This document discusses user security and privacy considerations for WebRTC. It proposes guidelines for how browsers should handle requesting permission to access a user's camera and microphone via getUserMedia(), including displaying a permission prompt, giving the user control over which media types are shared, and options for one-time or persistent permission grants. It also addresses how permissions would be tied to user sessions rather than just domains and how a granted permission could be revoked. The document raises open questions around where these guidelines should be specified and how permission requests would be handled if media devices are already in use.