W3C home > Mailing lists > Public > public-device-apis@w3.org > June 2011

Re: Bundled Permissions For Web Applications

From: Charles Pritchard <chuck@jumis.com>
Date: Thu, 30 Jun 2011 13:59:51 -0700
Message-ID: <4E0CE3C7.7040003@jumis.com>
To: Dominique Hazael-Massieux <dom@w3.org>
CC: public-device-apis@w3.org
On 6/30/2011 7:31 AM, Dominique Hazael-Massieux wrote:
> Hi,
>
> Robert O'Callahan just published a blog post on the risks/advantaged of
> bundled permissions for Web applications:
> http://weblogs.mozillazine.org/roc/archives/2011/06/permissions_for.html
> recommending overall *against* bundling them.
>
> I thought I would share the link since that's potentially relevant to
> our  work on the permissions API.
>
> Dom
"One wrinkle is that lazy app developers can turn the 'permissions in 
context' model back into the "bundled permissions" model by activating 
APIs up-front and refusing to let the application proceed until all 
requests are granted. My hope is that if most apps don't behave that 
way, users will develop higher expectations and be distrustful of lazy 
apps."

I've made that mistake before, with detection for web storage. It's a 
little tricky, in that,
we want to check to see whether or not the user has Web SQL / FileSystem 
/ IDB storage
enabled and content in it, so we know whether to load that content onto 
the screen.

The obvious fix is to store that information in a less obtrusive place: 
localStorage.
I should have written something like  localStorage.hasSql = true, for 
clients which have enabled
SQL storage during a save/open-file procedure in a prior session.

Feature testing it ahead of time doesn't work, as the feature test may 
trigger a permissions request.


-Charles
Received on Thursday, 30 June 2011 21:00:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:21 GMT