Comment 18 for bug 1224756

I think implementing a limited client is a good midterm goal, but not something for rtm. For rtm I think the most important workflow is achieving mpt's point '1' in comment #14. Ie:
 * app tries to record audio
 * at that point, pulseaudio uses lp:trust-store to see if the user said this app can record audio. If user said 'no' in the past, then don't allow, if user said 'yes', then allow, if user never specified, then prompt using trusted session

Complete isolation between apps is a great goal. I think we can live with an app abusing muting other applications (though it would be good if the dialer could never be muted by another app to make sure emergency calls aren't blocked...). The most important thing in my mind from a security POV is an app silently being able to eavesdrop/spy on the user, which is the case now. With trust-store support, the user will know the app can/will record audio. Ideally we would also have mpt's point '2' in place too so the user is aware that recording is happening.

As for '3', the new camera service will do the same thing as pulseaudio for '1' and ideally '2'.