W3C home > Mailing lists > Public > public-device-apis@w3.org > June 2010

Re: JavaScript Permissions interface in WebApps

From: Doug Turner <dougt@dougt.org>
Date: Mon, 28 Jun 2010 14:31:02 -0700
Cc: <dom@w3.org>, <public-device-apis@w3.org>
Message-Id: <8F01AF8D-A781-4515-A521-29CFD0EFCAD4@dougt.org>
To: <Frederick.Hirsch@nokia.com> <Frederick.Hirsch@nokia.com>
Hey Frederick,

On Jun 28, 2010, at 2:17 PM, <Frederick.Hirsch@nokia.com> <Frederick.Hirsch@nokia.com> wrote:

> Doug
> 
> Yes I think your message does help indeed.
> 
> I think we are talking about something completely different!
> 
> I *think* what you are saying is, an app would like to know whether a given feature requires a user dialog, it can use checkPermission to find out. If checkPermission returns TRUE then a user dialog is needed for the feature, otherwise not.
> 
> I'm looking at a different point of view, saying if an app wants to use geolocation for example,  it will either be allowed to or not (perhaps via permissions that do not require user interaction). Thus when attempting to call that method, it might be denied (thus the browser in  this case acts as a policy enforcement point, and how the decision is reached is a policy decision).
> 
> Thus I was thinking that checkPermission would return whether or not the application is allowed to perform the method. This is different than returning an indication of whether the UI will interact with the user for permission.
> 
> Do I have the distinction correct?

These viewpoints are not all together different, are they?

There are tree states:  allowed, disallowed, and unknown.

The unknown case would most likely bring up a UI in Firefox.  The other states talk about if an application is allowed to use a particular feature.  checkPermission could return 'false' stating that the application is not allowed to preform some action... maybe because the user has previously disabled this feature (like opt'd out of gelocation).  Maybe these we previously set by the user, maybe they are just defaults in the UA.... but how they got set is really an implementation detail.


>> It would be useful if a website would know if firefox would bring up a UI before invoking either of these features
> 
> If so, how is checkPermission useful to an application, since if it needs a feature, well, it needs it... How is it useful for a website to know?
> 
> (Rather than calling it checkPermission, requiresUserConsent might be clearer.)

Yeah, bikesheding...  and I don't like that color.  :-)


Regards,
Doug Turner
Received on Monday, 28 June 2010 21:31:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:10 GMT