- From: Léonie Watson <tink@tink.uk>
- Date: Mon, 4 Jun 2018 18:04:36 +0100
- To: Tom Ritter <tom@ritter.vg>
- Cc: Webapps WG <public-webapps@w3.org>
On 01/06/2018 14:51, Tom Ritter wrote: > Took me a bit, but I opened github issues. Many thanks Tom, this is really useful and very much appreciated. > > On 19 May 2018 at 12:15, Léonie Watson <tink@tink.uk> wrote: >> >> On 18/05/2018 19:41, Tom Ritter wrote: >>> >>> Hi all, I've been working to review the draft and have questions. I >>> think some of these might be able to be turned into issues on github >>> but I wanted to start a discussion first. >> >> >> Thanks Tom. We appreciate you taking time to review this. >> >>> >>> 1) I have read in the past that the id field sometimes contains things >> >> >>> like a serial number. Obviously this presents a very persistent >>> tracking identifier. >>> >>> Mozilla says: in Firefox it will contain three pieces of information >>> separated by dashes (-): >>> Two 4-digit hexadecimal strings containing the USB vendor and product >>> id of the controller >>> The name of the controller as provided by the driver. >>> https://developer.mozilla.org/en-US/docs/Web/API/Gamepad/id >>> >>> How is this exposed in other browsers? It seems like it would be >>> advantageous to require this string to _not_ contain uniquely >>> identifying information and to Non-normatively suggest an algorithm to >>> do so. >> >> >> It sounds as though this one has been answered with Florian's help. For the >> rest I'd suggest opening Github issues because that's where we get most work >> done these days. >> >> I'm happy to transfer them if it'd be helpful? >> >> Léonie. >> >> >> >> >>> >>> 2) I'm confused by getGamepads: >>> >>> a) why, in the example, is there a leading 'null'? Is it indicating >>> there are two gamepads but not giving you information about the first >>> one? Why? >>> b) "Gamepads MUST only appear in the list if they are currently >>> connected to the user agent, and at least one device has been >>> interacted with by the user." - that's great. But what does >>> "interacted with by the user" mean? Ever since process start? For this >>> origin? >>> >>> 3) Gamepads are in the long tail of things that make the web a great >>> experience but are used very infrequently. Can this API be designed to >>> support a permission by making things like getGamepads async? UAs >>> don't _need_ to implement a permission, but with synchronous APIs it >>> becomes _impossible_ to gate releasing user information via a >>> permission. >>> >>> 4) There doesn't seem to be any information about gamepadconnected and >>> disconnected as it relates to 'device has been interacted with by the >>> user'. If I plug in a device, will my origins receive the connected >>> event? And then will every origin subsequently visit be able to query >>> my game pad because I interacted with it? >>> >>> >>> -tom >>> >>> On 17 May 2018 at 03:28, Léonie Watson <tink@tink.uk> wrote: >>>> >>>> Hello Web Security, >>>> >>>> We would welcome your review of the Gamepad API specification [1], as >>>> part >>>> of our wide review before transitioning to Candidate recommendation (CR). >>>> >>>> If there are any issues arising from your review, please file them on the >>>> Gamepad Github repo [2], and apply the "wide review" and "security" >>>> labels >>>> to each issue. This will help us track your comments and respond >>>> accordingly. >>>> >>>> If there are no issues arising from your review, please let us know by >>>> reply >>>> to this thread. >>>> >>>> We would appreciate your comments no later than Friday 27th June 2018. >>>> Thank >>>> you. >>>> >>>> Léonie on behalf of the WebPlat Chairs and Gamepad Editors >>>> [1] https://www.w3.org/TR/2018/WD-gamepad-20180508/ >>>> [2] https://github.com/w3c/gamepad/issues/new/ >>>> >>>> -- >>>> @LeonieWatson @tink@toot.cafe Carpe diem >>>> >> >> -- >> @LeonieWatson @tink@toot.cafe Carpe diem -- @LeonieWatson @tink@toot.cafe Carpe diem
Received on Monday, 4 June 2018 17:05:05 UTC