Document should discuss API permissioning #12
Comments
|
The purpose was to think of the mentioned use case in which several permissions are required for an application to work, and see if the user experience could be enhanced using a single global notification asking for several permissions instead of having to manage many ones. If the user attention is asked too many times, he often won't read anymore what is asked and just allow anything It is actually what are kind of doing google, facebook, github and some other during OAuth first connections. My opinion is that the use case is very valid as it can have an impact on security I know (at least I have heard) that we can not impose UI rendering to User agents in such situation, so I'd be even satisfied with a linked W3C Note. The mockup of the proposal still is incomplete to me in that label are not enough to efficiently describe the permissions that are checked. Current notifications use representative icons that I think should probably be added there too to be sure that, if the user didn't want to spend too much time to read (unfortunately real life situation), we gave him another occasion to see what it was about through identifiable pictures |
|
@AMorgaut there is conflicting findings/data/urban-legends(?) about this stuff. I've heard the opposite to what you describe. We basically need to gather the research findings and evaluate the data properly to help make an informed decision. It's going to take a few trips to Google Scholar probably. |
|
BTW. There is a Task Force positions open to investigate this whole area: We are looking for someone to lead it. |
|
Related: w3c/manifest#75 |
Elsewhere, @AMorgaut wrote:
Regarding permissions for Device APIs being listed in the manifest, I thought a previous proposal
and the related discussion on the WHATWG mailing list to which I participated :
may worth a read
The text was updated successfully, but these errors were encountered: