[whatwg] Proposal for a web application descriptor
Ian Hickson
ian at hixie.ch
Tue Jul 26 14:44:44 PDT 2011
On Fri, 29 Apr 2011, Simon Heckmann wrote:
>
> I have read a lot in the last month about the future of html and web
> applications and I am very impressed by the progress this makes.
> However, I have come across some thing that annoys me: Permissions. I
> know they are important and I know they are needed but currently I find
> this quite inconvenient. And with more and more permissions coming up
> this might get worse so I spent some time thinking about it.
>
> I have written a short document covering my proposal:
> www.simonheckmann.de/download/Proposal.pdf (3 pages, ~200KB)
>
> It should just take only a few minutes to read and includes examples and
> screenshots. I am really looking forward to hearing your thoughts on
> this. Please feel free to share this idea with whomever you want to. If
> you think I should post this proposal somewhere else please say so.
Robert O'Callahan posted a good response:
http://weblogs.mozillazine.org/roc/archives/2011/06/permissions_for.html
In short, the better solution isn't to ask for permissions up-front, but
to ask for fewer permissions. The ideal solution is to not ask for any
permission but to base the permission on a natural user gesture. For
example, drag-and-drop of files to a site doesn't require permissions, but
it is an implicit permission grant. Same with <input type=file>. With
getUserMedia() we are doing something similar: instead of asking for
permission, the user is asked for a specific input to be selected.
Permission grants are a bug.
On Sat, 30 Apr 2011, Glenn Maynard wrote:
>
> I'd wonder what their response is to Android; the problems on that
> platform are obvious. The result is exactly as you say: people end up
> giving up and just accepting everything.
>
> (The permissions request for Skype includes: "read contact data, write
> contact data, coarse (network-based) location, full Internet access, act
> as an account authenticator, manage the accounts list, user the
> authentication credentials of an account, modify/delete USB storage
> contents, change your audio settings, record audio, read phone state and
> identity, disable keylock, modify global system settings, prevent phone
> from sleeping, retrieve running applications, write sync settings, view
> network state, view Wi-Fi state, control vibrator, read sync settings,
> read sync statistics, discover known accounts". It's hopeless; if "take
> out a mortgage on your house" was in there, nobody would notice.)
>
> Of course, asking each of these while using the application would also
> be painfully annoying, and it's not obvious how to make permissions
> meaningful to the user (eg. when you use its feature) while also scaling
> to lots of permissions.
Indeed. The system shouldn't ask for any permissions. For example instead
of reading contact data, it could cause the OS to pop up a contacts list
from which you can pick a contact to give access to it to the app.
On Sun, 1 May 2011, Robert O'Callahan wrote:
>
> Notifications are a particularly hard case for the principle of
> requesting permissions in response to user action, because the whole
> point of notifications is that they happen when the user isn't giving
> the application attention :-).
My proposal for notifications was to have them default to being just
inside the page (nothing that a <div> couldn't do), but that they would
include explicit UI to promote them to full-system notifications; and
vice-versa, so a system notification could be demoted back to just in-page
notification with a similar gesture.
On Tue, 3 May 2011, Cameron Heavon-Jones wrote:
>
> The quantity of permission requests can be managed in an effective
> manner by the agent allowing the user to store their preferences for the
> next command or as a universal setting.
That doesn't work. It might be appropriate for Bing Maps to have access to
my Geolocation information, but I certainly don't want some random blog to
have access to it. Defaults don't work here.
> For web applications to specify their required permissions would seem to
> introduce a duplication of specification. If a web application includes
> an image file upload which the user chooses to capture from webcam,
> first how is the application to know that the user would use a web cam?
There's no need for the app to know. It can just allow the user to upload
a photo, and the browser can offer to use the webcam.
I haven't added anythign to the spec in relation to this proposal.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list