Bug 73816

Summary: MediaStream API: Removing SecurityContext from the embedder API
Product: WebKit Reporter: Tommy Widenflycht <tommyw>
Component: WebKit APIAssignee: Tommy Widenflycht <tommyw>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, fishd, grunell, harald, s.choi, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 56459    
Attachments:
Description Flags
Patch
none
Patch none

Description Tommy Widenflycht 2011-12-05 03:32:38 PST
Changed the SecurityOrigin argument to a String in PeerConnectionHandler and associated files.
This is done for two reasons:
1) Using SecurityContext breaks the layering pattern
2) The textual representation is enough anyway.
Comment 1 Tommy Widenflycht 2011-12-05 03:36:17 PST
Created attachment 117864 [details]
Patch
Comment 2 WebKit Review Bot 2011-12-05 03:38:38 PST
Please wait for approval from fishd@chromium.org before submitting because this patch contains changes to the Chromium public API.
Comment 3 Tommy Widenflycht 2012-02-10 06:19:51 PST
Created attachment 126510 [details]
Patch
Comment 4 Darin Fisher (:fishd, Google) 2012-02-13 08:23:19 PST
Is this something Adam recommended?  Is the idea that "platform" level stuff should not depend on SecurityOrigin?

Generally, replacing SecurityOrigin with a String is seen as the wrong thing to do.  I find it interesting that you are calling the result of SecurityOrigin::toString() a "username"... can you say more about what this string is meant to represent?  Typically, security origins are URLs (but not always), so I'd like to better understand what it is for media streams.

How will the consumer of this string make use of this field?  Are you saying that it will just be treated in opaque fashion?  What is its purpose then?
Comment 5 Tommy Widenflycht 2012-02-13 08:49:26 PST
It is partly a platform violation but the main reason is that we need it in string form only so I'm changing to to the correct type.
The URL is used in the ice negotiation as a little security.
Comment 6 Adam Barth 2012-02-13 09:10:02 PST
Seems fine.  What is the string called in the spec?  As much as possible, we should try to reuse names from the spec in the implementation.
Comment 7 Tommy Widenflycht 2012-02-13 09:14:12 PST
It's called username.

Quote: "The long-term username for the STUN or TURN server is the ASCII serialization of the entry script's origin;"
Comment 8 Adam Barth 2012-02-13 09:41:46 PST
Great.
Comment 9 Tommy Widenflycht 2012-02-15 04:42:49 PST
FYI I discussed with Harald who said that the username will have to be specified when creating the PeerConnection object instead of taking the SecurityOrigin in a future revision of the specification. Yet another reason to do this change now.
Comment 10 WebKit Review Bot 2012-02-15 17:35:17 PST
Comment on attachment 126510 [details]
Patch

Clearing flags on attachment: 126510

Committed r107861: <http://trac.webkit.org/changeset/107861>
Comment 11 WebKit Review Bot 2012-02-15 17:35:22 PST
All reviewed patches have been landed.  Closing bug.