-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add id member in SerialPortInfo #208
base: main
Are you sure you want to change the base?
Conversation
<p> | ||
A serial port is <dfn>identifiable</dfn> if the port can be uniquely | ||
identified through an <dfn>identifier</dfn> across the user agent | ||
restarts while it remains [=logically connected=]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The identifier needs to remain the same even after the device is disconnected and reconnected. Suggesting various ways to achieve this (e.g. using the Windows device interface ID, or USB device IDs and bus topology) would be a good non-normative note.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to clarify, you meant here we should allow the disconnected
and reconnected
, like user unplug and replug to the same location on the system, or just power off/on the device. But we can limit the use case to make sure the device is still plugged to the same location on the system?
Because I thought if we don't enforce location information the same (i.e. same topology), we won't be able to identify a device if the device itself doesn't provide that property, for example, two devices with the same pid, vid, and serial number.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we can limit the use case to devices that are still plugged into the same location on the system OR have a serial number. This is how Windows tracks device identity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, on a second thought, I feel serial number is necessary and location information might be less useful.
I am thinking with the below two cases:
- A device with unique serial number. We can use serial number to identify it no matter which port it connects to.
- Two devices with the same serial number, pid, vid. In this case, even with enforcing location remain the same, the port swapped with the other same identity device doesn't help differentiate one device from the other, making me feel location information doesn't really help. (For example, I tried two web light devices which have the same serial number, and I see they are the same device instance id as long as they are connected on the same port)
In this case, how do you think if I put a non-normative note this way?
<p class="note">
<em>This is a non-normative note.</em><br>
In terms of [=identifier=], device properties like product id, vendor id,
and serial number can be used if presented. However, the UA should not
expose the identity information of the device in plain text in {{SerialPortInfo/id}}.
</p>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will, unfortunately, always be a heuristic. I think treating devices with identical (or missing) serial numbers that are connected to the same port as the same device is a reasonable behavior. After all, Windows has gotten away with it for years.
The "should not" bit should be normative. Exactly which properties of the device are used can be suggested non-normatively.
<li>Return |info|. | ||
</li> | ||
</ol> | ||
<p> | ||
A serial port is <dfn>identifiable</dfn> if the port can be uniquely | ||
identified through an <dfn>identifier</dfn> across the user agent |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There should be a note here similar to the one in Web Bluetooth on this not being a cross-site tracking ID: https://webbluetoothcg.github.io/web-bluetooth/#ref-for-dom-allowedbluetoothdevice-deviceid%E2%91%A1
We may want to update https://github.com/WICG/serial/blob/main/security-privacy-questionnaire.md as well |
This PR proposed an
id
attribute inSerialPortInfo
hoping to address #128.This
id
attribute will only present if there is such an identifier exposed by the system (e.g. combination of pid, vid and serial number, or system identity like device instance id on Windows).