooting Urouter Problems: WebEx Presentation
 
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 WorldAccessibility Update: Section 508 and WCAG in a Library 2.0 World
Accessibility Update: Section 508 and WCAG in a Library 2.0 World
 
Continuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYCContinuous Deployment at Etsy — TimesOpen NYC
Continuous Deployment at Etsy — TimesOpen NYC
 
Web Browser Privacy and Security
Web Browser Privacy and SecurityWeb Browser Privacy and Security
Web Browser Privacy and Security
 
070308-simmons.ppt
070308-simmons.ppt070308-simmons.ppt
070308-simmons.ppt
 
OAuth Base Camp
OAuth Base CampOAuth Base Camp
OAuth Base Camp
 
Skyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal EffortSkyrocket Your Cross Browser Testing with Minimal Effort
Skyrocket Your Cross Browser Testing with Minimal Effort
 
MediaMosa and webservices
MediaMosa and webservicesMediaMosa and webservices
MediaMosa and webservices
 
T7L4.doc.doc
T7L4.doc.docT7L4.doc.doc
T7L4.doc.doc
 
Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)Usability of UI Design (motivation, heuristics, tools)
Usability of UI Design (motivation, heuristics, tools)
 
Android Trainning Session 2
Android Trainning  Session 2Android Trainning  Session 2
Android Trainning Session 2
 
Sphereshield for Webex - Presentation
Sphereshield for Webex - PresentationSphereshield for Webex - Presentation
Sphereshield for Webex - Presentation
 

More from Anant Narayanan

Enterprise Scale Knowledge Graphs
Enterprise Scale Knowledge GraphsEnterprise Scale Knowledge Graphs
Enterprise Scale Knowledge GraphsAnant Narayanan
 
Building an Intelligent Assistant
Building an Intelligent AssistantBuilding an Intelligent Assistant
Building an Intelligent AssistantAnant Narayanan
 
WebRTC: A Practical Introduction
WebRTC: A Practical IntroductionWebRTC: A Practical Introduction
WebRTC: A Practical IntroductionAnant Narayanan
 
Message Passing vs. Data Synchronization
Message Passing vs. Data SynchronizationMessage Passing vs. Data Synchronization
Message Passing vs. Data SynchronizationAnant Narayanan
 
Firebase: Tales from the Trenches
Firebase: Tales from the TrenchesFirebase: Tales from the Trenches
Firebase: Tales from the TrenchesAnant Narayanan
 
Error Handling in WebRTC
Error Handling in WebRTCError Handling in WebRTC
Error Handling in WebRTCAnant Narayanan
 
Firefox Architecture Overview
Firefox Architecture OverviewFirefox Architecture Overview
Firefox Architecture OverviewAnant Narayanan
 
Next Generation Browser Add-Ons
Next Generation Browser Add-OnsNext Generation Browser Add-Ons
Next Generation Browser Add-OnsAnant Narayanan
 
An Overview of Distributed Debugging
An Overview of Distributed DebuggingAn Overview of Distributed Debugging
An Overview of Distributed DebuggingAnant Narayanan
 
A Brief Incursion into Botnet Detection
A Brief Incursion into Botnet DetectionA Brief Incursion into Botnet Detection
A Brief Incursion into Botnet DetectionAnant Narayanan
 
Mozilla Weave: Integrating Services into the Browser
Mozilla Weave: Integrating Services into the BrowserMozilla Weave: Integrating Services into the Browser
Mozilla Weave: Integrating Services into the BrowserAnant Narayanan
 
Distributed File Systems: An Overview
Distributed File Systems: An OverviewDistributed File Systems: An Overview
Distributed File Systems: An OverviewAnant Narayanan
 
Innovating with Mozilla Labs
Innovating with Mozilla LabsInnovating with Mozilla Labs
Innovating with Mozilla LabsAnant Narayanan
 
Glendix: The Why and the How
Glendix: The Why and the HowGlendix: The Why and the How
Glendix: The Why and the HowAnant Narayanan
 

More from Anant Narayanan (20)

Enterprise Scale Knowledge Graphs
Enterprise Scale Knowledge GraphsEnterprise Scale Knowledge Graphs
Enterprise Scale Knowledge Graphs
 
Building an Intelligent Assistant
Building an Intelligent AssistantBuilding an Intelligent Assistant
Building an Intelligent Assistant
 
WebRTC: A Practical Introduction
WebRTC: A Practical IntroductionWebRTC: A Practical Introduction
WebRTC: A Practical Introduction
 
Message Passing vs. Data Synchronization
Message Passing vs. Data SynchronizationMessage Passing vs. Data Synchronization
Message Passing vs. Data Synchronization
 
Firebase: Tales from the Trenches
Firebase: Tales from the TrenchesFirebase: Tales from the Trenches
Firebase: Tales from the Trenches
 
WebRTC: An Overview
WebRTC: An OverviewWebRTC: An Overview
WebRTC: An Overview
 
Error Handling in WebRTC
Error Handling in WebRTCError Handling in WebRTC
Error Handling in WebRTC
 
WebRTC Demystified
WebRTC DemystifiedWebRTC Demystified
WebRTC Demystified
 
Firefox Architecture Overview
Firefox Architecture OverviewFirefox Architecture Overview
Firefox Architecture Overview
 
πP
πPπP
πP
 
Next Generation Browser Add-Ons
Next Generation Browser Add-OnsNext Generation Browser Add-Ons
Next Generation Browser Add-Ons
 
An Overview of Distributed Debugging
An Overview of Distributed DebuggingAn Overview of Distributed Debugging
An Overview of Distributed Debugging
 
A Brief Incursion into Botnet Detection
A Brief Incursion into Botnet DetectionA Brief Incursion into Botnet Detection
A Brief Incursion into Botnet Detection
 
Mozilla Weave: Integrating Services into the Browser
Mozilla Weave: Integrating Services into the BrowserMozilla Weave: Integrating Services into the Browser
Mozilla Weave: Integrating Services into the Browser
 
about:labs
about:labsabout:labs
about:labs
 
Distributed File Systems: An Overview
Distributed File Systems: An OverviewDistributed File Systems: An Overview
Distributed File Systems: An Overview
 
Innovating with Mozilla Labs
Innovating with Mozilla LabsInnovating with Mozilla Labs
Innovating with Mozilla Labs
 
Glendix: The Why and the How
Glendix: The Why and the HowGlendix: The Why and the How
Glendix: The Why and the How
 
Mozilla Prism
Mozilla PrismMozilla Prism
Mozilla Prism
 
Making Gentoo Tick
Making Gentoo TickMaking Gentoo Tick
Making Gentoo Tick
 

Recently uploaded

3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.IPLOOK Networks
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfInfopole1
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosErol GIRAUDY
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kitJamie (Taka) Wang
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024Brian Pichman
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 

Recently uploaded (20)

3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenarios
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kit
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 

WebRTC: User Security & Privacy

  • 1. WebRTC: User Security & Privacy W3C TPAC Anant Narayanan, Mozilla October 31, 2011 Tuesday, November 1, 11
  • 2. Overview ✤ Placement in standard ✤ Behavior on getUserMedia() ✤ Immediate & long-term permissions ✤ Permissions & user model ✤ User privacy indicators ✤ Summary Tuesday, November 1, 11
  • 3. Placement in Standard ✤ We currently do not specify what happens when getUserMedia is called with regards to asking user permission ✤ Such a specification may not fit in the standard as user agents vary wildly ✤ We can, however, come up with a set of “recommended guidelines” for major browser vendors to adopt (a specific type of a user agent) ✤ Open question: Is the W3C spec the right place to put this? Tuesday, November 1, 11
  • 4. User Permission ✤ getUserMedia() is asynchronous to allow the UA to ask the user permission, and choose exactly what media gets shared: ✤ ✤ Audio from microphone(s) ✤ ✤ Video from webcam(s) Transmit A/V from local media files Give user complete control over what is transmitted, irrespective of what the web application asked for Tuesday, November 1, 11
  • 6. Details... ✤ Firefox “Doorhanger”, distinguishes a browser request from regular web content and is a trusted space ✤ ✤ If application asked for both audio and video, default to both but allow user override (not depicted) ✤ ✤ Somewhat harder to spoof than an infobar (not really, just 2px!) Front/Back camera preferences better handled as “hints”? A list of granted permissions is always available and revocable from a “preferences” pane Tuesday, November 1, 11
  • 7. Immediate & long-term ✤ What is the time period for which the user grants access? ✤ Default is immediate (one-time only), user may explicitly choose “Always allow example.org to access A/V” ✤ Should the web-application be able to specify what type of access it needs? ✤ How are these permissions persisted? Tuesday, November 1, 11
  • 8. Permissions & Sessions ✤ Initial proposal was to tie a permission grant to a time-frame and domain name ✤ Feedback from web developers: ✤ Permissions should actually be tied to a user session, not just domain. Until everyone uses BrowserID, this means cookie jar? ✤ More realistically, we could allow the application itself to “revoke” a granted permission if it detects a change in user session? Tuesday, November 1, 11
  • 9. After permission is granted... Tuesday, November 1, 11
  • 10. Summary ✤ Mostly a set of UI and interaction guidelines, may not be applicable to all user agents (or to varying degrees) ✤ Where do we write this stuff down? ✤ Other open questions: ✤ What happens if devices are already in use by another application? ✤ What is the interaction for an incoming call? Tuesday, November 1, 11