On 26/07/2011, at 10:44 PM, Ian Hickson wrote: > Robert O'Callahan posted a good response: > > http://weblogs.mozillazine.org/roc/archives/2011/06/permissions_for.html > > In short, the better solution isn't to ask for permissions up-front, but > to ask for fewer permissions. The ideal solution is to not ask for any > permission but to base the permission on a natural user gesture. For > example, drag-and-drop of files to a site doesn't require permissions, but > it is an implicit permission grant. Same with <input type=file>. With > getUserMedia() we are doing something similar: instead of asking for > permission, the user is asked for a specific input to be selected. > > Permission grants are a bug. >
nice recap and clarity on implicit vs explicit permissions. the concept of asking for permission and how to manage this would seem to remain open for explicit permission grants, the most pressing case being geolocation. might there be more use cases in future? this may open the case for more universal management mechanism through the UA, and potentially a generalized specification? > On Sat, 30 Apr 2011, Glenn Maynard wrote: >> >> Of course, asking each of these while using the application would also >> be painfully annoying, and it's not obvious how to make permissions >> meaningful to the user (eg. when you use its feature) while also scaling >> to lots of permissions. > > Indeed. The system shouldn't ask for any permissions. For example instead > of reading contact data, it could cause the OS to pop up a contacts list > from which you can pick a contact to give access to it to the app. yes, possibly permissions should be viewed not in terms of the resource they may require to access (webcam, mic, printer, etc) but the conceptual user interaction - image\video source, audio source, document serialization, etc... > > On Sun, 1 May 2011, Robert O'Callahan wrote: >> >> Notifications are a particularly hard case for the principle of >> requesting permissions in response to user action, because the whole >> point of notifications is that they happen when the user isn't giving >> the application attention :-). > > My proposal for notifications was to have them default to being just > inside the page (nothing that a <div> couldn't do), but that they would > include explicit UI to promote them to full-system notifications; and > vice-versa, so a system notification could be demoted back to just in-page > notification with a similar gesture. possibly the interaction should not be with the system but the browser. this leaves any system-level integration in full control of the browser and restricts the specification to a single level of abstraction. > On Tue, 3 May 2011, Cameron Heavon-Jones wrote: >> >> The quantity of permission requests can be managed in an effective >> manner by the agent allowing the user to store their preferences for the >> next command or as a universal setting. > > That doesn't work. It might be appropriate for Bing Maps to have access to > my Geolocation information, but I certainly don't want some random blog to > have access to it. Defaults don't work here. the UI concept is that of user preference management, it can apply to permissions, confirmations, or any other user configurable setting. there is no reason geolocation can't be managed in the same way. if i always want bing maps to have access to my location, it would be nice to be able to register that preference. for some random blog that always asks for my location, it would be nice to block it from asking again. it's not defaults, but in-process persistent configuration. >> For web applications to specify their required permissions would seem to >> introduce a duplication of specification. If a web application includes >> an image file upload which the user chooses to capture from webcam, >> first how is the application to know that the user would use a web cam? > > There's no need for the app to know. It can just allow the user to upload > a photo, and the browser can offer to use the webcam. indeed. > I haven't added anythign to the spec in relation to this proposal. > the proposal for a web app descriptor for implicit permissions would seem to be debunked, however the greater question of how to manage the explicit geolocation feature is both still open and an issue being encountered today. what concerns me is the interaction between web application\document and browser shell\chrome which is new territory. the concept of background web pages, introducing notification requirements, is also an area requiring active attention. > -- > Ian Hickson U+1047E )\._.,--....,'``. fL > http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. > Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.' Thanks, Cameron Jones
