Bug 73816 - MediaStream API: Removing SecurityContext from the embedder API
Summary: MediaStream API: Removing SecurityContext from the embedder API
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit API (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Tommy Widenflycht
Depends on:
Blocks: 56459
  Show dependency treegraph
Reported: 2011-12-05 03:32 PST by Tommy Widenflycht
Modified: 2012-02-15 17:35 PST (History)
6 users (show)

See Also:

Patch (10.79 KB, patch)
2011-12-05 03:36 PST, Tommy Widenflycht
no flags Details | Formatted Diff | Diff
Patch (10.85 KB, patch)
2012-02-10 06:19 PST, Tommy Widenflycht
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Tommy Widenflycht 2011-12-05 03:32:38 PST
Changed the SecurityOrigin argument to a String in PeerConnectionHandler and associated files.
This is done for two reasons:
1) Using SecurityContext breaks the layering pattern
2) The textual representation is enough anyway.
Comment 1 Tommy Widenflycht 2011-12-05 03:36:17 PST
Created attachment 117864 [details]
Comment 2 WebKit Review Bot 2011-12-05 03:38:38 PST
Please wait for approval from fishd@chromium.org before submitting because this patch contains changes to the Chromium public API.
Comment 3 Tommy Widenflycht 2012-02-10 06:19:51 PST
Created attachment 126510 [details]
Comment 4 Darin Fisher (:fishd, Google) 2012-02-13 08:23:19 PST
Is this something Adam recommended?  Is the idea that "platform" level stuff should not depend on SecurityOrigin?

Generally, replacing SecurityOrigin with a String is seen as the wrong thing to do.  I find it interesting that you are calling the result of SecurityOrigin::toString() a "username"... can you say more about what this string is meant to represent?  Typically, security origins are URLs (but not always), so I'd like to better understand what it is for media streams.

How will the consumer of this string make use of this field?  Are you saying that it will just be treated in opaque fashion?  What is its purpose then?
Comment 5 Tommy Widenflycht 2012-02-13 08:49:26 PST
It is partly a platform violation but the main reason is that we need it in string form only so I'm changing to to the correct type.
The URL is used in the ice negotiation as a little security.
Comment 6 Adam Barth 2012-02-13 09:10:02 PST
Seems fine.  What is the string called in the spec?  As much as possible, we should try to reuse names from the spec in the implementation.
Comment 7 Tommy Widenflycht 2012-02-13 09:14:12 PST
It's called username.

Quote: "The long-term username for the STUN or TURN server is the ASCII serialization of the entry script's origin;"
Comment 8 Adam Barth 2012-02-13 09:41:46 PST
Comment 9 Tommy Widenflycht 2012-02-15 04:42:49 PST
FYI I discussed with Harald who said that the username will have to be specified when creating the PeerConnection object instead of taking the SecurityOrigin in a future revision of the specification. Yet another reason to do this change now.
Comment 10 WebKit Review Bot 2012-02-15 17:35:17 PST
Comment on attachment 126510 [details]

Clearing flags on attachment: 126510

Committed r107861: <http://trac.webkit.org/changeset/107861>
Comment 11 WebKit Review Bot 2012-02-15 17:35:22 PST
All reviewed patches have been landed.  Closing bug.