Re: [Powerbox] New draft based on further collaboration and prototyping from James Salsman on 2010-06-04 (public-device-apis@w3.org from June 2010)

From: James Salsman <jsalsman@gmail.com>
Date: Fri, 4 Jun 2010 13:49:00 -0700
To: Kenton Varda <kenton@google.com>
Cc: Tyler Close <tyler.close@gmail.com>, public-device-apis@w3.org
Message-ID: <AANLkTinXHsfipBrZHivKAQVEDbp1tfwzyHxSZ4XLRg-8@mail.gmail.com>

On Fri, Jun 4, 2010 at 10:59 AM, Kenton Varda <kenton@google.com> wrote:
> Sorry for the delay; I was on vacation.
> On Thu, May 27, 2010 at 2:17 PM, James Salsman <jsalsman@gmail.com> wrote:
>>
>> On Wed, May 26, 2010 at 5:15 PM, Kenton Varda <kenton@google.com> wrote:
>> > On Wed, May 26, 2010 at 4:19 PM, James Salsman <jsalsman@gmail.com>
>> > wrote:
>> >>
>> >> I, for one, would feel a lot more comfortable if there was a MUST
>> >> normative direction to provide a way for users to browse, and rescind
>> >> at their option, all of their granted permissions, without having to
>> >> depend on a provider's home interface.
>> >
>> > Are you hoping for this to work without communicating with the
>> > provider's
>> > server at all?
>>
>> I think so.  Why would that be difficult?  Do you contemplate
>> recording a list of "provided resource URL"s in the user's browser?
>> Why can't they be annotated with a human-readable description and the
>> customer sites for which they provide access, and listed, each with a
>> "revoke" button or link which would cause access to the resource to
>> fail if selected?
>
> The problem is that in the current proposal, the provision is an arbitrary
> message sent from the provider to the customer.  It is likely to contain
> URLs which the customer will then use to contact the provider directly.
>  Such communication is not obliged to go through the browser, and thus the
> browser has no way of revoking such communication without the cooperation of
> at least one of the two sites.

I'm sorry, I read the proposal, but I thought the customer was a
person, not a site.  Would you please explain the sense in which you
are using the word customer?

Do you think that the DAP policy document allows situations in which
permissions can not be revoked?  It seems to me that it does not, but
my interpretation of the implications stated and diagrammed in could
be flawed.

> We assume that at least the provider is interested in cooperating with the
> user's wishes....

Is such an assumption safe over time?  Facebook's privacy policy
changes are a useful example in the news.

> So, to revoke grants, we must talk to the provider.

What do you contemplate as the ideal failure mode when a USB webcam
which had been requisitioned under powerbox is unplugged?

Received on Friday, 4 June 2010 20:49:28 UTC