This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
For the purposes of cross-origin constraints, the spec should specify what the origin of Tracks created by gUM is. Possibilities: 1) the origin is the same as that of the requesting page 2) the origin is a special tainted value that will allow the page to display/play the Track, but not access it's contents (no recording, for example. 3) At the webRTC level, we may want to allow the origin to be specified as an identified remote user (in this case, the Track can only be sent to that person.) We also need to consider the question of how the user chooses between these options. Is it UA-specific?
This is addressed by the concept of "Isolated Media Streams", section 4.3.5 of the Feb 18 2014 version of the draft. If a PeerIdentity is given, the content is protected as if it is in a different origin; if no PeerIdentity is given, the content is not protected (as if origin is the same as the requesting page). More controls seem likely to make things more complicated. Closing this bug as WORKSFORME.