[whatwg] Proposal for a web application descriptor

Simon Heckmann simon at simonheckmann.de
Sat Apr 30 00:30:18 PDT 2011 


Am 30.04.2011 um 01:41 schrieb Glenn Maynard <glenn at zewt.org>:

> On Fri, Apr 29, 2011 at 6:40 PM, Simon Heckmann <simon at simonheckmann.de>wrote:
> 
>>> Some challenges include:
>>> 
>>> *  how to justify the request to the user being asked to grant the
>> privileges
>>>    starting with a text string and a link to more information
>> 
>> Well, this is what I thought of: The users visit a website they have never
>> visited before. A notifications pops up allowing them to set all permissions
>> required for this page. The users might not trust the site yet so they do
>> not grant all permissions immediately.
> 
> 
> There's a more common issue: when you ask me for a bunch of permissions at
> once, I don't know why you want them.  This happens constantly with Android
> apps: you install a simple notepad or clock app, and it'll ask for Internet
> access and the ability to make phone calls, and you don't know why.
> 
> This is why--in general--I like the model so far: the user is asked for
> permission in response to actually doing something that uses a feature.  In
> the notepad app, you're asked for permission to access the internet when you
> select "sync notes to your desktop PC"; it's immediately obvious why it's
> asking for it.  (That's an Android example, of course, not a web app
> example.)
> 
> Hopefully the ultimate solution will deal with both, allowing UAs the option
> of asking all at once or on-demand, depending on the situation.  (Some
> permissions inherently have to be asked in advance, like Web Notifications,
> which doesn't happen in response to a user action.)
> 
> -- 
> Glenn Maynard
I agree: That is why the example you quote from my previous mail went on like this:
As the users continue to use the page, the web site could check the status of the permission using javascript and remind the user to rethink his permission settings: "This site would like to access your camera to scan for a barcode. If you want to use this feature, please use the global permissions dialog to set them." This way users that trust/know the application can give permissions directly while others might grant permissions one at the time. Thats why I like the idea of a consolidated dialog. The user could always quicky return to it and maintain all permissions at once.

More information about the whatwg mailing list