[whatwg] Proposal for a web application descriptor

Glenn Maynard glenn at zewt.org
Fri Apr 29 16:41:18 PDT 2011


On Fri, Apr 29, 2011 at 6:40 PM, Simon Heckmann <simon at simonheckmann.de>wrote:

> > Some challenges include:
> >
> >  *  how to justify the request to the user being asked to grant the
> privileges
> >     starting with a text string and a link to more information
>
> Well, this is what I thought of: The users visit a website they have never
> visited before. A notifications pops up allowing them to set all permissions
> required for this page. The users might not trust the site yet so they do
> not grant all permissions immediately.


There's a more common issue: when you ask me for a bunch of permissions at
once, I don't know why you want them.  This happens constantly with Android
apps: you install a simple notepad or clock app, and it'll ask for Internet
access and the ability to make phone calls, and you don't know why.

This is why--in general--I like the model so far: the user is asked for
permission in response to actually doing something that uses a feature.  In
the notepad app, you're asked for permission to access the internet when you
select "sync notes to your desktop PC"; it's immediately obvious why it's
asking for it.  (That's an Android example, of course, not a web app
example.)

Hopefully the ultimate solution will deal with both, allowing UAs the option
of asking all at once or on-demand, depending on the situation.  (Some
permissions inherently have to be asked in advance, like Web Notifications,
which doesn't happen in response to a user action.)

-- 
Glenn Maynard



More information about the whatwg mailing list