►
From YouTube: WEBRTC WG Virtual Interim November 26, 2019
Description
Recording of the W3C WEBRTC WG virtual interim of November 26, 2019.
A
Purpose
of
the
meeting
is
to
decide
on
issues
blocking
the
final
candidate
recommendation
or
over
to
CPC
we're
also
trying
to
make
progress
on
stats
and
privacy
issues,
and
we
expect
to
reissue
a
CR
of
whoever
to
see
bazillion
stats
after
this
meeting
some
basic
info,
if
you're
here
you
probably
know
this
and
the
slides
are
up
on
the
wiki
and
this
meeting
is
now
being
recorded.
So
this
is
what
we're
trying
to
do
today,
a
number
of
issues
on
wherever
to
CPC
stats
and
media
capture.
So
this
is
on
the
agenda.
A
A
C
All
right,
so
a
number
of
features
have
been
moved.
The
at-risk
features
as
well
as
since
we've
had
a
feature.
Freeze,
we've,
we've
said
anything:
that's
anything
has
been
moved
to
the
extensions
to
a
separate
spec
and
I
ended
up
just
creating
one
on
my
personal
github,
so
it
it's
at
web
bridge.
The
extension
we
have
the
following.
C
A
three
features
have
been
you
there:
the
get
get
default,
ice
servers
max
frame
rate
and
oh
also,
some
new
features
there,
like
the
player,
delay
hint
and
adaptive
P
time
and
and
there's
other
discussions
that
I
haven't
gone
through
yet
but
I'm
wondering
if
the
working
group
would
like
to
adopt
the
extension
spec.
Basically
I
want
I
want
future
discussions
to
well,
it
needs
a
working
group.
It
needs
a
home
so
that
it's
not
just
my
opinion.
B
E
Think
it's
it's
also
fine
to
have.
Whoever
does
the
extensions
back
there
I
would
tend
to
think
that
it
would
remain
a
working
draft
forever
and
whenever
a
feature
like
is
shipping,
then
we
could
put
it
in
Weber
CPC
if
it
makes
more
sense
if
it
if
it
does
not
make
more
sense,
we
can
leave
it
there,
but
yeah.
Some
of
these
features
might
end
up
going
inwards,
PC
so
yeah.
F
G
D
Harold,
okay,
I'll
start
with
the
Sun
codex
thing,
and
the
nice
thing
about
this
particular
issue
is
that
this
seems
to
have
gone
away
from
completely
different
reasons.
When
the
issue
focused
on
the
fact
that
the
payload
type
was
was
being
updated
in
an
inconsistent
manner
between
two
different
liquors
and
now
it's
gone
from
one
of
them.
So
it's
not
the
problem
anymore
and
so
I
propose
that
we
kills
this
issue
saying
that
this
is
not
a
precise
problem
and
let's
open
a
new
one
and
of
course,
henyk
took
up
the
challenge.
G
G
D
I
F
D
D
Or
in
the
remote
sponsor,
but
that
means
that
when
we're
doing
the
offer,
it's
not
or
it's
a
previous
value,
because
the
reason
it's
a
but
it's
a
bug-
I
mean,
strictly
speaking
what
sins
and
receive
colleagues
isn't
affecting
anything
down
in
the
machinery.
But
it's
confusing
not
to
have
it
right,
because
when
we
offer
a
new
pillow
type
in
a
renegotiation,
it's
possible
that
the
answer
to
that
offer
gets
delayed
so
long
that
the
media
sent
with
a
new
payload
type
arrives
before
before.
D
D
A
D
A
D
C
C
I
D
H
G
Right
so
set
parameters
and
get
parameters
has
some
racy
behavior,
and
there
are
two
problems
and
I
want
us
to
talk
about
this
one
first,
but
it's
already
called
a
and
B
in
the
on
the
github
repo,
so
I'm
still
calling
a
beat
here.
So
the
first
problem
is
that
get
parameters
is
not
really
a
true
getter.
H
G
G
It
jumps
D
transaction
ID,
every
time
you
call
it.
So
if
you,
for
instance,
do
this,
where
you
call
it,
then
you
call
some
unrelated
function
that
internally,
you
know
also
calls
get
parameters
for
an
unrelated
reason.
When
you
come
back
to
the
main
function,
loop
and
you're
trying
to
set
the
parameters
you
get
it,
you
can
get
an
invalid
state
error
based
on
logic
in
that
function
in
this
case
bar.
So
that's
one
problem
that
doesn't
seem
good.
The
other
one
is
that
we
can
also
have
a
race
with
a
remote
simulcast
offer.
G
If
you
get
parameters,
and
then
you
wait
a
little
bit
and
then
you
call
set
parameters
because-
and
that's
because
when
when
said
remote
description
gets
a
simulcast
offer,
it
clears
the
internal
slot
that
we
return,
which
causes
that
set
parameters
to
fail,
because
it
says
parameters
are
not
the
ones
I've
got.
So
how
do
we
solve
this
next
slide?.
G
G
You
get
parameters
in
if
you
want
to
call
set
parameters,
so
it
solves,
be
its
navigator
with
no
discernible
side
effects,
which
means
you
can
call
get
parameters,
call
some
unrelated
function
without
wondering
it
calls
get
parameters
because
we
don't
bump
the
transaction
ID,
so
set
parameter,
still
always
works
rather
than
fail
intermittently.
So.
A
G
The
the
unrelated
function,
in
this
case
it's
asynchronous
function
if
it
calls
an
asynchronous
one
set.
Parameters
is
asynchronous,
so
it's
actually
not
possible
to
the
parameters
synchronously
all
you're
doing
is
you
know
when
the
parameters
the
parameters
can
only
change
asynchronously.
Basically,
so
that's.
D
G
D
E
G
E
G
The
reason
I
don't
like
it
is,
if
you
use
perfect
negotiation
or
if
you
just
use
on
negotiation
needed
to
abstract
away
negotiation.
The
assumption
is
that
you
can
then
call
these
high-level
methods
on
the
pair
connection
object
without
worrying
about
signaling
state
at
all,
and
this
breaks
that
because
it'll
work
most
of
the
time,
but
some
of
the
time
it'll
sail,
and
it
won't
be
obvious.
What
just
happened
was
that
you
happen
to
race
with
negotiation,
which
was
happening
in
the
background,
so
to
speak.
Well,.
A
C
I
do
think
it's
a
food
gun
I
think
when
you
think
about
rollback
and
rolling
back
recieved
codex,
which
there
is
a
future
slide
for
there's
more
recent
right.
I
mean
there's
more
reasons
that
it
could
fail.
You
could
say
that's
a
feature,
but
I.
Is
it
useful
to
be
able
to
get
parameters
and
then
change
stuff,
and
then
it
fails?
C
It
seems
like
the
the
safe
and
most
straightforward
and
user-friendly
way
to
use
this
API
is
to
call
get
parameters
and
then
call
set
parameters
in
the
same
task
and
I
don't
see
any
reason
to
allow
other
ways
to
use
this.
It's
like
we
have
plenty
of
food
cans
in
WebRTC,
and
this
is
one
foot
can
less
like
hey.
That's
good,
see
us
losing
any
real
use
case
from
allowing
this.
F
Since,
at
the
same
time,
I
would
say
that
it's
not
necessarily
obvious
that
when
you
call
get
powders,
you
immediately
have
with
your
solutions
to
call
set
parameters
immediately
without
any
weight
on
anything,
because
maybe
you
have
some
legitimate
reasons
to
call
some
a
synchronous
function
in
your
logic
code,
and
then
it
doesn't
work
anymore.
There
might
be
some
existing
code
right
now,
based
on
the
old
behavior.
That
is
actually
doing
that
properly
and
yeah
from
logging
for
some
things,
and
then
it
would
break
here.
F
G
F
Ladies,
just
maybe,
is
just
calculating
the
pairs
of
proper
parameters,
initially
sunny
setting
them
into
into
anything
coatings
of
your
of
the
Trentham
transceiver
transceiver
parameters.
So
all
the
parameters
are
good
from
the
start.
He
does
negotiation
and
after
that
Oh
context
change
in
the
cold
I'm
going
to
set
the
parameters.
That
was
not
necessarily
a
new
negotiation
happening
and
then
still
the
same
thing.
That
code
could
be
written
and
you
would
break
that.
The.
G
Other
thing
that
might
raise
well,
what
we
have
here
is
this
construct
of
get
to
parameters
which
is
synchronous
and
then
modify
them
and
set
them
back
now.
Think
about.
If
you
have
this
being
done
on
a
button,
click
or
something
you
can
actually
have
this
race
against
other
iterations
of
itself
right.
So
it's
it's
kind
of
it's
risky
to
get
a
copy
of
something
and
then
wait
a
little
bit
and
then
set
it
back.
That's
the
yeah.
A
E
G
C
F
F
G
D
F
D
So
so
the
reason
for
having
a
transaction
ID
at
all
mister.
Third,
it's
the
way
we
can
detect
them.
If
someone
gets
back
does
get
parameters
then
waits
a
bit
and
then
the
parameters
and
it
will
succeed
if
the
parameters
are
not
changed,
but
the
transaction
ID
has
changed
and
right.
That
is
a
change.
So
then
that's
required
for
the
solution
to
a
it
always
failed.
D
D
E
F
G
The
an
issue
here
is,
if
can
simulcast
offers
renegotiate
rids
our
IDs,
and
we
looked
at
J
SEP
and
it
says,
offers
and
answers
inside
an
existing
session
follow
the
rules
of
initial
negotiation.
Such
an
offer
may
propose
a
change
in
the
number
of
written
use,
but
to
avoid
races
with
media
&.
Events
with
proposed
changes
should
use
a
new
ID
rather
than
reusing.
One
of
the
previous
values
and
rates
without
proposed
changes
should
without
changes,
should
reused
a
since
the
old
IDs.
G
So
that's
from
remote
offers,
and
that
differs
from
the
local
sign
work
for
a
transceiver.
We
say
once
the
envelope
for
simulcast
is
determined.
Layers
can
be
removed
and
may
be
that
difference
is
fine,
because
we
can't
really
control
what
comes
in
into
a
remote
offer,
and
we
don't
have
that
many
options
or
actually
like
just
lent
out
rejecting
as
if
remote
offers
are
invalid,
is
support
poor
choice.
G
So
we
have
to
do
something
so
or
inter
not
so
we
could
leave
this
as
is,
and
leave
user
agents
to
come
up
with
something
or
we
could
for
interrupt.
We
could
have
WebRTC
PC
dictate
stronger
requirements,
for
our
implementations
must
respond
to
this.
So
if
we
want
to
do
that,
then
both
suggestions
here,
you
know
I-
don't
have
a
good
PR
here.
I'm
just
posing
questions
so
once
send
the
codings
length
is
more
than
one.
H
G
C
K
C
G
A
H
G
G
A
Well,
I
think
I
think
Ivan.
We
should
probably
try
it
out
henrik,
but
the
problem.
Like
here's
a
weird
example
say
you
set
3/3
encodings
in
set
local
right.
You
did
and
reserve
set
three
and
then
you
get
an
offer
for
two:
you
you
do
roll
back
and
what
will
happen?
I
doubt
this
will
succeed.
Will
it
I.
C
A
A
G
C
D
L
C
G
G
G
A
C
G
A
G
I
L
G
Yeah,
but
in
this
case
we
don't
really
have
to
contradict
chase
that
either
it
says
an
offer.
May
that's
only
about
what
you
produce?
It's
not
what
comes
in
right,
so
this
normative
language
is
not
relevant
on
inputs.
So
I
don't
know
if
they're
so
similar
language
for
how
to
treat
input.
But
it's
going
to
be
valid
problem.
K
A
D
Okay,
yes,
so
I
looked
carefully
at
the
completed
States
and
it
says
that
there
are
five
conditions
in
order
to
have
has
a
completely
safe.
It
should
be
the
state
be
completed
after
finished.
Gary
has
to
receive
the
education
and
the
number
remote
tenets
which
chrome
doesn't
support
personnel,
so
we'll
never
get
that
finished.
Checking
all
kinda
spares
and
found
the
connection
so
file
connection
five
permissions,
so
yeah.
D
D
Only
one,
if
there's
only
one
them
it's
possible
that
all
the
other
things
happen
before
and
I
mean
it's
not
possible
a
Crone,
but
did
you
are
other
bird,
but
this
it's
possible
that
all
the
other
conditions
can
be
satisfied
before
we
finished
checking
the
scan
it
and
in
that
case
I
think
we
have
found
the
state
where
it
goes
to
check
from
checking
to
completed
so
I
think
the
answer
is
yes
son.
We
should
rather
back
Ellen
I,
don't
know
to
respect
to
say
this
might
happen.
C
G
C
D
L
C
C
Okay
and
right
so
if
we
investigated
that
the
lifecycle
transfers
I
mean
a
code
pen
and
it's
indeed
asymmetrical,
and
that
if
you
are
the
offers,
the
transports
are
created
at
such
local
description
and
if
you
are
the
answer
that
this
transport
I
created,
etcetera.
My
description
answer
and
the
reason
that
we
have
this
asymmetry
is
for
the
early
media
use
case
so
or
and
for
bundling
as
well.
So
so
you
could,
you
could
offer,
and
in
case
the
other
end
point
doesn't
support,
bundling.
C
Well,
what
this
means
is
that
the
transports
you
have
when
you
really
have
local
offer
state
are
really
just
transports
that
are
on
offer
and
so
like
all
the
following.
Slides
will
be
about
rollback.
So
the
if
you
have
something
that's
on
offer
that
might
not
apply
yeah.
You
have
to
you
have
to
remove
this
when
you
roll
back
and
right
now
we
don't
update
the
the
transport
internal
slots
when
we
roll
back.
C
C
Well
in
any,
you
can
think
of
the
bundling
case
that
the
point
is
the
point
is
when
you
you,
when
you
have
an
offer,
you
may
have
a
temporary
transport
object
and
if
you
roll
back,
then
you
you
would
remove
the
transport
because
it
wouldn't
exist
anymore
right.
The
transport
is
created
as
part
of
the
offer.
So
if
we
roll
back,
we
roll
back
anything
that
was
caused
by
an
offer.
Then
we
have
to
roll
back
transfers
like.
G
D
C
D
C
And
and
the
cotton
works
in
in
Chrome,
but
it
the
the
it
may
be
ugly,
but
it's
it's
needed
to
fully
represent
what
can
happen
for,
for
the
bundling
being
rejected
the
use
case
and
and
I
think
we
should
just
live
with
that,
because
this
is
what's
implemented,
PR
and
it
already
works,
and
it
makes
sense.
So
that's.
A
C
Well,
the
bundling
confusing
is
always
confusion
is
already
implemented.
The
the
bogging
in
the
spec
is
that
when
you
do
rollback
the
according
to
spec,
you
use
have
these
transports
that
don't
map
to
anything
in
JSF,
because
you
can
never
clean
it
up
so
that
as
a
peer
and
okay.
So
let's
record
the
decision
and
go
to
the
next
slide.
So
it's
a
similar
problem
here
right
so
black
in
our
previous
slide,
we
decided
to
receive
codecs
are
something
that
you
set
on
offer.
So
this
should
sound
similar
to
the
previous
slide.
C
Well,
if
you,
if
you
have
something
that's
on
offer,
rollback
needs
to
revert
it
right,
yeah,
so
yeah
and-
and
we
need
to
do
this-
was
receive
codecs
because
of
early
media.
We
don't
need
to
do
this
with
send
codecs
because
send
codecs
is
only
updated
when
you
set
the
answer,
meaning
you
go
back
to
stable
state,
so
it's
only
applies
for
receive
codecs.
The
proposal
is
to
yeah
revert
the
value.
C
C
J
B
A
B
C
We
have
so
well
now
that
we're
reverting
this
beautiful
internal
slots.
That
means,
if
you
do
get
parameters,
and
then
you
do
roll
back
and
then
you
do
set
parameters.
The
parameters
will
have
changed.
This
is
why
I
like
any
verse
thing
where
you
don't
support
asynchronous
stuff,
because
then
this
issue
becomes
a
non-issue
I
move.
C
This
is
already
solved,
but
otherwise
I
would
suggest
that
we
add
a
you
know.
We
clarify
the
perfect
negotiation
example
with
how
to
protect
against
this,
but
not
needed.
I
think
we
can
go
to
the
next
slide.
Okay
and-
and
then
this
is
also
part
of
thinking
about
what
happens
when
you're
doing
when
you
do
rollback,
and
one
of
the
things
that
you
can
do
is
restart
ice,
which
means
that
in
this
case
pc1
is,
is
it
wants
to
restart
ice?
C
C
So
I
looked
at
this
and
I
thought.
How
is
this
a
problem?
Do
we
need
to
document
it
and
then,
with
discussions
with
Johnny
very
base?
It
sits
like
this.
This
is,
this
is
not
special
for
rollback.
This
is
already
case
if
you
the
case,
if
you
have
multiple
incoming
offers
in
offer,
collisions
and
so
I
think
this
is
like
a
possible
foot
gun,
but
it's
a
rollback
purposes.
I
think
we
can
close
this
issue
and
we've
already
filed
an
issue
to
add
an
example
about
that
to
perfect
negotiation.
G
G
That
means,
if
impolite
and
return
basically
ignoring
incoming
offers
and
because
we
never
set
that
offer
on
the
peer
connection
object.
If
your
connection
object
has
no
way
to
to
to
know
what
the
would
be
offered
would
have
been,
and
it
doesn't
have
enough
information
to
then
silence
any
incoming
candidates
on
that
offer.
So
the
JavaScript
will
need
a
boolean
that
basically
say
I
just
ignored
the
remote
description,
so
that
isit
candidate
may
now
produce
failures
for
a
couple
of
seconds,
because
there
are
probably
candidates
coming
in
after
that
offer.
G
C
Do
think
the
spec
deserves
a
perfect
negotiation
example,
because
it's
yeah,
it's
it's
quite
complicated
and
there's
this
like
there's
one
way
to
use
the
api's
perfectly
and
then
there's
a
million
ways
to
do
it
incorrectly.
So
it's
good,
if
that's
actually
in
part
of
the
spec
and
not
part
of
a
blog
post
yeah.
Well,
it
can
also
be
a
part
of
a
blog
post.
Okay,.
J
C
Okay,
next
slide,
so
the
RTC
error.
So
today,
like
the
specs
Esther,
so
an
RTC
error,
it's
just
a
dumb
exception
and
today's
implementations
throws
the
operation
error.
It
seems
if
you,
if
you
inspect
the
JavaScript
the
object,
you'll
see
name
operation,
error
messages,
its
back
I,
don't
know.
For
some
reason.
Stacking
message
is
the
same
thing,
and
so
this
is
like
this
is
what
you
see,
but
the
spec
says
you
should
do
RTR,
which
looks
different
than
the
as
illustrated
here.
C
The
name
is
RTC
error,
and
it
also
has
additional
fields
and
the
additional
fields
they're
like
they're
nice
to
have
there.
They
are
unlikely
to
cause
cause
backwards,
compatibility
issues,
but
if
people
inspect
the
name,
that
would
be
probably
be
a
hurdle,
and
so
the
proposal
is
to
to
still
still
have
this
RTC
error,
but
the
RTC
error
constructs
itself
with
the
backwards
compatible,
name
and
and
I
need
to
look
at
the
details.
C
If
this
can
always
be
operation,
error
or
if
we
need
to
have
different
operation,
different
names
used
here,
I
think
probably
we
can
just
always
hard
code.
This
operation,
error
and
I
need
to
look
into
that
that
the
point
is:
are
we
okay
with
RTC
error,
using
a
different
name
than
our
DC
error,
for
instance?
So
that's
that's
the
proposal
and
then
then
the
well
then
they're
just
to
point
out.
No
one's
actually
implemented
these.
So
the
question
is:
do
we
need
to
mark
the
the
additional
fields
as
at
risk.
C
What
I
need
to
try
out
in
practice?
I
didn't
have
time
but
I.
It
looks
like
most
most
when
I
searched
around
in
chromium.
It
looks
like
operation.
Error
is
thing,
but
yeah.
The
the
point
of
this.
The
assumption
that,
if
we
want
to
do
this,
is
that
this
actually
source
solves
compatibility
issues
so
I
this
is
assuming.
We
do
have
names
that
are
interoperable
already
and
we
don't
want
to
change
them
yet.
A
J
B
D
So
this
is
just
a
matter
of
I
would
call
it
elegance
I
mean
when
I
looked
at
the
rtcdatachannel
stats,
for
instance,
it
has
a
data
channel
at
the
fire
field
and
without
it
you
wouldn't
know
which
data
channel
you
were
talking
about
and
I
mean
it
would
simply
be
a
mean
mean
yes
that
and
so
other
stats
are
and
do
not
feel
that
can
be
missing.
Princeton's
the
channel
count
in
RTC
Kulik
stats.
D
The
only
place
you
want
to
use
it
at
the
moment
is
for
stereo
audio.
When
you
have
video
or
you're
a
mono,
you
just
skip
the
field,
so
it's
just
a
matter
of
making
spec
easy
to
reads
to
say
that
in
these
cases
here
you
have
the
word
required.
It's
a
dictionary
and
I
think
that's
tutorial.
There's
no
code
changes
in
the
clients
and
those
code
changes
in
the
in
this
X.
So
it
should
do
this,
but
I
think
but
I
don't
see
that
we
need
to
do
it
before
Sierra.
It.
A
D
E
Okay,
so
we
are
back
to
network
type
discussion,
so
probably
everybody
remembers
that
the
network
type
stat
has
privacy
issues
and
has
no
consensus
between
implementers.
So
we
touch
shipping
some
result,
but
orden,
these
particular
status,
not
as
much
as
other
stats
to
discuss
this
particular
stat.
It
was
not
clear
whether
the
use
cases
could
be
fulfilled
with
more
private,
neutral
stats
or
not
so
clearly,
we
could
try
to
improve
this
particle
stat
based
on
more
precise
use
cases
and
maybe
come
up
with
a
solution
that
could
ship
in
all
browsers.
E
E
Possibly
this
does
not
require
any
change
to
implementations,
so
implementations
shipping
it
currently
will
be
compliant
and
implementations,
not
even
would
still
be
combined
as
well,
and
once
it's
in
the
extensions
back
could
refine
it.
So
maybe
we
can
sign
more
for
solutions.
Maybe
you
can
remove
some
values
so
reduce
the
granularity.
Maybe
we
can
reduce
the
exposure
of
is
that
only
it
catches
a
bit
granted
only
for
Basilica.
It
can
impair
their.
There
are
different
ideas.
There
yeah
I
think
we
we
should
try
to
work
on
it
in
power,
so.
C
C
It
mostly
contains
stats
that
are
well
defined,
but
but
we
weren't
sure
if
they
were
useful,
so
we
didn't
want
to
add
them
to
the
main
stats
or
it
contains
this
content
type,
one
which
is
based
on
a
RTP
Heather
extension,
which
again
is
well
defined,
but
it
hasn't
been
published
as
an
as
an
as
a
draft.
It's
on
the
right.
C
A
C
E
E
E
E
So
the
first
item
is
to
remove
device
information.
Why
should
we
do
that?
So
one
of
the
issue
is
that
usually
you
can
have
a
website
where
you
will
take
a
photo,
so
you
we
grant
catches,
ready
access
and
the
website
will
use
the
camera
to
take
a
photo
and
that's
all
then
on
next
visits
seems
get
you
Delia
was
granted
device
info
permission
is
granted
and
then
the
device
info
permission
is
granted
for
basically
a
long
time.
E
Sone
user
next
visits,
the
user
did
not
grant
access
to
camera,
but
the
website
knows
all
about
your
device
setup.
So
clearly,
that's
not
great
and
we
could
try
to
improve
things
without
breaking
stuff.
The
second
issue
is
that
device
information
is
very
difficult
to
understand.
I
believe
that
no
browser
is
exposing
it
to
user,
because
nobody
found
a
good
way
to
the
describe
it
in
a
in
a
meaningful
way
to
users.
So
it's
not
controllable
by
users.
E
Users
cannot
actually
say:
oh
I
want
to
remove
device
in
for
permission
or
I
want
to
grant
device
information.
We
can
grant
camera
microphones,
but
not
the
device
info
permission.
Also.
We
also
tried
internally
to
exploit
some
API
to
be
able
to
expose
device
info
permission
and
it
was
actually
a
nightmare.
So
it's
not
only
users.
It's
also
developers
that
are
not
able
to
understand
this
permission.
E
E
The
first
time
you
visit
cases
as
well
so
I
think
we
should
simplify
the
spec
and
simplify
all
of
these
by
replacing
the
device
info
permission
bye-bye
Justin,
into
an
onslaught
that
is
torn
the
page,
so
the
slot
so
there's
a
cure
for
it.
Six
four
one
first
slot
on
the
page
would
be
denied
by
default,
which
means
that
you
do
not
expose
any
information
by
default
and
it's
granted
after
once
a
success
will
get
you
the
media,
call
on
that
page.
E
E
During
the
some
of
the
page,
there
are
at
least
two
to
use
cases,
but
I'm,
aware
of
where
it
might
be
useful
is
when
the
user
is
explicitly
revoking
access,
so
it
will
stop
capture
and
it
will
deny
access
to
the
page,
so
there
it
makes
sense
to
revoke
a
bicycle
access
as
well,
and
the
second
case
is
when
the
page
is
not
capturing
time,
for
instance,
the
user
agent
could
practically
say
you
will
need
to
be
prompted
again
forget
to
the
media.
So
you
will
not.
G
Different
for
that
I
mean
yes
yeah.
The
plan
is
to
do
something
different
right,
so
I
was
wondering
if
we
could
get
the
same
effect
by
instead
of
having
an
internal
slot.
We
already
have
language
on
enumerate
devices
to
filter
out
camera
and
microphone
based
on
feature
policy,
so
I'm
wondering
if
we
could
express
the
the
same
net
effect
by
modifying
it
there.
So
what
so,
so.
G
E
E
E
G
A
C
E
By
the
page
right,
it's
not
something,
but
that
is
not
well-defined
and
that
ends
up
being
implementing
one
way
in
a
browser
and
another
way
in
a
new
browser.
And
then
you
you
have
like
vastly
different
behaviors.
That's
not.
The
idea
of
the
PR
is
to
have
like
something
that
is
very
consistent,
really
implement
and
when
the
repairs
will
understand
it.
G
E
E
E
Next
slide,
so
so
now
that
you
have
removed
this,
there's
still
the
fact
that
we
are
lee
akeem
when
we
are
allowing
some
implementations
to
leak,
whether
camera
or
microphone
into
the
given
system,
then
the
information
might
be
useful.
It's
not
clear
to
me:
it's
actually
useful.
No,
it
might
be
useful.
It's
not
actually
clear
to
me
whether
it's
actually
used
by
web
pages
or
not
so
that
I
don't
know
if
the
page
can
have
a
dedicated
UI.
E
E
We
could
mandate
to
enumerate
always
one
camera
and
one
microphone,
and
when
you
call
catch
me
catch
you,
the
media,
you
are
actually
in
relating
the
fact
that
your
camera
is
gone
just
at
the
same
time.
We
could
make
any
devices
return
an
empty
list
and
then
we
need
to
provide
a
way
to
render
different
you
guys,
let's
just
properties
or
something
like
that-
it's
not
clear
to
me!
Yet
what
we
should
do,
maybe
we
should,
at
the
end
of
the
day,
just
kill
enemy
device
still
and
done
with
it.
E
B
G
D
Hear
what
Harold
said?
Sorry,
oh
I,
think
that
this
makes
sense.
I
mean
it
it's
convoluted
both
knowing
that
what
we
do
is
have
some
degree
of
backwards
compatibility
and
knowing
that
and
trying
to
figure
out
what
requirements
are
each
level
to
to
consider
so
so
I'm
in
favor
of
not
not
trying
to
hurry
up
on
this
one
right.
G
Yeah
yeah
I
think
I
agree.
There's
some
value
I!
Think
in
we've
gotten
this
on
screen
capture
as
well.
That
websites
don't
want
to
have
a
button
for
a
screen
capture.
If
screen
capture
doesn't
work
which
happens
on
Android
devices,
for
example,
so
knowing
whether
you
can
ask
the
user
for
camera
or
microphone
or
not
that's
a
concept,
I
think
is
useful
and
the
spec
does
allow
user
agents
to
turn
off
this
behavior
and
basically,
where
the
user
gets
to
say.
G
G
E
C
Yeah
I
would
like
to
find
that
out
because
I
mean
if,
if,
if
we
don't
have
permissions,
to
show
you
list
of
devices,
then
we
should
shouldn't
pretend
that
we
do
unless
they
think
right
I
mean
unless
we
think
that
the
the
the
pain
working
group
will
agree
to
exposing
this,
but
I
got
the
impression
that
they
are
not
happy
with
expressing
any
of
this
stuff
and
I
don't
see
a
very
compelling
use
case
to
actually
like
yeah,
it's
backwards
compatible.
But
it's
not
really
a
use
case
that
I
would
like
to
support.
E
D
F
D
E
G
I
went
to
taki,
he
died
Oh
on
a
cell
phone
where
I
didn't
have
Android
permission
for
camera
microphone
and
it
would
not.
Let
me
turn
on
camera
or
microphone,
because
the
way
tested
I
had
to
go
to
a
different
web
page
that
just
called
getusermedia
and
then
I
got
the
OS
prompt
and
then
I
went
back
to
talkie
and
then
I
could
click
the
buttons
I
think
they
were
using
some
mechanism
for
detecting,
probably
an
Android
devices,
whether
to
ask
at
all
a.
D
D
A
E
E
I
think
an
action
to
do
that
that
said,
Safari
is
not
supported
in
all
weather,
see
web
sites,
so
it
would
be
cool
if
some
people
on
Chrome
could
do
to
do
it
as
well
in
a
website's
bottom
in
support,
chrome,
okay,
okay,
you
should
69,
so
it
would
have
been
nice
if
we
actually
enforced
user
gesture.
Forget
user
media
from
the
start.
E
We
cannot
do
it
anymore.
It's
probably
not
web
contact
able
to
mandate
it,
but
it
would
still
be
good
to
try
to
to
enforce
it
in
a
few.
In
a
few
cases,
one
issue
that
I
was
made
aware
by
web
developers
is
the
case
where
a
user
enters
a
video
call
user
denies
camera
microphone
access
initially
because
they
only
want
to
listen
and
later
on.
E
Do
you
actually
want
to
ask
the
question
so
they
they
want
to
turn
the
microphone,
but,
of
course,
if
you
do
call
it
user
media,
it
will
be
denied
so
the
constructions
they
have
is
basically
to
reload
the
page.
It
works
in
Safari,
probably
in
Firefox
as
well.
You
can
provide
hints
to
the
user
to
reset
permission
using
the
browser
UI
so
that
that
should
work
in
Chrome
and
Firefox,
probably
in
Safari
as
well
for
an
edge
case,
but
still
it's
it's
it's
not
great.
E
E
E
G
G
C
Well,
while
permissions
and
prompts,
and
all
that
stuff
is
somewhere
in
between
spec
and
and
up
to
the
ground,
sir
I
I
do
think,
like
that
son
like
whether
or
not
you
display
a
prompt
I,
think
will
influence
whether
or
not
people
call
the
API,
so
I
do
think.
All
the
browser's
should
should
do
the
same
in
the
spec
should
like
I
like
this.
G
E
G
E
G
G
So
basically,
a
the
ping
opened
another
issue
which
was
only
reveal
labels
of
devices
users
given
permission
to
because
the
privacy
climate
has
changed
basically-
and
this
goes
beyond
fingerprinting
and
exposing
info
on
all
of
a
user's
devices
beyond
the
granted
ones.
Also
reveals
actual
private
information
to
user,
didn't
intend
to
share
about
what
they
owned
and
what's
I
have
like
that
next
slide.
G
But
hold
on
which
devices
has
used
a
given
permission
to,
and
so
I
actually
found
out
in
both
Safari
and
Chrome.
When
it
says
the
site
wants
to
use
your
camera
and
microphone,
it's
actually
cameras
and
microphones,
plural,
so
you're
sharing
all
your
devices.
It
means
that
not
revealing
labels
would
have
no
meaningful,
no
meaningful
difference
in
Safari
or
Chrome
Firefox.
On
the
other
hand,
by
default
only
gives
you
one
time
permission
to
one
device
now
to
be
fair.
If
you
do
click
the
remember
this
decision,
we
also
grant
to
all
devices
on
next
page.
G
So
the
issue
here
is
Firefox
shares
all
labels
instead
of
all
devices.
So
if
we
take
the
ping
request
literally,
it
would
only
make
Firefox
non-compliant,
which
is
the
most
private
option
and
forcing
it
actually
to
weaken
its
privacy
to
comply
if
it
wants
to
implement
in
content
device
selection
or
it
would
need,
it
would
suffer
a
prompt
like
this,
where
you
just
get
question
marks
from
the
other
devices,
so
I
kind
of
view.
This
as
pink
people
can
see
in
the
window
when
the
reality
is
that
three
out
of
four
houses
are
missing.
G
A
wall
where
people
just
can
see
us
and
walk
in
so
I
think
what
ping
really
means
here
is
that
they
want
a
privacy
by
default
flow,
which
they
posted
an
issue
where
the
site
asks
for
a
category
or
category
of
devices,
and
then
the
browser
prompts
the
user
for
one,
many
or
all
of
the
devices,
and
then
the
site
gains
access
to
only
the
device
and
label
of
hardware
that
the
user
selects.
So
Firefox
mostly
does
this
already
by
default,
but
others
do
not,
and
so
next
slide
is:
how
do
we?
G
G
You
might
want
to
not
want
to
do
that
on
the
initial
prompt,
because
it
could
scare
users,
but
on
Reese
electing
on
changing
your
device
that
might
be
useful
on
mobile
eyes
can
actually
be
tricky
because
most
mobile
devices,
don't
the
hardware,
doesn't
allow
you
to
open
one
more
than
one
device
at
a
time,
and
there
are
tricks
that
a
browser
can
do
that.
Are
hard
to
get
right,
like
temporarily
mute
the
current
device
in
order
to
show
a
preview
of
a
different
device
stuff
like
that
next
light?
G
So
this
is
a
hard
problem
that
we've
currently
foisted
on
sites
and
they
haven't
been
very
productive,
but
then
counter-argument
most
users
have
one
camera
or
they
have
an
easily
distinguishable
front
or
back
camera,
which
you
can
use.
Websites
can
use
constraints
to
find
that
one
so
for
most
users
having
a
selector
is
too
much
information.
So
Firefox
is
worse
on
that
one
next
slide.
G
G
So
this
proposal
here
at
PR
644,
is
to
mandate
a
selector
and
gum
Gettys
media,
like
Firefox,
has,
unless
the
constraints
provided
reduced
to
one
device,
so
this
would
mean
a
following
changes:
if
we
consider
a
user
which
previously
has
persistent
permission
for
camera,
if
you
just
call
get
using
media
video,
true,
you
want
to
get
granted
if
the
user
has
only
one
camera.
Otherwise
you
get
a
selector
if
you
specify
facing
mode.
This
is
how
Firefox
works.
G
G
G
But
the
the
last
line
in
this
table
here
is
where
you
specify
an
exact
device
ID,
for
instance,
with
an
exact
constraint.
In
that
case,
it's
clear
that
the
website
is
only
asking
for
a
specific
device
and
that
reduces
to
approval
denied,
so
browsers
could
have.
Firefox
could
have
a
much
simpler
user
interface
in
that
case,
and
but
it
doesn't
at
the
moment,
it
still
gives
you
a
quite
noisy
selector,
so
gain.
E
D
This
behavior
that
the
user
has
gotten
used
to
a
Nicole
and
a
programmer
asks
has
allowed
for
now.
Now
with
this
it
would
it
it
would
be
proper
pop-up,
a
selector
in
the
middle
of
the
flow
that
is
entirely
a
gratuitous,
since
the
already
has
access
to
all
the
cameras,
there's
no
permission
involved
and
in
the
previous
selection
of
the
that
the
browser
did
was
consistent
for
that
browser
and
those
those
cameras.
So
we're
introducing
the
memory
another
step
in
the
a
in
a
startup
flow,
with
no
benefit
that
I
can
see
the.
G
E
J
G
G
D
G
The
goal
would
be
for
the
spec
if
the
ping,
in
order
to
satisfy
the
ping,
it
has
to
be
the.
If
you
see
I
changed
the
title
here
from
not
the
only
revealed
labels
of
devices
user
has
chosen
because
and
all
the
educate
in
all
the
tricky
cases.
Here
it
wasn't
the
user
that
chose
the
device.
It
was
the
browser.
So
that's
what
this
gets
at.
So
it
doesn't
try
to
mandate
how
to
do
your
UX.
B
A
C
This
would
only
apply
when,
when
you
supplied
constraints
where
multiple
devices
could
potentially
apply,
it's
not
exact.
So
so,
instead
of
the
tiebreaker
being
completely
up
to
the
browser,
you're
saying
that
the
the
tiebreaker
is,
the
decision
actually
picks
in
a
selector
menu
which
cameras
open
well,.
E
G
Right
and
that
gets
tricky
because
all
it
may
be
all
devices
at
the
time
that
the
prompt
is
shown
because
you
haven't
plugged
in
anything,
but
you
could
plug
in
something
after
the
fact
and
in
Access
in
s
access,
2.2
yeah.
So
it's
all
current
and
future
cameras
in
this
session
old
cameras
right
well
in
Chrome,
it's
persistent!
So
it's
all
cameras
forever!
Yeah
I'll
tell
you
look.