Re: [w3c/permissions] questions on query() (#124) from Jeffrey Yasskin on 2016-08-30 (public-webapps-github@w3.org from August 2016)

From: Jeffrey Yasskin <notifications@github.com>
Date: Tue, 30 Aug 2016 11:18:30 -0700
To: w3c/permissions <permissions@noreply.github.com>
Message-ID: <w3c/permissions/issues/124/243531361@github.com>

1. If a user has granted access to a device, and then they remove and re-add it, would the site still have permission to access the device? If so, I think its permission state should still be "granted" while it's unplugged. Folks shouldn't assume that having permission to access a device means access will always work. We see this in Bluetooth also: having a live [`BluetoothDevice`](https://webbluetoothcg.github.io/web-bluetooth/#bluetoothdevice) object doesn't mean the device is in range, and you can get `NetworkError`s when trying to reconnect to it.
2. I'm not sure exactly what a device class is—I assume it's like "all devices that produce video streams"? If that's correct, then like in question 1, I think unplugging all devices of a given class shouldn't affect the permission state.
3. The browser should only change the permission state for a device or device class if it has some indication that this is what the user intended to do. That can happen without the user's explicit interaction (for example, the user might want the browser to use a web service to identify untrustworthy sites, and then auto-revoke those sites' permissions), but because it's a reflection of the user's intent, I currently don't think there should be a different signal to the site. I could be wrong there, in which case we could add fields to [`PermissionStatus`](https://w3c.github.io/permissions/#permissionstatus).
4. We have the "ephemeral" model used by Firefox and the "temporary" or "per-realm" model used by Edge and Safari. 
   * In "ephemeral" mode, which you can see by going to https://permission.site/ and clicking "Location" multiple times, `query()` should always return `"prompt"`, because any request for the feature will prompt the user. Once Firefox's https://bugzilla.mozilla.org/show_bug.cgi?id=1270572 is implemented, then `query()` should probably return `"granted"` while a stream is open, and switch that to `"prompt"` when the stream is closed. I won't argue that this permission model makes sense, but I do think `query()` can accurately represent it.
   * In "per-realm" mode, `query()` in realm A should initially return `"prompt"`. If the user grants permission, `query()` should switch to returning `"granted"` in realm A, but stay with `"prompt"` in realm B. If the tab holding realm A is reloaded, which leads to it holding realm C, then realm C's `query()` should return `"prompt"`. Does that make sense? https://github.com/w3c/permissions/pull/114 makes this a little more explicit, but nobody's reviewed it yet.
5. Yes, there's a privacy concern for apps silently detecting a granted permission: https://github.com/w3c/permissions/issues/52. I don't think we've adequately described that issue in https://w3c.github.io/permissions/#privacy-considerations yet. I don't think Chrome and Firefox plan to have `query()` prompt by default to address this, but I'm not certain of that for either browser. There might be a browser-wide setting to turn on such prompts.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/issues/124#issuecomment-243531361

Received on Tuesday, 30 August 2016 18:19:19 UTC