Re: On Bug 23128 - 'Add an explicit "get access to media" call'

Gili, these are UI design considerations, not JavaScript api considerations. We have stayed away from specifying UI in the spec.

cowwoc <cowwoc@bbs.darktech.org> wrote:
>On 17/09/2013 2:14 PM, cowwoc wrote:
>> On 15/09/2013 8:07 PM, Silvia Pfeiffer wrote:
>>> On Mon, Sep 16, 2013 at 8:54 AM, Harald Alvestrand 
>>> <harald@alvestrand.no> wrote:
>>>> On 09/09/2013 04:02 PM, Stefan Håkansson LK wrote:
>>>>> Putting my chair hat on,
>>>>>
>>>>> the discussion regarding adding an explicit "get access to media"
>call
>>>>> seems to be leaning towards that this is something we should not
>do.
>>>>>
>>>>> Unless more people speak up saying they want this I will close the
>
>>>>> bug,
>>>>> with a comment saying there was not support to add this, later
>this 
>>>>> week.
>>>>>
>>>>> Stefan
>>>>>
>>>> Just to say a final word here:
>>>>
>>>> I feel that the arguments put forward by Anne, Robert and Martin
>are 
>>>> wrong.
>>>> In trying to prevent a particular class of bad application
>behaviours,
>>>> they are taking away the ability to write good applications that
>can do
>>>> what's right for the user.
>>>>
>>>> I believe that having the asking for permissions be an action that
>is
>>>> triggered explicitly by Javascript can give better user interfaces
>to
>>>> better applications than having the triggering of the same asking
>for
>>>> permission be implicit in a Javascript action whose purpose is 
>>>> something
>>>> else can.
>>>>
>>>> We're sacrificing the ability to write great applications in order
>to
>>>> make it harder to write bad ones.
>>>>
>>>> But I accept that my viewpoint, so far, has not found consensus in
>the
>>>> group, and will accept my chair's decision to close the bug as 
>>>> WONTFIX /
>>>> Working as intended, if that remains the position of the rest of
>the 
>>>> group.
>>> I have a gut feeling that Harald is correct, but I don't have any
>data
>>> to make a case yet.
>>>
>>> I hope the group will be open to reconsider introducing an explicit
>JS
>>> permission call in future once we have more experience with the
>>> current interface and whether or not it is sufficient.
>>
>>     I'd like to suggest a possible compromise (borrowing the idea
>from 
>> Java):
>>
>>     We continue prompting the user for individual permissions, but we
>
>> add "Always trust this provider". By the time users get a second 
>> prompt, or visit the site a second time, they are likely to select 
>> this option which basically says "provide this provider with any 
>> permission they ask for".
>>
>>     Users who want fine-grained control get it. Users who couldn't 
>> care less (your typical grandmother)  will suppress all further 
>> checks. I don't think there is a value in asking "your grandmother" 
>> for permissions multiple times because (in my experience) they don't 
>> really read the prompt before confirming (due to user fatigue and
>lack 
>> of technical background) so providing this option isn't really a 
>> security hazard.
>
>     Or (probably even better) we prompt users for one permission at a 
>time, but give them the option to review all permissions and accept
>them 
>at once. It's a hybrid between Harald's proposal and Java's "Always 
>trust this provider".
>
>     It would look something like this: "foobar.com would like to use 
>your Webcam. [Accept] [Reject] [Review all permissions]"
>
>   Clicking on "Review all permissions" would bring up a panel similar 
>to Android, listing all permissions and allowing the user to grant them
>
>all at once.
>
>Gili

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.