[whatwg] Proposal for a web application descriptor

Robert O'Callahan robert at ocallahan.org
Sat Apr 30 02:23:38 PDT 2011

On Sat, Apr 30, 2011 at 11:41 AM, Glenn Maynard <glenn at zewt.org> wrote:

> This is why--in general--I like the model so far: the user is asked for
> permission in response to actually doing something that uses a feature.  In
> the notepad app, you're asked for permission to access the internet when
> you
> select "sync notes to your desktop PC"; it's immediately obvious why it's
> asking for it.  (That's an Android example, of course, not a web app
> example.)
Hopefully the ultimate solution will deal with both, allowing UAs the option
> of asking all at once or on-demand, depending on the situation.  (Some
> permissions inherently have to be asked in advance, like Web Notifications,
> which doesn't happen in response to a user action.)

The application could have a settings page with a checkbox "Enable desktop
notifications". When you click on that box, the browser shows its (passive,
asynchronous) UI for enabling desktop notifications for that application.

Asking for specific permissions in the context of a user action is the only
model that makes sense to me. When applications ask for a big bundle of
permissions in advance, how can I as a user know what to do? I'm sure to get
into a habit of either blindly denying the permissions (crippling
applications), or granting the permissions (terrible for security).

While some Mozilla developers may think "big bundle of permissions" is a
good idea, others such as me do not.

"Now the Bereans were of more noble character than the Thessalonians, for
they received the message with great eagerness and examined the Scriptures
every day to see if what Paul said was true." [Acts 17:11]

More information about the whatwg mailing list