tl;dr: I'm back. I'll set up a meeting to continue security discussion.
Apologies for letting this discussion linger, but I'm back now and able to give it full attention. ;-)
So, originally, we were proposing this as a private/whitelisted extension API. And, it's possible that for the short-term we may want to go that route to support the Chrome Media Router for M47.
However, Ben convinced us the feature would be useful as a public extension API and I'd also like to proceed on that front for the long-term. I think the high-level plan there is to start with the public API enabled in dev-channel only and, after it has baked for a few Chrome milestones, launch it for stable-channel.
At this point, there are some lingering issues on the security side of the discussion. I feel I am not fully qualified to vet all of these out on my own, or even respond to some without more context. So, I'd like to meet on VC to talk about them. In particular, I'd like to:
1. Make sure we're already good-to-go for private extension API use (for the Media Router). This would unblock projects and feature launches that would otherwise be stalled in the short-term.
2. Figure out what functionality *can* be securely provided by a public API, and what security mechanisms we would need to have in place (e.g., UI notifications?) to launch a public API.
I'll send out a meeting invite shortly.
Thanks,
Yuri