And to confound the problem further, UAs dont have meta-data on hand with which to relate various pieces of local data together and attribute them to a specific user-identifiable 'application'. Everything is bound to a security-origin, but that doesn't clearly identify or label an 'application'.<div>
<br><div class="gmail_quote">On Thu, Aug 27, 2009 at 8:10 AM, Chris Taylor <span dir="ltr"><<a href="mailto:Chris.Taylor@figureout.com">Chris.Taylor@figureout.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">Adrian Sutton said:<br>
> On 27/08/2009 15:47, "Maciej Stachowiak" <<a href="mailto:mjs@apple.com">mjs@apple.com</a>> wrote:<br>
>><br>
>> - Cached for convenience - discarding this will affect performance but not functionality.<br>
>> - Useful for offline use - discarding this will prevent some data from being accessed when offline.<br>
>> - Critical for offline use - discarding this will prevent the app storing this data from working offline at all.<br>
>> - Critical user data - discarding this will lead to permanent user data loss.<br>
><br>
> The only catch being that if the web app decides this for itself, a malicious script or tracking cookie will be marked as critical user data when in fact the user would disagree.<br>
><br>
> On the plus side, it would mean a browser could default to not allowing storage in the critical user data by default and then let users whitelist just the sites they want. This could be through an evil dialog, or just a less intrusive indicator somewhere - the website itself would be able to detect that it couldn't save and warn the user in whatever way is most appropriate.<br>
<br>
</div>This seems to me a better idea than having multiple storage areas (SessionStorage, CachedStorage and FileStorage as suggested by Brady). However this could lead to even more evil dialogs: "Do you want to save this data? Is it important? How important is it?" The user - and for that matter, the app or UA - doesn't necessarily know how critical a piece of data is.<br>
<br>
The user doesn't know because without some form of notification they won't know what the lifetime of that data is (and even if they do they will have to know how that lifetime impacts on app functionality). The UA doesn't know because it doesn't understand the nature of the data without the user telling it. The app doesn't necessarily know because it can't see the wider implications of saving the data - storage space on the machine etc. Catch 22.<br>
<br>
So, to what extent do people think that automatic decisions could be made by the UA and app regarding the criticality of a particular piece of data? The more the saving of data can be automated - with the right level of importance attached to it - the better, saving obtrusive and potentially confusing dialogs, and (hopefully) saving the right data in the right way. Perhaps UAs could notify apps of the storage space available and user preferences on the saving of data up front, helping the app and UA to make reasonable decisions, only asking for user confirmation where an reasonable automatic decision can't be made.<br>
<br>
It's a head-twister, this one.<br>
<br>
Chris<br>
<br>
<br>
This message has been scanned for malware by SurfControl plc. <a href="http://www.surfcontrol.com" target="_blank">www.surfcontrol.com</a><br>
</blockquote></div><br></div>